Privacy Issues That Commonly Arise At Your Workplace

There are several privacy rights that exist in the workplace. Read on to find out what they are, and how you are protected if they are breached.

Governing Law

Employees have a right to privacy when it comes to their employers, but there are certain exceptions. In every situation, the individual’s right to privacy will be weighed against the employer’s legitimate business needs.

To know what privacy rights you have as an employee, it is important to know what type of business you work for. Specifically, it is important to know whether your business is:

1. In the private or public sector

2. Federally regulated or Provincially regulated

If you work in the public sector (in the Government), you are protected by legislation corresponding to your level of government, be it federal, provincial or municipal. You are also protected by the Canadian Charter of Rights and Freedoms, which includes within it the protections against unreasonable search and seizure, protection which extends from the idea that everyone should have a “reasonable expectation of privacy.”

The Personal Information Protection and Electronic Documents Act (“PIPEDA”) was enacted in 2000 to regulate the collection, use and disclosure of personal information for federally regulated private sector businesses. Federally regulated businesses include banks, airline companies and tv and radio stations, and are listed under Section 91 of the Constitution Act, 1867. Whether or not they are bound to follow it, employers will find it useful to use PIPEDA as a guide when creating their privacy policies.

If you work for a provincially regulated private sector business in Ontario, the only legislation protecting you relates to your personal health information. However, other personal information may be protected under a collective agreement (if you are unionized) or at common law. Provincially regulated businesses are listed in Section 92 of the Constitution Act, 1867.

One way that all employees in Ontario are protected at common law is against “intrusion upon seclusion.” “Intrusion upon seclusion” is the intrusion into an employee’s personal life, such as their sexual orientation, private correspondences, or financial/health records. The implication of this protection is that employers are entitled to a “reasonable expectation of privacy” even when they are using employer-provided equipment.

Both public and private sector workers are regulated by provincial human rights laws. One example of such a law in Ontario is that all federally-regulated employers are only permitted to test for drugs and alcohol when the test is connected to the employee’s ability to carry out their job in a safe and appropriate manner, such as if they are lifting heavy machinery or driving as a part of their employment.

Personal Information Defined

If your workplace is governed by privacy legislation, your “personal information” is protected. According to PIPEDA, “Personal information” is defined as information about an identifiable individual. Some examples of this would be your SIN number or your address. However, information related to your position would NOT be protected (such as your work phone number or name).


Under most privacy legislation employers will need your consent to collect, use or disclose your personal information. This consent can be written or verbal, and will likely need to be explicit when the information is highly sensitive, such as health or medical information. For instance, PIPEDA requires your meaningful consent, which means that you have received a clear explanation of how your information will be used before consenting. However, the consent for disclosure of certain personal information related to your employment, such as your address for payroll, can normally be implied, meaning that you likely won’t be asked before it is disclosed.

The following are some examples of information for which employers generally do not require consent:

● Information that is requested by law enforcement;

● Information required for administering workplace benefits compensations;

● Information requested by a third party if the employee is managed by that third party

● Information requested by third party insurance companies

Information Collection

Employers may want to collect information for the purposes of:

● administering payroll and benefit plans;

● complying with tax and employment standards law requirements for record-keeping and reporting;

● performing a credit or security check when hiring individuals for security-sensitive positions;

● managing the virtual workplace for off-site employees working from home; and

● monitoring productivity or customer interactions for “quality control.”

Whether or not a given collection method is appropriate will depend on a balance of several factors, mainly:

1) Whether or not consent was obtained

2) The intrusiveness of the collection

3) The purpose of the collection

Any decision made on the collection of an employee’s private information will attempt to balance the interests of the employee with those of their employer.

Whether you are an employer or an employee, one of the specialist employment lawyers at Tailor Law can help you. You can reach our office at 905-366-0202 or contact us through our website here.

Nothing in this article should be considered or relied on as legal advice or opinion. This article only provides general information. Should you require assistance, please contact us to book a free initial consultation.


Samuelson-Glushko Canadian Interest and Public Policy Clinic, “Workplace Privacy” (May 2007).

Rachel Kattapuram, “Canada: An Employers’ Guide to Privacy In The Workplace” (16 August 2018)

The Employers’ Edge, “Privacy Matters! The Importance of Developing a Workplace Policy” (19 April 2018)

Kattapuram, supra note 2. 6 JF Lalonde, “ Employee rights: Drug and alcohol tests in Ontario workplaces”(12 January 2018)

Canada, Office of the Privacy Commissioner of Canada, Consent (webpage) (last modified 10 September 2019)

Call Us
Free Consultation