Ontario’s employee electronic monitoring law comes into effect today

Share post:

After six months’ notice that they had to be prepared, all provincially-regulated employers with more than 25 workers today must have a written policy describing how they electronically monitor staff. Among those to be included in the worker count are homeworkers and probationary employees, some trainees, employees on definite term or specific task contracts of any length and those on a leave of absence.

Daniel Michaluk, who focuses on privacy and cybersecurity law at Borden Ladner Gervais, said today he believes most medium and large firms in the province are prepared, judging by the number of requests to review proposed policies he has received. He’s not sure, however, about the readiness of small firms.

It shouldn’t be hard to create a policy with a list of the types of IT monitoring and what each does in generic terms, he added. A company could create a chart of its tools (for example “endpoint detection”) and a brief description of what each does (“monitors the use of workstations and compares it against a baseline to detect abnormal use”).

“The trick is to get a balance between detail and high-level information.”

“I think you can achieve meaningful information without getting into technical specifications,” he added.

But a policy that has only a brief sentence that says ‘We monitor the network and therefore you should have no expectation of privacy’ is “inadequate,” he said.

The policy “is not necessarily the end of the dialogue between an employer and their employees,” he stressed. “It could be the starting point … You invite inquiries and you should be prepared to answer them.”

An employer can have different policies for different employees. For example, provincial guidance says, a retail employer may have one policy that applies to its office staff and a different policy that applies to its in-store sales staff.

The obligation to have a policy is part of the Employment Standard Act. Note that as of January 1, 2023, business consultants and information technology consultants will no longer be covered by that act and will no longer be subject to electronic monitoring policy requirements.

The act doesn’t establish a right for employees not to be electronically monitored by their employer. Nor does it create any new privacy rights for employees. The government of Doug Ford has talked about bringing in privacy legislation but hasn’t so far.

Nor does the legislation define electronic monitoring. However, provincial guidance released in August says it includes all forms of employee and assignment employee monitoring that is done electronically. Some examples include where an employer:

  • uses GPS to track the movement of an employee’s delivery vehicle
  • uses an electronic sensor to track how quickly employees scan items at a grocery store check-out
  • tracks the websites that employees visit during working hours

The policy must state

  • a description of how and in what circumstances the employer may electronically monitor employees
  • the purposes for which the information obtained through electronic monitoring may be used by the employer
  • the date the policy was prepared
  • the date any changes were made to the policy.

In a blog earlier this year the Bennett Jones law firm noted the law does not limit the employer’s use of the information gathered through electronic monitoring. An employer can rely on the information to discipline or terminate an employee.

The post Ontario’s employee electronic monitoring law comes into effect today first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Cyber Security Today, June 19, 2024 – How an attacker hid on an IT network for three years

How an attacker hid on an IT network for three years Welcome to Cyber Security Today. It's Wednesday June...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways