The posting of a YouTube video of a woman throwing a tantrum at the Hong Kong International Airport should serve as a reminder to Canadian businesses that employees these days can (and do) easily record and post videos online from their mobile phones.
The three minute video shows a Cathay Pacific customer yelling and flailing her limbs as she lies on the floor after missing her flight from Hong Kong to San Francisco. I’ve been upset at missing a flight before, but the woman in this video takes things to an entirely new level. The video has drawn over five millions views and nearly 21,000 comments, which has resulted in some incredibly cruel and objectionable online commentary about the woman. Since the release of the video, Cathay Pacific has disciplined the gate worker who recorded the video on his mobile phone (although the video was posted on YouTube by a third party) and the company has issued a formal apology to the woman.
The video is noteworthy because it demonstrates the power of new technologies such as YouTube and the corresponding risks to Canadian businesses. Had the video been recorded by an employee of a Canadian business, subject to Canadian privacy laws, the potential privacy complaint and/or lawsuit by the woman in the video could have been substantial.
Canadian businesses should be reminded of the need to protect against the dissemination of this type of video through employee privacy training and the adoption and enforcement of privacy policies and procedures.
Canadian businesses don't need to look too far to find examples where more effective employee privacy training may have mitigated, or even prevented, privacy complaints.
A case in point was the high profile finding by the Office of the Privacy Commissioner of Canada (OPC) against TJX Companies Inc., the parent company of HomeSense and Winners. The OPC noted that the massive data breach was caused by inadequate encryption software which didn't protect the company's wireless network. New software had apparently been purchased by the company a year prior, but employees of TJX had not installed the programming on a timely basis.
In 2008 a laptop computer containing the personal information of over 800 customers was stolen from the office of a bank employee. The computer was left unmonitored and unsecured in an area of the office that was easily accessible to the public. In the resulting finding, the OPC stressed the importance of procedural safeguards and the need to periodically re-educate employees on privacy policies and procedures.
Another example occurred when a bank's customer learned that his personal banking information was found in a recycling bin. Two employees who were cleaning out the desk of a former employee had placed the documents in the recycling bin, rather than ensuring the information was shredded. This situation (and many others) may very well have been prevented had the respective employees been better educated in the area of privacy.
Canada's Privacy Commissioner, Jennifer Stoddart, recently gave a speech which addressed the importance of employee privacy training. In her remarks, Stoddart cited research from 2007 that reported that only one-third of Canadian businesses polled had conducted employee privacy training. Furthermore, Stoddart demonstrated that over half of the complaints received by the OPC could have been prevented had there been adequate employee privacy training.
Pro-active businesses are hearing the message loud and clear. Privacy training is an essential feature of employee training especially in this era of rapid technological advancements. This type of training should help to prevent unnecessary headaches such as privacy complaints and lawsuits. .
Therefore, the question remains, what would happen if one of your employees recorded a video of an irate customer and then uploaded the video on YouTube. The answer is, it's best not to find out.
(Cross-posted to Brian Bowman – On the Cutting Edge)