In my last blog post, I discussed the emerging importance of coworking spaces in the post-industrial workforce.  In this part two of the series, at the risk of bursting this utopian post-industrial bubble, I set out some of the more pressing employment law issues with coworking spaces:  confidential information, data security, privacy and ownership of content.

Continue Reading Coworking Part 2: Data & Privacy Risks

For the last many centuries, workers have gathered together in the same workplace because they were paid and employed by the same employer, and because that’s where the work was.  It didn’t really matter if you had anything personally in common with your co-workers, and you certainly didn’t have to be inspired or motivated by them.  But you did have to show up at the bricks and mortar workspace to do the work and get your paycheque.@85KingEast insTED Talk on Jan 28 2014 with founder Roger Brennikmeyer and speaker Nick van Weerdenburg from Ranglio.io

Technology and the explosion of the entrepreneurial economy have changed all that.  Work for many is where our computer can hook up to a signal and get access to documents in the cloud.  That means work can be anywhere for many pockets of our post-industrial workforce.

This is the first part of a 4 part series looking at the coworking world:  (1) what it is; (2) what are the data & privacy risks; (3) what are the human risks; and (4) how to manage your employees who may be working out of a coworking space.

Continue Reading Coworking Part 1: Turning the Workplace Upside Down

The 2013 Clawbies winners were announced on December 31, and I am humbled and so very grateful to the readers that nominated my blog.  I am happy to write that this blog was selected for a Best Practitioner Blog in Canada award.

More importantly, however, is the chance to explore what blogs are out there.  I subscribe to many blogs through my Feedly, but there are new ones popping up every day.  The Clawbies Awards are such a great opportunity to check out blogs that may have missed my radar.

A huge thanks to the adjudicators that volunteered their time to organize and review this year’s Clawbies Awards.

Here’s a summary of Canadian law blogs you may want to check out.  A full description of each blog is at www.clawbies.ca.

Continue Reading Canadian Law Blogs to Check Out

Looking for a bootcamp on important cases from 2013?  Here are a few of my favourite Canadian bloggers and their top 5-10 cases from 2013.  There is some overlap, but also a good range of cases to highlights how law can be much more of an art than a science.

Feel free to comment if you think an important case was overlooked in any of the above lists.

 

Other great top 10 type lists to check out:

 

Happy Reading – and may 2014 treat you all well.

 

 

It’s Clawbies Season again!

When I started my blog in 2009, I could count on one hand my employment law blogging compatriots in Canada.  There are some excellent marketing departments now pushing out all kinds of content, but I remain sentimental for the independent blogger blogging for the love it, for the opportunity to connect with colleagues and clients, and yes, to raise profile within the growing audience of blog readers.

When reflecting on which blogs are deserving of a Clawbie, I have arbitrarily, unscientifically and completely subjectively based my decisions on the following criteria:

  • I prefer independent bloggers writing with their own voice, sweat and tears (not a series of posts ghost written by a marketing department or articling student);
  • I am an employment lawyer, so will have a natural bias for bloggers in my area of practice; and
  • I love passionate writing – I tend to write more neutrally in the otherwise polarized employment world, and appreciate the courage in others to rage against the system/worker/institution/judge/The Man/the jerk on the bus, etc.

My 2013 Clawbies Nominations

Based on my above criteria, here are my nominations:

1.     Law of Work – You can’t get more passionate then Professor Doorey’s lefty legal rants.  There is no ambiguity around his politics, he’s a colourful writer, always engaging, and full of useful, interesting, helpful commentary on the law.  I may not always agree with him, but still love reading his posts.  (I feel like this is a wasted nomination, since everyone else will also vote for him.)

2.     MacLeod Law Firm –  Doug MacLeod and his new associate Nicole Sims write in a succinct, practical manner that cuts to the point and provides useful day-to-day information for the real world.   He skips all the legal theory, keeps his post short, regular and topical.  I hope to be as disciplined with my posts when I grow up.

3.     Employment Law Blog for the Suddenly Unemployed – I don’t know how he does it, but Sean manages to push out all kinds of useful content, is topical, opinionated, passionate and colourful – everything I love in a blogger.  He popped onto the scene in 2012 and has continued to deliver top quality content throughout.

4.     South of the Border Choice:  Molly DiBianca at the Delaware Employment Law Blog is the real deal.  She’s an original legal blogger and set the tone for many of us in the early years.  She writes with a unique flare and always keeps it always engaging.

Runner’s Up:

1.     First Reference – I nominate them every year, but Yosie Saint-Cyr and her team are always putting out such high quality analysis.  I have focused on individuals for my top three, but there is no doubt that Yosie’s writing and legal talent should keep her at the top of the list.

2.    Canadian Privacy Law Blog – David Fraser is a national expert in his area, and blogs with an impressive, high quality frequency that puts most of us to shame.

