HomeMy WebLinkAbout2014-1191 Bhattacharya 16-03-29 Decision
Crown Employees
Grievance Settlement
Board
Suite 600
180 Dundas St. West
Toronto, Ontario M5G 1Z8
Tel. (416) 326-1388
Fax (416) 326-1396
Commission de
règlement des griefs
des employés de la
Couronne
Bureau 600
180, rue Dundas Ouest
Toronto (Ontario) M5G 1Z8
Tél. : (416) 326-1388
Téléc. : (416) 326-1396
GSB#2014-1191
IN THE MATTER OF AN ARBITRATION
Under
THE CROWN EMPLOYEES COLLECTIVE BARGAINING ACT
Before
THE GRIEVANCE SETTLEMENT BOARD
BETWEEN
Association of Management, Administrative and
Professional Crown Employees of Ontario
(Bhattacharya) Association
- and -
The Crown in Right of Ontario
(Ministry of Government and Consumer Services) Employer
BEFORE Ian Anderson Vice-Chair
FOR THE UNION Emma Phillips
Goldblatt Partners LLP
Counsel
FOR THE EMPLOYER Jonathan Rabinovitch
Treasury Board Secretariat
Legal Services Branch
Counsel
HEARING January 21, 22 and 28, 2016
- 2 -
Decision
[1] This is a discharge complaint.
[2] The Complainant was employed as an Oracle Business Analyst in the Business
Applications Systems Support (BASS) Branch of the Ministry of Government
Services. His employment commenced on July 13, 2009. His Branch Director
was at all times Robert Tee.
[3] On August 1, 2011, an email alleging significant unethical conduct on the part of
Mr. Tee was sent from a gmail account to various individuals within the
government. On August 29, 2011, a second such email was sent from a second
gmail account. On June 18, 2012, a third such email was sent from a third gmail
account. A fourth was sent on December 20, 2012 from a fourth gmail account.
The Employer considers all of the emails to have made serious and false
allegations against Mr. Tee. The emails purport to be from employees of or
associated with BASS, however it appears that the names of the “senders” are
not of individuals so employed. The emails were sent from google accounts and
the users are not traceable. The Employer, therefore, refers to the emails
collectively as the anonymous emails.
[4] As described in greater detail below, on or about July 26, 2012, a USB data key
was found in the workplace. Various files on the USB data key suggested that
the key was the property of the Complainant. The key also contained copies of
several government documents, including a sensitive and confidential
submission to Management Board. The USB key, and certain workplace
computers, were subjected to a forensic investigation. The investigation
revealed that the USB key also contained a draft of the June 18, 2012 email and
several other documents the Employer considers related to the anonymous
emails. The Employer concluded that the USB key belonged to the Complainant
and that he was involved in the creation of the anonymous emails. His
employment was terminated on August 15, 2013 for his involvement in the
creation of the anonymous emails and because the USB key contained
documents that were highly confidential and contained prejudicial information.
[5] The Association asserts that if the USB key belonged to the Complainant, then
examination of its informational content constituted a violation of his privacy
rights, including rights under the Charter of Rights and Freedoms. Accordingly,
the Association asserts, that the USB key and all evidence derivative from the
USB key should be ruled inadmissible. What was in effect a voir dire was held to
hear evidence and full submissions on that issue. This decision determines that
issue.
Facts:
- 3 -
[6] In the course of his employment, the Complainant was involved in the creation of
computer based data management systems used in government operations.
The Complainant would work with other employees in creating these systems.
The systems were tested using data files. The Complainant would transport
these data files between his computer and those of various co-workers on a USB
key. The USB key belonged to the Complainant: it was not supplied by the
Employer.
[7] The Complainant referred to these data files as “test mode data”, used while the
systems were in “test mode”, as distinct from “production mode” data. The
Complainant testified that the data used for testing was not real data, rather it
was “all made up”. He testified that it would have been wrong to use his personal
USB key to transport production mode data without the authorization of his
manager.
