If you’re like me, you’ve read many e-mail and other records management policies stating that an employee should not expect any privacy when using a workplace computer (i.e. a computer owned by his/her employer).
Many organizations are likely revising their policies to prohibit the personal use of workplace computers as a result of a recent Supreme Court of Canada decision (R. v. Cole) stating the workplace environment diminishes – but does not completely remove – an employee’s reasonable expectation of privacy.
This criminal case involved a high school teacher (Richard Cole) who was provided with a school-issued laptop computer that he could also use for incidental personal purposes. After a technician performing routine maintenance discovered nude photos of a female student on the computer, the school copied the images and turned them (and the computer) over to police who charged the teacher with possession of child pornography and unauthorized use of a computer. The trial judge refused to admit the files into evidence on the basis that they were obtained without a search warrant in violation of the Canadian Charter of Rights and Freedoms which guards against unreasonable search and seizure. However, the Ontario Court of Appeal partially overturned that decision. For more information on these decisions (and the Supreme Court decision), click here.
The legal issue before the Supreme Court was whether the police conducted a warrantless search of the computer in violation of the Charter. After assessing whether the employee had a reasonable expectation of privacy, the court ruled that employees have limited rights to privacy for personal information on workplace computers, as long as personal use is “permitted or reasonably expected.” The court also ordered the teacher to face a new trial.
While the implementation of revised policies prohibiting the personal use of workplace computers will simplify things on a day-forward basis, organizations which previously allowed incidential personal use of workplace computers will have to grapple with a backlog of work and personal content on those devices for the foreseeable future. And that backlog will pose a challenge in e-discovery, as stated in Zblog (the blog of the WortzmanNickle law firm): “This decision will impact on the collection practices of organizations engaged in the discovery phase for litigation, regulatory investigation or audit. The right of an employer to simply collect all information on workplace digital devices, once believed to be unfettered, will have to be examined in light of this decision.”