Good luck to all my colleagues, friends and fellow bloggers.  I look forward to learning about a new list of blogs I should subscribe to.

Happy reading to everyone!

On January 1, 2014, private sector employers with 50 or more employees in Ontario face the next round of compliance requirements under the Accessibility for Ontarians with a Disability Act, 2005 (“AODA”). 

Most organizations have already complied with the AODA Customer Service Regulation.  The AODA Integrated Accessibility Regulation  (“IAR”) sets out the followings requirements to be met in the new year by “Large Organizations”, defined under IAR to include private sector employers with 50 or more employees:

1.     Accessibility Policies:  Large Organizations must develop, implement and maintain policies governing how the organization achieves or will achieve accessibility through meeting its AODA requirements.  The policy must be in writing and include a statement of organizational commitment to meet the accessibility needs of persons with disabilities in a timely manner.  The policy must be publicly available, and provided in an accessible format upon request. 

2.     Multi-Year Accessibility Plan:  Large Organizations must establish, implement, maintain and document a multi-year accessibility plan, which outlines the organization’s strategy to prevent and remove barriers and meet its AODA requirements.  The plan must be reviewed and updated at least once every five years.  The company must post the accessibility plan on the company’s website, and if requested, provide the plan in an accessible format. 

3.     Self-Service Kiosk:  Large Organizations should review any “self-service kiosk” to determine whether the kiosk is accessible to a person with a disability.  A kiosk is defined to mean “an interactive electronic terminal, including a point-of-sale device, intended for public use that allows users to access one or more services or products or both.”  This will likely capture all self-service online job application and career websites, as well as any other “interactive electronic” parts of an organization’s website or online presence.  The IAS requires Large Organizations to have regard to the accessibility for persons with disabilities when designing, procuring or acquiring self-service kiosks, and to consider how to ensure people with disabilities can use the kiosks independently and securely. 

4.     Accessible Websites and Web Content:  Large Organizations are required to make their internet websites and web content conform with Level A of the World Wide Web Consortium Web Content Accessibility Guidelines (WCAG) 2.0.  More details (for the company’s IT team) can be found at http://www.w3.org/WAI/intro/wcag.   The requirements apply to (a) websites and web content, including web-based applications, that an organization controls directly or through a contractual relationship that allows for modification of the product; and (b) to web content published on a website after January 1, 2012.  While only public sector organizations are specifically required to make their intranet accessible, large private employers should be aware of those internal sites that will be captured under the future employment standards accessibility requirements.  In many cases, it will be cost-effective to consider the wider range of website material.

The above is intended only to be a brief checklist and overview summary.  If your organization has any questions about complying with AODA or would like to start planning for the additional requirements that will continue to roll out over the next couple of years, do not hesitate to contact me to discuss further.

There is no doubt that we are in the midst of a massive shift in how we consume information and how we communicate with each other.  And there is also no doubt that those under 20 who grew up not knowing any different will have a very different kind of comfort around the online universe. 

Defining Online Privacy

Privacy is in the eyes of the beholder – for the very young, there is a tendency to continue to engage in frequent, open online interactions while asserting privacy rights around those online comments.  For many people over a certain age (50? 60? 30?), this is totally ridiculous.  You post it and it’s public.  Yet a typical Boomer would be appalled if someone listened into his or her conversation at a restaurant or at a public fountain. 

When so much of our personal life’s interactions are online, why not start to carve out the same sort of privacy we demand offline? The permanency of the written record only makes it more essential to think critically about what to do with all that information, not to just throw our hands up and give up.

The “public” status update may be online, but does that entitle the universe to act on that information to harm me, particularly when I’ve signaled my intention to maintain privacy over certain information through my privacy settings?  Whether or not it’s easy or possible to access and act on information, should we not set some re-defined, socially acceptable (and legal) parameters around online information?

Online Privacy in the Workplace

This is the core of the privacy dilemma that employers face.  In most US States, there is simply no expectation of privacy in the workplace, so employers have more flexibility around how to act upon their employee’s online information. 

In Canada and Europe, however, employees have varying degrees of a right to privacy on their workplace computer and in their online life generally.  Employers do not have any inherent right to read an employee’s Facebook page and discipline them for unpleasant or unpopular comments, subject to various legal tests such as the degree of economic harm on the employer’s business. 

It is legal in Canada, therefore, to be a total jackass online, and it is difficult to terminate an employee because of their online life, unless your employee is otherwise breaking the law or an enforceable workplace policy, bad-mouthing the employer’s business or exercising poor behavior that specifically intersects with the job’s reputational management concerns (e.g. a firefighter being sexist or a daycare worker writing hateful comments about children). 

Freedom of expression is, after all, a constitutional right in Canada.

