Can My Employer be Held Accountable for Information Collected from Facebook?

January 20th, 2014

Dave writes to us with a question that involves his employer, a friend, and information on Facebook that should have remained private.

Question

I set my privacy settings so only friends have access to my Facebook information. One of my friends provided information from my Facebook to my employer. My employer had me provide information to prove my innocence and I did.

I was very fearful of my job, but what can be done to prevent this in the future through PIPEDA? Can the employer be held accountable or should the unknown friend be held accountable for the embarrassment I endured?

—Dave

Answer

Hi Dave,

It sounds like you and your employer are in a very tricky situation — information that you wanted to post online and keep private among a group friends has now leaked its way to your employer. That now affects how your employer perceives you, your ability to progress in the company, and may be grounds for discipline or termination.

This question is complex as it involves a personal relationship, an employee-employer relationship, and a cross section between employment and privacy law. There really isn’t an easy answer, but I’ll do my best to address your question.

I’m not sure what kind of activity was involved but I’m guessing that it was something illegal, something disrespectful or lewd, or something that negatively impacted an employee or your employer’s brand or reputation.

Whatever the case may be, be careful — an online posting can cost you your job. As personal and work lives continue to converge through social media and technology, we’ll begin to see more and more employees fired or disciplined for Facebook postings in Canada.

It’s not that simple though. Employees deserve a reasonable expectation of privacy — especially outside of work — and information, images, or video that you shared with a select group of people was never intended to be shared with your employer. It may be “out of bounds” for your employer.

Does the information leaked concern your employer in any way, or it does it affect your job performance or the employer’s staff, brand, or reputation? If it is something your employer wanted you to disprove, I am assuming it was important. Were you found innocent? That helps improve your standing.

If your employer disciplines or fires you, you have the option of taking your case to your provincial labour board. I am not an expert on employment law so unfortunately I can’t comment too much on that matter.

As far as privacy law goes, PIPEDA only covers personal information collected, used, or disclosed in connection to commercial activities. However if you live in BC, Alberta, or Quebec, any personal information collected by an employer is subject to those province’s respective privacy laws.

I wouldn’t worry about privacy laws though — the best way to prevent these problems is to avoid these situations altogether. Try to refrain from posting any material that might land you in hot water if it were leaked to your employer, especially if you can’t trust your social network.

We’re all human and everyone has rants about life, relationships, and work — in the future, consider sharing these with only a small group of friends or family that you have a close relationship with. One saying that I always go by is “Never post anything online that you wouldn’t want printed on the front page of your local newspaper.” It’s a sobering thought.

M.G.

Can Information be Shared Among Different Departments in an Organization?

November 13th, 2012

Both Stephanie and Barb write to us asking how personal information collected by an organization can be used throughout different departments.

Question 1

Can information be shared among different departments within the same organization without contravening privacy laws? I don’t see this specific question answered anywhere.

Thank you!

—Stephanie

Question 2

Can addresses be shared within a company from payroll to Gift Processing, so that we can make sure that a tax receipt gets to them?

—Barb

Answer

Hi Stephanie and Barb,

Privacy legislation does not put any restrictions on the transfer of personal information from department to department within an organization. As long as the personal information is not being used for any new purposes for which your organization has not collected consent, it can flow between individuals and departments as necessary.

This question is often asked because an organization may find new uses for personal information once it has been collected from an individual. For example, someone in your organization’s marketing department may realize just how useful it would be to analyze and market to a list of customer information collected for another purpose. This behaviour is not allowed under privacy legislation.