A little over a month ago, the Supreme Court of Canada rendered a decision affording all employees a limited, but reasonable expectation of privacy in the use of their workplace computers.
The case involved a warrantless police search of an individual’s work computer containing images alleged to be child pornography. The accused fought to have the evidence excluded from trial as the warrantless search was thought to infringe upon his section 8 Charter rights. The larger legal question, of course, is whether an employee has the right to privacy when using a company-owned computer.
While the majority of the Supreme Court found that this particular case of unconstitutionally obtained evidence should not be excluded given the nature of the materials discovered, they also found that the accused’s section 8 rights had in fact been violated in the unwarranted search of his workplace computer.
So what does all of this mean for your workplace?
Well, to start, it means that if you don’t currently have policies in place for your employees regarding the use of their workplace computers, now is the time to create some. And if you do have a set of computer-use policies, it’s now more important than ever to revisit them to ensure that they take this recent ruling into account.
Here are a few questions to consider as you take a look at your computer use policies.
How can I manage the implications of employees using workplace computers for personal use?
Employees inevitably treat their workplace computers as somewhat of an extension of their property. This could mean everything from checking email or social media accounts, bookmarking sites for personal interest or saving images. So to a certain degree, this ruling simply confirms what we all already knew.
But in order to protect yourself and create a transparent work environment, it’s crucial that your policies make the following things clear:
a) That there are certain circumstances when management might access employee machines. Here you will also need to explain what the circumstances might be, i.e., technical maintenance, to meet legal requirements, to access records, etc.
b) That using a workplace computer for personal use is an individual choice and may, in certain instances, sacrifice one’s privacy.
What is the scope of my current computer-use policy?
Computer use policies typically apply to “users” i.e., employees and the “system” or “network” of computers that they use while at work. However, to effectively manage your employee’s privacy expectations, you may need to include additional electronic devices used for professional purposes. This means extending your policies to company-owned laptops and/or smartphones. Indicating that these devices are part of the workplace computer system will mitigate the possibility that they are considered separate (read: more personal) entities.
Similarly, if your employees use their own personal devices (laptops or smartphones) for work purposes, you will need to ensure that you’re taking the technical and legal means necessary to guarantee that proper network security is applied.
Should my computer use policy govern the use of social media?
A computer use policy should only specify the use of a computer on a corporate network. However, developing a separate social media use policy for your organization is also highly recommended. While your computer use policy applies only to the specific use of a company-owned device, your social media policy needs to extend much further.
If you’re still unsure how to revise your computer use policy to better reflect these changes, contact the trained staff at Employment Professionals. We’d be happy to help you improve your work environment.