Privacy In The Workplace: Bosses Who Spy On You

There was a grim news report out of Switzerland last year about a scandal involving a major bank. The Credit Suisse bank was spying on one of its executives. The fallout from this included the firing of the bank’s chief operating officer. It may have contributed to the suicide of another individual who was involved.

The article in the Guardian newspaper described it as a “James Bond-style corporate espionage scandal in which private detectives were hired to follow a senior executive through the streets of Zurich after a row with the organization’s boss at a cocktail party.” In announcing the COO’s firing, the bank stated that the surveillance was “wrong and disproportionate and has resulted in severe reputational damage to the bank.”

Interestingly, there is nothing in the news reports to indicate that this spying in the streets was illegal in Switzerland. Whatever the situation there, it would probably not be illegal in Canada.

Canadian law has a split personality when it comes to privacy. On the one hand, there are privacy statutes, both at the federal and provincial levels, which provide for detailed control over the collection and use of personal information, especially in the form of electronic data. Section 8 of the Canadian Charter of Rights and Freedoms protects against unreasonable search and seizure.

However, the Charter applies only to government actors, not private parties. Similarly, the detailed Ontario legislation applies only to government agencies.

At the federal level, a statute that applies to all federally regulated commercial entities, including companies such as banks, transport and telecoms, is called the Personal Information Protection and Electronic Documents Act (PIPEDA). The federal privacy commissioner takes the position that PIPEDA applies to all commercial activities, except in provinces that have their own privacy legislation (B.C., Alberta and Quebec), even if those activities are not federally regulated.

PIPEDA generally prohibits anyone from collecting or using “personal information without the knowledge or consent of the individual.” However, there is a glaring exception for the kind of spying carried out by Credit Suisse. PIPEDA allows secret surveillance when “… it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province” (para. 7(1)(b)).

A cynic might say that PIPEDA prohibits spying when there is nothing interesting to see but allows it when the employer has reason to expect that it will reveal something embarrassing. The advice issued by the federal privacy commissioner does state that an “organization should have evidence that the relationship of trust has been broken before conducting covert video surveillance. Mere suspicion is insufficient.”

However, the question of what constitutes “evidence” for this purpose is inevitably a matter of opinion. If the employer had solid evidence, it could just proceed to dismiss the employee without any further surveillance. In one case considered, an employee was frequently absent, but a medical assessment did not support his claims of illness. The assistant commissioner concluded that under the circumstances the employer was justified in using a private investigator to track the employee. The findings from that surveillance led to the employee’s dismissal.

The federal privacy commissioner has suggested the following guidelines for evaluating the appropriateness of surveillance:

  • Is surveillance and recording demonstrably necessary to meet a specific need?
  • Is surveillance and recording likely to be effective in meeting that need?
  • Is the loss of privacy proportional to the benefit gained?
  • Is there a less privacy-invasive way of achieving the same end?

One of the most widely cited court decisions interpreting this aspect of PIPEDA is Eastmond v. Canadian Pacific Railway 2004 FC 852. CP Rail installed video surveillance cameras in a freight yard, and the union objected that it indicated a lack of trust and undermined employee morale.

Based on the above guidelines, the commissioner ruled that CP’s surveillance was inappropriate and a violation of PIPEDA. After a detailed review of the facts, the court ruled in favour of CP.

Federal Court of Canada Justice François Lemieux noted that the invasion of privacy was minimal, as CP’s policy was that the recording was not viewed unless there was a “triggering event” such as a theft. He added wryly that “Assuming the recording captured an individual committing an act of theft asking for his/her permission to collect the information would compromise the availability of the information for the purpose of investigation.”

This article was written by Peter Spiro and was originally published on The Lawyer’s Daily on January 7, 2020. This article is part one of a two-part series. Part Two: Role of secret surveillance in the workplace

With a background in economics, the gig economy and the underground economy, Peter Spiro is counsel to Monkhouse Law in employee class actions.

Do you have an issue with surveillance at work? Contact Monkhouse Law today for a free 30-minute consultation. To arrange your free confidential 30 minute phone consultation, contact us today.

Call us for a FREE 30 minute phone consultation at 416-907-9249 or submit a callback request

    Free Consultation

    Call us for a free 30 minute phone consultation at 416-907-9249 or submit a callback request. We endeavor to phone you back once we have reviewed the information, calls will be Monday to Friday between 9:00 AM and 5:00 PM:


    Monkhouse Law