[8] The Complainant testified that while the Employer issued USB keys, he didn’t
use one because, in his view, he didn’t need one. He never downloaded
government documents, or production mode data.
[9] The Complainant testified that Manas Singha, who had been his team lead from
2009 to 2011, and Miriam Levy, who was his team lead from 2011 to 2013, were
aware that he used his USB key to transport test mode data. Team leads are not
members of management.
[10] The Complainant did not use his USB key exclusively for work related purposes.
Rather, it primarily contained a number of personal files, including a copy of his
own passport and visa, a copy of his resume, pictures, music files, documents
related to his condominium corporation, on the board of which he sits, a spread
sheet containing all of his passwords and passport applications for his two sons.
[11] The Complainant also testified that Mr. Tee was aware that he was using his
personal USB key within the workplace. He testified about several occasions
when he showed Mr. Tee personal pictures located on the USB key. He also
testified about an occasion near the beginning of his employment when he was
working through the night on a project at home. He was in regular
communication with Mr. Tee. The work required use of “test mode data”, which
is not available through the VPN (virtual private network). Therefore the
Complainant testified Mr. Tee must have been aware that he had downloaded
test mode data onto a USB key in and brought it home in order to do the work.
[12] Mr. Tee did not testify. I infer that Mr. Tee was aware that the Complainant had
used a USB key to transport test mode data on the one occasion described by
the Complainant. I also infer that Mr. Tee was aware that the Complainant on
occasion had a USB key in the workplace on which was recorded personal
information in the form of photographs.
[13] The Ministry of Government Services, Office of the Corporate Chief Information
Officer, Corporate Security Branch has established an “Acceptable Use of
- 4 -
Information and Information Technology (I&IT) Resources Policy” dated March,
2011 (the “I&IT Policy”). The relevant parts of the I&IT Policy are set out in
Appendix “A” to this decision. The Complainant testified that he was aware of
the I&IT Policy but that he did not think that it applied to his USB key because it
did not, in his view, contain a single government business document.
[14] The Complainant testified that he kept his USB key in his pocket while at work. It
was not password protected. Over the course of his employment he had lost two
or three USB keys. The Complainant testified that in or about the summer of
2012 he lost another USB key. The brand of the USB key in question was a
“datastick Pro”. Other than the brand name, there were no identifying marks on
the USB key. The Complainant did not report the USB key as lost to the
Employer. The Complainant testified that he did not do so because he did not
consider there to be anything security related on his USB key.
[15] On Thursday July 26, 2012, a “datastick Pro” USB key was found in the
workplace by an employee. That employee gave the USB key to Sandra
Rosenow. There is no evidence that Ms. Rosenow is a member of management,
and my understanding that she is in fact a member of AMAPCEO. Ms. Rosenow
inserted the USB key into her workplace computer.
[16] When the USB key is opened on a computer, the following folder names appear
in what counsel for the Association referred to as the “desktop” (what I would
understand to be the root directory): 2011-01-01; AUDIO ONLY; Canadian
Passport; CR; DATALOADER SPREAD SHEET; EPS SCRIPT 2011-2012;
HORSESHOE ADVENTURE; IMP DOCS SCAN; INSURANCE; JOBS; MY
AQUARIUM MARCH 2012; New folder; OCI REGISTRATION; Ottawa March
2012; PCC 51; PERSONAL; PR CARD RENEWAL; SUMMER 2011; T4A;
TORONTO ZOO APRIL 2012; TPAS TICKETS; and VIDEO. In addition, the
following file names appear in the desktop: 1a
FINAL_ACCESSIBLE_EMPLOYMENT_23Feb2012.pdf; 2001_Manual_X5.pdf;
430160 [long series of number omitted]_n.jpg; 4008163.pdf; discover.pdf; EPS
Test - Planned v0 2.xls; executive-summary.pdf; Final OPS AMAPCEO
Collective Agreement April 27 2009.pdf; Heritage_Tool_Kit-POW.pdf; Ma Durga.
