I’ve never pre-ordered a textbook until Melanie Bueckert’s “The Law of Employee Monitoring in Canada.”

This is no slight to Melanie’s fantastic background, but I didn’t expect much. Though there are exceptions, many privacy texts tend to be thin on substance, perhaps because the domain is evolving so quickly.

Given I had set my expectations low, I was delighted when I received Melanie’s text last month and discovered it included a thorough and deep discussion of the law of employee monitoring in Canada. This led me to introduce myself to Melanie, who is Legal Research Counsel at the Manitoba Court of Appeal and a fellow Slaw contributor. We had the following conversation about workplace monitoring last week in which Melanie spoke candidly about the workplace monitoring technologies she finds most interesting, how she thinks the law ought to develop and how labour arbitrators and judges view workplace privacy differently. I hope you enjoy!

Dan Michaluk. So why don’t we start with what led you to write your book.

Melanie Bueckert. Sure. I graduated from the University of Manitoba Faculty of Law in 2003 and worked with the Pitblado firm here in Winnipeg. They had both an active privacy group and a management side labour group, and I was involved with both after my call in 2004 up until 2006. I took a real interest in privacy and employment issues, but when I came over to the Court of Appeal in late 2006 it unfortunately limited my professional engagement in the privacy world. So in 2007 so I headed back to the University of Manitoba for my Master’s degree, focusing on the topic of employee privacy. So that’s where the book comes out of – my Master’s thesis and related work.

DM. Who did you work with on your Master’s thesis?

MB. Professor Brian Schwartz at the University of Manitoba was my advisor, Debra Parkes who is a Professor there was also on my committee and then my external advisor was Professor Michael Geist over at the University of Ottawa.

DM. I see.

MB. Yes, it was a good team.

DM. So what makes the workplace monitoring issue interesting to you?

MB. The law is interesting but it’s also practically relevant to pretty much anyone working in an office. Whether you’re front line in fast food or in senior management, you’ll confront workplace privacy issues. And my focus is really about technology and workplace privacy, so it doesn’t hurt that my husband is in the computer industry.

DM. I see. So what then was the most interesting part of the book to write?

MB. That’s a tough question! I’m particularly interested in issues about blogging and social networking and issues about location awareness technology – mainly because the technologies are relatively new yet at the same time very pervasive. There is no real case law yet, but there are so many scenarios that you just hear – friends asking you, “Well what if I’m on Facebook at work?” or “Oh, I just got a new iPhone and it’s got this great GPS tracking app.” So you start thinking about how people should be thinking proactively about the privacy implications of these things.

DM. So explain how employers are using location tracking.

MB. There are a number of different ways, but one that probably everyone is familiar with involves those access cards that you use every time you exit and enter your building, or maybe portions of your office are access controlled. That technology creates information that is logged somewhere in a file. Or certain industries use GPS tracking either through handheld devices or more usually through GPS technology linked to company vehicles. These are ways that employers are monitoring employees to make sure that they are where they are supposed to be, when they are supposed to be.

DM. Anything more extreme?

MB. The more extreme examples are from the United States. I have not yet aware of any cases in Canada, but there are stories about radio frequency identification devices being used by employers – location tags and even devices that are implanted in employees to allow for passive tracking through various points in the workplace.

DM. Yes, I recall. Is there American case law on RFID tracking?

MB. I’m not familiar with any cases in the employment context. It seems like there was a political uproar followed by a number of states banning the practice of mandatory implantation, but this policy still leaves this weird idea of voluntary implantation. To what extent can you use the word “voluntary” in the employment context, especially when you’re talking about bodily intrusion? I haven’t heard of RFID implantation yet in Canada, but it could be on its way.

DM. Well there’s a question for you. Can employees voluntarily consent to the use of privacy invasive technology by their employers?

MB. That really gets to the heart of it. I mean, to what extent is a consent based model appropriate for governing the employment relationship when you have this huge disparity in power?

DM. Can you give us an overview of the law on this point.

MB. Right now, so long as employers have that consent, which really is just a signature on a piece of a paper or even oral consent, they can pretty much go ahead and do what they like. PIPEDA at least adds in the idea that the use of the technology must be reasonable in the circumstances, so there is a little bit of protection there. Or if you’re governed by a collective agreement and have drawn a pretty liberal labour arbitrator you might get some coverage through some of the doctrines that have developed in the arbitral jurisprudence. But a large chunk of the working population isn’t covered by this law.

DM. The federal case that dealt with this issue is Telus. In your view did the Federal Court deal with the issue of consent in a satisfactory way?

MB. That’s an interesting one because you have the Court concluding that in the circumstances the use of technology is reasonable – using a voice print. It then considers what happens to these employees because they’re still not satisfied that it’s reasonable in their own minds and says, well, we’re not going to talk about that today. We’re sending it back and we’ll assume the usual labour rules apply. Is satisfactory for them? Probably not.