Online Privacy in the Modern Economy

I anticipate that the generation growing up with the online world as simply an extension of their physical world – and not a public soapbox with different rules than in a restaurant or by the public fountain – will continue to carve out privacy rights in a way that makes sense to them and the online aspects of their daily, hourly lives.

Many proclaim that privacy is dead and we may as well either get over it or go off the grid.  The latter is not an option if you want to participate in the economy.  But giving up all privacy must surely bristle against human nature. 

The Desire for Privacy Won’t Die

My unscientific sense is that most of us inherently crave some amount of privacy.  Whether it’s to shield our imperfections from friends and family, to explore business or artistic ideas quietly, or to develop a potential romance without everyone staring and critiquing, the desire for privacy will not die anytime soon. 

We just have to figure out how to nurture and assert privacy parameters in the modern economy and online world.  And employers will have to continue to pay attention to this massive shift happening beyond the workplace to figure out how to handle expectations of privacy in the modern workforce.

I’d love to hear from you if your workplace has figured out the balance, or if you want to brainstorm about privacy policies that might help ease the way to the modern, online, e-information packed economy.

 

 

On Wednesday, the Canadian federal government introduced Bill C-13, a ‘new’ cyberbullying bill to address the increasingly harmful effects of intimate images going viral online.  The cyberbullying proposals are part of a wider omnibus bill that amends a few acts, including the Criminal Code and Evidence Act. 

Many of the cyberbulling provisions are in fact similar to provisions in Bill C-30 that was introduced in February 2012, but that was withdrawn due to the public opposition over the extent to which ISPs would have been required to hand over customer information.  For further commentary, here’s a good summary of critique on the bill by CBC journalist, Andre Myers.

Parliament’s summary of Bill C-13

This enactment amends the Criminal Code to provide, most notably, for

(a) a new offence of non-consensual distribution of intimate images as well as complementary amendments to authorize the removal of such images from the Internet and the recovery of expenses incurred to obtain the removal of such images, the forfeiture of property used in the commission of the offence, a recognizance order to be issued to prevent the distribution of such images and the restriction of the use of a computer or the Internet by a convicted offender;

(b) the power to make preservation demands and orders to compel the preservation of electronic evidence;

(c) new production orders to compel the production of data relating to the transmission of communications and the location of transactions, individuals or things;

(d) a warrant that will extend the current investigative power for data associated with telephones to transmission data relating to all means of telecommunications;

(e) warrants that will enable the tracking of transactions, individuals and things and that are subject to legal thresholds appropriate to the interests at stake; and

(f) a streamlined process of obtaining warrants and orders related to an authorization to intercept private communications by ensuring that those warrants and orders can be issued by a judge who issues the authorization and by specifying that all documents relating to a request for a related warrant or order are automatically subject to the same rules respecting confidentiality as the request for authorization.

The enactment amends the Canada Evidence Act to ensure that the spouse is a competent and compellable witness for the prosecution with respect to the new offence of non-consensual distribution of intimate images.

It also amends the Competition Act to make applicable, for the purpose of enforcing certain provisions of that Act, the new provisions being added to the Criminal Code respecting demands and orders for the preservation of computer data and orders for the production of documents relating to the transmission of communications or financial data. It also modernizes the provisions of the Act relating to electronic evidence and provides for more effective enforcement in a technologically advanced environment.

Lastly, it amends the Mutual Legal Assistance in Criminal Matters Act to make some of the new investigative powers being added to the Criminal Code available to Canadian authorities executing incoming requests for assistance and to allow the Commissioner of Competition to execute search warrants under the Mutual Legal Assistance in Criminal Matters Act

When addressing the dispute at a union’s picketline, which interest trumps:  your individual right to privacy or a union’s right to freedom of expression?

This morning, the Supreme Court of Canada (“SCC”) released a seminal case that aggressively concludes that the union’s constitutional right will prevail over an individual’s privacy rights arising out of the Alberta Personal Information Protection Act (“PIPA”):  Information and Privacy Commissioner of Alberta, et al v United Food and Commercial Workers, Local 401.

The SCC struck down PIPA in its entirety, giving the Alberta legislature a year to amend the statute to comply with this ground-breaking decision.

The Facts on the Picketline:

  • During the UFCW’s 305-day lawful strike in front of an Alberta casino, both the employer and union recorded and took photos of individuals crossing the picketline;
  • The union posted signs in the area of the pickline that images of persons crossing the picketline might be placed on a website called www.casinoscabs.ca;
  • No recordings of the complainants were placed on the website referred to in the signs posted around the picketline.

The Privacy Complaint

Several individuals who crossed the picketline complained to the Alberta Information and Privacy Commissioner that their privacy had been violated.  One of the individuals who filed a complaint was the casino’s Vice-President, who complained that his image had been used in union materials, leaflets and a poster displayed at the picketline.