JPG; PAY STUB 03012012.pdf; Project.xlsx; report.pdf; Responsibilities.doc;
STREET CAPITAL.DOC; surender resume.DOC.txt; Surender Saini
Resume.doc.docx; The High Five Interview Assignment.docx; Travel Reservation
Number 28 for BHATTACHARYA.pdf;
UIYCSQ56EEGYIIQ1FYNIQ_SSPCNADAV.pdf; User Name.xls; and
Wildlife.wmv.
[17] Ms. Rosenow testified that she accessed some files related to fish tanks and
passport applications. She also accessed what appeared to her to be a
government data file. She testified that it had a long file name and she could not
understand it. She gave the USB key to Mr. Tee on July 26, 2012. In doing so
she told Mr. Tee about the files she had looked at and her conclusion that the
USB key belonged to the Complainant and contained what looked like
government files.
- 5 -
[18] Ultimately, as described below, Mr. Tee caused a forensic investigation to be
conducted. The forensic investigation resulted in a “Final Report” dated May 31,
2013. Both parties treated some of the findings of the Final Report, including
those in relation to the activities of Mr. Tee, as in evidence and I shall proceed on
the same basis.
[19] The Final Report indicates that Mr. Tee opened the USB key on July 26, 2012.
Since Mr. Tee had been advised by Ms. Rosenow that the USB key belonged to
the Complainant, the Association argues the opening of the USB key constitutes
the first unreasonable search. On opening the USB key, Mr. Tee would have
seen the desktop containing the folder names and file names set out above,
including the file name which refers to the Complainant. Mr. Tee proceeded to
open three documents: Surender Saini Resume.doc.docx; 430160 [long series of
number omitted]_n.jpg; and “New Folder\MB20 Final Figures.xls”. (The
Complainant testified that the first of these documents was a resume of a friend,
the second was something that someone in his family had downloaded from the
Internet.) The Final Report indicates that this last document is “government
related”. On Friday July 27, 2012, Mr. Tee inserted the USB key into his
workplace computer and looked at eleven documents: a number personal to the
Complainant and three documents in the “New folder” directory: Project-
Consolidation.ppt; Doc14.doc; and MB20 Final Figures.xls (again). The Final
Report indicates that all three of these documents are “government related”. The
Association argues this constitutes the third unreasonable search. Mr. Tee
maintained possession of the USB key over the course of the weekend. The
Final Report does not include an examination of any personal computer Mr. Tee
may have at home. Accordingly, the Association argues that a fourth
unreasonable search may have taken place by Mr. Tee over the course of the
weekend. On Monday, July 30, 2012, Mr. Tee inserted the USB key into his
workplace computer and again looked at Project-Consolidation.ppt and
Doc14.doc. The Association argues that this constitutes the fourth or fifth
unreasonable search. Mr. Tee then turned the USB key over for forensic
investigation. The Association argues that this constitutes the fifth or sixth
unreasonable search.
[20] Among other things, the Final Report indicates that during the forensic
investigation a file called “Issue.docx” was found on the USB key within the “New
folder” directory and that it appears to be a draft of the third anonymous email.
The Final Report also indicates that there were 106 “government related
documents” found on the USB key. They were found in the following folders
listed in the root directory: New folder; CR; TPAS TICKETS; EPS SCRIPT 2011-
2012; PCC 51; and PERSONAL. As noted, among the files described as
“government related documents” are three in the “New folder” directory accessed
by Mr. Tee when he examined part of the contents of the USB key in July, 2012:
Project-Consolidation.ppt; Doc14.doc; and MB20 Final Figures.xls.
[21] On August 1, 2013, a meeting was held with the Complainant to discuss the
results of the forensic investigation. Cedric Nazareth attended the meeting with
- 6 -
the Complainant as his Association representative. Attending on behalf of the
Employer were: Ken Kawall, Assistant Deputy Minister and Chief Information
Officer, Enterprise Financial Services and Systems; Kathy Mareski, Transition
Director; and Heather James, Human Resources Advisor.