DM. The Court is empowered to make a finding whether a request for collection of personal information is reasonable. Employees can litigate the question of reasonableness but may leave that process with a finding that requires them to obey the request.

MB. Yes, but I don’t think it’s the best outcome because employees have to make a privacy complaint, then go to court. And what are they told when it comes down to their actual circumstances? Oh sorry. We can’t deal with that. All we can tell you is that this is a reasonable requirement under PIPEDA and what happens to you in your employment – well, that’s governed by labour law.

DM. It certainly doesn’t fit well with PIPEDA’s rule on informed consent.

MB. It would be nice if these issues could all be decided at once, but we don’t have that sort of framework just yet.

DM. This is related, but tell us about your support for the rights based approach to workplace privacy.

MB. Well, I’m probably a bit controversial. I’m sure many employers are satisfied with the current state of the law in Canada which is, as we discussed, generally still consent based – working from the notion that employees can fairly and freely sign over their privacy rights. For me, it seems that there is a movement within the labour realm where you have this acceptance of at least a base level of certain privacy expectations of employees within the work place given how work has changed and given the use of technologies in the work place like e-mail. There is no question that employees are entitled to at least a little bit of personal time when it comes to using employer equipment. Well, what does that mean for their privacy rights?

DM. I agree, and have written an article that this is something employers should be thinking about.

MB. What is always interesting to me is that when you talk to the “person on the street” about these issues people feel that there must be legal protection for a lot of these workplace activities – you know, sending e-mails, downloading things from the internet that they are allowed to download – and yet that understanding, that perception within the workplace doesn’t actually have a basis in law. People don’t really understand that the law hasn’t caught up.

DM. You think that it should.

MB. Yes. My advocacy for a rights based approach is about pushing the law forward to get beyond a consent based approach to an approach in which employers must show some reasonable grounds for impeding those expectations.

DM. What about expectations? How satisfied are you with the reasonable expectation of privacy concept as a solution?

MB. It’s a very limited concept, perhaps a step up. Theoretically you could prove that you have a reasonable expectation of privacy, but an employer can pass policies that say “you have no expectation of privacy” – basically negating any potential protections that the law might otherwise provide. It seems to me that employers should not be able to unilaterally reduce privacy expectations this way but, rather, should be required to show some objective reason they we need to impinge on employee privacy.

DM. Yet notice has played a strong feature in the existing computer monitoring case law.

MB. Yes. But it sure seems like the cases really have turned on what employees are caught doing. You don’t see a lot of cases of employees checking their stock portfolios or doing their personal banking. We see cases about downloading sexually explicit content and time theft.

DM. Computer monitoring issues are not litigated as policy grievances either, which is interesting.

MB. The questions about the role of the union in protecting individual privacy rights are interesting. So far we have seen some arbitrators take a pretty liberal or progressive stance with respect to employee privacy, but you know their ability to do so is based on what the union thinks is worthwhile getting behind. It’s sort of an odd fit.

DM. Okay, moving on then. I want to touch on one thing before we finish. Do you think a court would decide a privacy issue in the same way as a labour arbitrator?

MB. Generally no. I think some arbitrators take the same view as courts. I don’t think I’ll hurt anyone’s feelings if I say Arbitrator Bendel has routinely taken a conservative stance on privacy. But then of course there are others who have shown a strong interest in protecting employee privacy. At least there are some arbitrators going that way, whereas the courts don’t seem to be giving any protection unless based on legislative protections like PIPEDA.

DM. So what’s your practical advice for employers today?

MB. Be proactive. If you’re providing your employees with cell phones, do you know if they have GPS tracking ability? Do you intend on using it? You should look at these kinds of issues before you have problems and think, “Okay, given our business, what do we really need to be doing here? And how should we let employees know?” Right now, at least, if you give good notice to employees about what you are doing, that offers a fair bit of protection.

DM. How about employees?

MB. Not to be too blunt here, but my advice is, “Don’t be stupid.” In reading the cases you sort of shake your head sometimes about the things that people have decided to dispute. You just sort of say, no wonder you were terminated. You downloaded 500 pornographic emails.

DM. Thanks so much, and lastly, what are you up to in the future?

MB. Because mostly my work with privacy has been on the side I’m happy when things like this interview come up. I am going out to Edmonton at the end of the month to speak to the CBA group there on the topic of employee monitoring and hope to do a few more speaking engagements like that. And on the personal side, I’ll be taking maternity leave at the end of April in 2010 so that might put me out of the game for awhile.

DM. Well congratulations. Is that your first?

MB. It is.

DM. Congratulations and thank you again, and best wishes on both the personal and professional front!