The individuals argued that the union contravened PIPA by collecting, using and disclosing their personal information (i.e. the recordings and photographs) without consent.

Section 2(b) of the Charter

The union responded to the complaints by asserting its constitutional right to freedom of expression under section 2(b) of the Canadian Charter of Rights and Freedoms (“Charter“).  The union argued that the purpose of collecting the information had core labour relations purposes, including informing union members and the public about the strike; dissuading people from crossing the picketline, and creating training material for union members.

Adjudication

Under Alberta law, the Privacy Commissioner does not have the authority to decide constitutional questions of law, and so the Adjudicator was prevented from deciding on whether the union’s Charter Right to freedom of expression trumped the individual’s privacy rights.

The Adjudicator did, however, very nicely lay the foundation for all three upper courts to find in favour of the union.  The Adjudicator concluded that the purposes for making the recordings and photos promoted the underlying purpose of the strike, namely to achieve labour relations’ resolutions in favour of the union.

The Adjudicator further concluded that the collection, use and disclosure of the information was for an “expressive purpose”, which feeds the upper courts helpful factual findings and conclusions, and draws upon the line of cases that support the union’s Charter rights.

The Appeals

The Adjudicator’s decision was judicially reviewed, argued at the Court of Appeal, and ultimately heard by the SCC.  All three upper courts, now having access to the Charter arguments, agreed that the union’s Charter rights prevailed over PIPA.

Here’s a summary of the SCC’s conclusions:

  • PIPA’s exemptions (such as a journalistic purpose or a possible investigation or legal proceeding) that could have permitted the collection, use and disclosure of information without consent did not apply to the union’s activities in this case.  The SCC found that since no exemption applied to the union’s activities, PIPA’s application was too broad, restricted the union’s right to freedom of expression and thus violated the union’s Charter rights.
  • Once the Charter violation was found, the SCC then analyzed whether the restriction on the union’s right to freedom of expression is justified in a free and democratic society (i.e. the section 1 Charter analysis).  The SCC concluded that while PIPA’s provisions are rationally connected to its objectives to protect privacy interests, “its broad limitations on freedom of expression are not demonstrably justified because its limitations on expression are disproportionate to the benefits the legislation seeks to promote.” (paragraph 18 of the decision)
  • PIPA’s limitations on the collection, use and disclosure of personal information without consent did not give sufficient regard to the nature of personal information (these were images of people in public), purpose (to further the Union’s Charter right to freedom of association under section 2(d)), or context (lawful picketline).
  • Drawing on a long line of cases, the SCC reiterated that freedom of expression in the context of a lawful labour dispute is an “essential” component of labour relations.
  • The SCC concluded:

[37] PIPA imposes restrictions on a union’s ability to communicate and persuade the public of its cause, impairing its ability to use one of its most effective bargaining strategies in the course of a lawful strike. In our view, this infringement of the right to freedom of expression is disproportionate to the government’s objective of providing individuals with control over personal information that they expose by crossing a picketline.

Status of PIPA

Upon the request of the Alberta Information and Privacy Commissioner and the Attorney General, the SCC did not cherry pick which provisions of PIPA violate the Charter.  Rather, the SCC struck down PIPA in its entirety, declaring PIPA to be invalid as of 12 months from today.  This gives the Alberta legislature time to revise and correct the legislation.

What about outside of Alberta?

While this case is huge news for privacy law in Alberta, it is also a seminal case for the rest of Canada.  This case clearly and unambiguously concludes that any Canadian union’s Charter right to freedom of expression on a pickline will trump individual privacy rights.  Although privacy rights are deemed quasi-constitutional throughout the case law, there is no “quasi” to the constitutional rights of the Charter.

Employers and individuals crossing picketlines are not protected by privacy laws, and must govern themselves accordingly.  Whether you call individuals crossing a picketline a “scab” or “replacement worker”, the union’s Charter rights will permit images of people at the picketline to be taken and posted, provided the purpose is connected to labour relations.

 

Last week, I conducted a workshop on implementing a successful “Bring Your Own Device” (BYOD) program at the Canadian Institute’s Privacy Law & Compliance Conference.  I met a wonderful group of privacy experts who had plenty to contribute to the discussion.

We talked about the benefits, risks and costs of permitting employees to use their personal device to perform work-related tasks, which typically includes accessing the company’s network.  Over half the group was in the public sector and regularly handled very sensitive, confidential personal information.

The private sector attendees in the group had an equally strong concern about protecting highly sensitive and confidential business information.  At the end of the day, most organizations, regardless of how open they may or may not be, require a certain level of security around their data, intellectual property and personal information.

So how to implement a successful BYOD program?

 

 

Continue Reading Implementing a Successful BYOD Program