[22] The Complainant was shown photographs of the USB key and asked if it was his.
He responded that he could not recognize it or that he did not recall. I pause
here to note that Ms. Mareski testified that during the meeting the Complainant
denied that the USB key was his. However, in cross-examination Ms. Mareski
agreed that she had read the Final Report in advance of the meeting. Certain
findings in the Final Report were reviewed with her and she agreed that she went
into the meeting convinced that the USB key belonged to the Complainant. She
agreed that notes of the meeting indicated that the Complainant’s denials were
with respect to ownership of specific documents on the USB key. However,
when asked if she agreed, therefore, that the Complainant’s denials were only
about specific documents on the USB key, and not the key itself, she testified
she saw them as one and the same. I find, notwithstanding Ms. Mareski’s
impression, the Complainant never actually denied that the USB key was his.
[23] The Complainant was then shown printouts of some of the documents found on
the USB key: his resume and passport applications for each of his two sons. The
Complainant identified these documents as being his. He was asked about a
document on the USB key: a passport application for a child which was blank.
He said it was for the son of a friend, who spent a great deal of time at the
Complainant’s house and calls him “Dad”.
[24] The Complainant testified that he was then shown printouts of documents related
to a project called MB20 and documents related to the anonymous emails. He
was asked if he recognized them. He responded no.
[25] Ms. Mareski testified that the Complainant was shown two powerpoint
presentations in relation to a current IT project called Release 12. This was not
put to the Complainant. Nothing, however, turns on this because Ms. Mareski
also testified that the Complainant was shown the MB20 excel spreadsheet. She
testified that “MB20” means Management Board 20. The spreadsheet in
question was part of a presentation to Management Board seeking approval of
funding for a certain project. Management Board approval is required for
projects at the highest level of funding. She described the document as very
sensitive and confidential. Approval is not guaranteed. If the document had
become public it might have been the source of a great deal of embarrassment to
the government. Ms. Mareski’s evidence on this point was not challenged.
[26] Following the meeting, the Complainant’s employment was terminated by letter
dated August 15, 2013, for his involvement in the creation of the anonymous
emails and because the USB key contained documents that were highly
confidential and contained prejudicial information.
[27] During his examination in chief, the Complainant was asked about the names of
the folders and files which appear on the desktop of the USB key. He was able
- 7 -
to identify most by name. Some, he said, he would have to see the actual
contents of the folder or file before he could identify them. The exception was
the folder named “New folder”. The Complainant testified that he did not
recognize it and that he always assigned names to folders when he created
them.
[28] The Complainant was also asked about a number of the specific files found on
the USB key. He identified them as relating to the following subjects: passport
applications for his sons; his Canadian passport; his Indian passport; his life time
visa for India; his certificate of Canadian Citizenship; a confirmation of permanent
residence issued by Citizenship and Immigration Canada; photographs related
to a family vacation at Horseshoe Valley Resort; documents related to his
expenses; his pay stub; his T4; an official tax receipt related to a charitable
donation; the renewal agreement in relation to his mortgage; a spreadsheet in
which he tracks claims for certain types of medical expenses on behalf of himself
and his wife; his wife’s health insurance policy; a receipt for massage therapy;
correspondence from Great West Life concerning certain health care claims;
various communications and financial statements relating to the affairs of a
condominium corporation (PCC 51) of which he is President and Treasurer;
numerous photographs of his aquarium, his wife, his children, himself (including
as a child), at least one of which he described as being of an object with religious
significance to him; a large number of videos taken by either the Complainant or
his wife; and a large number of audio files of music, including religious music.
