Proposed Ontario employee electronic monitoring disclosure law may help firms: Lawyer

Share post:

Ontario employers should use a broad definition of the term “employee electronic monitoring” if they don’t want to run afoul of proposed changes to provincial labour law, says a Toronto privacy lawyer.

That, said Daniel Michaluk, is because there isn’t a definition in the proposed act of “electronic monitoring”.

“It will create issues for employers trying to implement this,” predicted Michaluk, a partner in the Borden Ladner Gervais law firm who practices in privacy and cybersecurity law, unless the proposed legislation is amended in committee before being passed.

Section 41.1.1 of the proposed Bill 88 — known as the Working for Workers Act, introduced last week, obliges any employer in the province with more than 25 employees to have a written policy explaining how and in what circumstances the firm electronically monitors employees. The policy also has to state how the data collected is used.

To be safe, Michaluk said employers should assume the term includes data collected from a wide range of technologies: Standard endpoint data, data from endpoint detection and response (EDR) agents, data generated from mobile device management (MDM) applications, company-owned vehicle telematics, and, of course, network behaviour analytics and video surveillance footage. It could even include logging website traffic on a web server, he said.

Note that mobile device management applications could cover not only company-owned devices but also employee-owned devices if that is mandated by the employer.

Employers must provide copies of the policy to all employees, as well as to employees assigned by temporary help agencies.

“What’s interesting is before the province created any legislation that governs privacy in the workplace, they created a more targeted piece of legislation,” Michaluk said. The Conservative government of Doug Ford has talked about bringing in a provincial private sector privacy law, but no legislation has as yet been introduced.

Among Canadian jurisdictions, only B.C., Alberta and Quebec have private sector legislation obliging firms to give notice to employees of the collection of personal information.

Ontario employers shouldn’t find the obligation onerous, Michaluk said. “It should be feasible to inventory of all these technologies without too much work and display them to employees. If we have mature systems for network security we should have inventoried this already.”

In fact, he said, it would be a matter of good data governance. “We ought to be governing our use of these technologies and more specifically the network [in the workplace] anyway.”

“If we don’t have an immediate view of what data we’re collecting across the network, let’s go do that as a matter of governance. Forget compliance. Even disclosing that [to employees] is good governance because you’re telling your users what’s going on.

“The real benefit is it may cause your users’ behaviour to change. It may cause them to understand you’ve got a network that records all sorts of data of users for legitimate uses and they should take their personal use of the network somewhere else.”

In a blog Michaluk and an associate offered detailed advice to employers on the proposed legislation. For example, for security reasons, there’s no need to disclose the software the company uses. To comply with the proposed law – unless it changes – employers could create a simple table like the one below:

Graphic from Canadian law firm describing how a company's electronic monitoring technology can be described
Source: Borden Ladner Gervais

They also noted that electronic monitoring in Ontario is permissible unless there is an agreement with employees that forbids it.

To meet the law, firms should update their hardware and software inventory, Michaluk said, as well as their acceptable use of corporate networks policies.

The post Proposed Ontario employee electronic monitoring disclosure law may help firms: Lawyer first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Reddit sells user data to undisclosed AI company

An AI company has reportedly struck a $60 million annual deal with Reddit to use the platform's user...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways