Case Study: Company Security versus Employee Privacy
Société canadienne des postes c. Syndicat des travailleurs et travailleuses des postes
(CUPW N00-12-00003, Arb. Lauzon) 2014 LNSARTQ 349
In response to reports of goods being stolen from mailed items, Canada Post increased its security measures and issued a mandatory screening policy for its current employees. The policy required that staff consent to multiple background checks, including credit and criminal record checks, and the recording of employees’ fingerprints.
Employees were already subject to these checks on hiring, as well as on promotion or transfer to a more sensitive position. The new policy increased the situations in which these checks could be demanded, without clearly defining what these situations were. Employees who did not give consent would be relocated, terminated, or penalized.
The Union of Canadian Postal Workers grieved the new policy, arguing that employees’ privacy rights were being violated. The Quebec Labour Arbitrator concluded that Canada Post could not require current employees to consent to repeat background checks. Penalizing staff for withholding consent meant that consent was coerced, and put Canada Post in breach of the Personal Information Protection and Electronic Documents Act (PIPEDA). He also cited a previous decision which stated that “the taking of fingerprints is a serious invasion of privacy” which could only be justified by specific legal requirement or prior agreement with the union.
Writing on Carswell’s “Law of Privacy in Canada” blog, Barbara McIsaac commented: “As evidenced by this decision, arbitrators and judges will generally decide in favour of protecting and preserving employees’ right to privacy. Employers who require additional sensitive personal information from current employees will likely need to demonstrate that the information is necessary and/or that there is a clear contractual or legislative basis for obtaining it.”