[29] The Complainant was asked about the documents listed as “government related”
in the Final Report. He testified that virtually all of them were “test mode” related
to specific projects. There were 4 documents he said actually related to
condominium corporation PCC51. He denied any knowledge of the four
documents listed as being in the New folder directory: Personal/IT-
Consolidation.ppt; Personal/Project-Consolidation.ppt; Personal/Doc.14; and
MB20 Final Figures.xls.
[30] On the date that the USB key was found, July 26, 2012, the Complainant had not
been subject to any discipline for any reason by the Employer. He had not been
the subject of any coaching or warnings. He had never been invited to an
investigatory meeting. At no point did the Complainant expressly consent to the
inspection of the contents of the USB key by Mr. Tee or to a forensic examination
of the contents of the USB key or of his work computer.
[31] The Complainant testified that on two occasions over the course of his
employment he had received emails sent by Mr. Tee’s Administrative Assistant
(“Debbie”) with respect to lost and found items. On one occasion an email was
sent saying someone had lost a headphone; on another occasion an email was
sent saying that someone had found a phone charger. The Complainant testified
his expectation was that if someone found an item belonging to him it that it
would be returned to him. If the person could not tell to whom the item belonged,
his expectation was that the person would turn the item over to Debbie or their
manager. The Complainant conceded in cross-examination that he had never
- 8 -
reported the loss of any of his USB keys to anyone in the workplace and that
more specifically he had not asked that Debbie send out an email on his behalf.
[32] In cross-examination, Ms. Mareski testified that she had never been trained on
any policies the Employer may have with respect to the privacy rights of
employees and she was not in fact aware of any such policies. Similarly, she
testified that she had never been trained on any policies the Employer may have
with respect to the constitutional rights of employees and that she was not aware
of any such policies.
Argument for the Association
[33] The Association argues that the employer conducted five if not six unreasonable
searches of the USB key. The last of these searches was the forensic
examination of the stick; the others were conducted by Mr. Tee.
[34] The Association argues that arbitral jurisprudence, including the jurisprudence of
this Board, has clearly recognized that employees have a reasonable expectation
of privacy in the workplace. In particular, an employer cannot subject an
employee to a non-consensual search without reasonable grounds. The
Association argues the weight of arbitral jurisprudence also supports the
conclusion that evidence which has been obtained as a result of an
unreasonable search will be excluded. It cites: Puretex Knitting Co., (1979) 23
LAC (2d) 14 (Ellis); Canada Post Corp., (1990) 10 LAC (4th) 361 (Swan);
Toronto Transit Commission (Belsito), (1999) 95 LAC (4th) 402 (P. Chapman);
OPSEU v. Ministry of Government Services, (2011) 205 LAC (4th) 297 (ON GSB,
Stewart) (hereafter “OPSEU (Union), 2011”); OPSEU (Guelph) v. Ministry of
Transportation, 2002 CanLII 45813 (ON GSB) (Harris); Unifor, Local 481 v.
Saskatchewan Government and General Employees Union, (2015) 255 LAC
(4th) 353 (Ponak) (hereafter “SGEU”); Labatt Ontario Breweries, (1994) 42 LAC
(4th) 151 (Brandt); Prestressed Systems Inc., (2005) 137 LAC (4th) 193 (Lynk);
New Flyer Industries, (2003) 115 LAC (4th) 57 (J. Chapman); Toronto Transit
Commission (Collins), (1998) 80 LAC (4th) 53 (Johnston); Intercontinental Hotel,
[2011] OLAA No. 209 (Sheehan); ThyssenKrupp Elevator (Canada) Limited,
2006 CanLII 15720 (ON LRB) (Jesin); Hershey Canada, (2008) 176 LAC (4th)
170; Enwin Utilities, (2003) 114 LAC (4th) 421 (Brandt); and Securicor, (2004)
125 LAC (4th) 129 (Whitaker). The Association argues that these cases
establish that a consensus has emerged. That consensus is supported by the
recognition of a right to privacy by the Ontario Court of Appeal in Jones v. Tsige,
(2012) 108 OR (3d) 241.
