Privacy law and the workplace

PIPA, PIPEDA, FOIPPA and the Privacy Act……this myriad of legislation can be very confusing when trying to understand an employer’s obligations and an employee’s rights with respect to the protection of personal information of an employee (ie. home address, personal email address, birthdate, social insurance number, compensation information, benefits information, etc.). However, this topic is becoming increasingly important in light of recent security events such as the ‘heartbleed bug’ and other reported security and privacy breaches.

If you are a private sector employer operating within the Province of British Columbia the most applicable legislation will be the Personal Information Protection Act, or “PIPA” as it is often referred to as. PIPA has several important provisions that restrict an employer’s ability to collect, use and disclose an employee’s personal information without their consent. It also contains provisions requiring an employer to secure and retain information in accordance with PIPA.

From an employee’s perspective, perhaps the most useful provisions in PIPA are the provisions that allow you to gain access to the personal information your employer has collected about you. If requested, the employer must also provide you with a list of the ways your personal information was used and any third parties to whom it was disclosed and all of this must be completed within the timelines outlined in PIPA. This can be a very useful tool for employees and it is also something that employers must be aware of from a compliance perspective.

In light of the obligations outlined in PIPA an employer should consider whether they have:

  • an established ‘Employee Privacy Policy’ that explains the purposes for which you collect, use and disclose employee personal information and how you retain and secure such information;
  • a person who is responsible for ensuring the employer complies with PIPA;
  • a process for employee’s to use to request access to their personal information; and
  • appropriate training for employees so that they are aware of how to deal with personal information within their job duties and so that they understand their rights with respect to their own personal information.

In addition, there are a number of specific recommendations and other best practices that may be developed based on the specific industry and jurisdiction that the organization operates within. If you have questions from either the employer or employee perspective about the privacy legislation and what may apply in your circumstance you should contact a lawyer to discuss your rights and obligations.


Article written by:  Greg Pratch

More On the Job articles

About the Author

Pushor Mitchell's Employment Group assists clients in meeting the challenges of today's workplace, including: hiring, firing, management, discipline, contracts, human rights, employment standards, privacy and many other related issues. In their column, the authors' provide practical and interesting information on employment law topics for both employers and employees.

The authors: Alfred Kempf, Greg Pratch, Joni Metherell, Keri Grenier, Mark Baron, and Mark Danielson.

Have an employment law topic you want to see addressed? Comments or suggestions are always welcome.

Email: [email protected]

Additional information available on our website: www.pushormitchell.com


The views expressed are strictly those of the author and not necessarily those of Castanet. Castanet does not warrant the contents.

Previous Stories