[35] The Association argues that the Supreme Court of Canada has recently
recognized that the just cause and management rights provisions of a collective
agreement impose upon management a “reasonableness” requirement with
respect to surveillance and searches: Irving Pulp and Paper Ltd. v. CEP, Local
30, 2013 SCC 34. In doing so, the Association argues, the Court inferentially
recognized a right of privacy applicable to employment relationships governed by
a collective agreement.
- 9 -
[36] The Association then turns to R. v. Cole, 2012 SCC 53, to develop the content of
that right to privacy, in particular as it relates to digital technology. It argues that
in R. v. Cole, and other decisions (R. v. Fearon, 2014 SCC 77, R. v. Vu, 2013
SCC 60 and R. v. Morelli, 2010 SCC 8), the Supreme Court of Canada has
recognized that individuals have a high degree of privacy with respect to their
digital technology. The Association recognizes that R. v. Cole (and the other
cases cited) concerned the interpretation and application of section 8 of the
Charter. However, the Association notes the Supreme Court has held that the
common law should develop in a manner consistent with Charter values: Dolphin
Delivery Ltd., [1986] 2 SCR 573, cited and applied in Agrium Vanscoy Potash
Operations, (2015) 249 LAC (4th) 185 (Norman). Accordingly, the Association
argues the principles developed in R. v. Cole should be applied when
considering the content of the right to privacy applicable to employment
relationships under a collective agreement. Further, the Association argues that
R. v. Cole has been applied in just such a manner in both non-arbitral (see
TransAlta Corporation, 2014 ABCA 196) and arbitral contexts: SGEU; Agrium
Vanscoy Potash Operations; and New Brunswick v. CUPE, 2014 NBQB 34.
Particular reliance was placed by the Association on the decision of Arbitrator
Ponak in SGEU.
[37] Accordingly, the Association argues, as the USB key contained a number of
highly personal documents, the Complainant had a high expectation of privacy in
relation to it. The I&IT Policy is not sufficiently clear to diminish that expectation
of privacy.
[38] Mr. Tee’s searches of the USB key violated that expectation of privacy. There
was no basis for the searches, as the Complainant was not the subject of
investigation or suspicion prior to the searches. At no point did the Complainant
consent to the search or waive his privacy rights. The Complainant did not deny
ownership of the USB key, rather he stated that he could not confirm that it was
his. There were less intrusive options open to the Employer: having “Debbie”
send an email inviting the owner of the stick to claim it; returning the key to the
Complainant; meeting with him to discuss the concerns.
[39] The Association argues a balancing test should be applied in determining the
admissibility of evidence which engages privacy rights. That test is to be
preferred over a test based solely on relevance. The reasonableness test is
consistent with the decision of the Supreme Court of Canada in Irving. The
reasonableness test has been adopted by numerous arbitrators: Doman Forest
Products (1990) 13 LAC (4th) 275 (Vickers) and the various arbitral cases cited
above recognizing the privacy rights of employees. This includes this Board: see
OPSEU (Guelph) v. Ministry of Transportation. The Association urges the
adoption of the three step test set out in Doman Forest Products at para 32:
(1) Was it reasonable in all of the circumstances to request a surveillance?
(2) Was the surveillance conducted in a reasonable manner?
- 10 -
(3) Were other alternatives open to the company to obtain the evidence it
sought?
The Association recognizes that some arbitrators do not require the third
condition to be separately satisfied.
[40] The Association argues that on an application of a reasonableness test, the USB
key evidence should be excluded. Exclusion is the only meaningful remedy, as
has been recognized and in some instances applied by a number of arbitrators:
Securicor; Intercontinental Hotel; Prestressed; Toronto Transit Commission (P.
Chapman); Enwin Utilities; OPSEU v. Management Board Secretariat, 2003
CanLII 52975 (ON GSB) (Stewart).
[41] Finally the Association urges against the approach of permitting the evidence in
and addressing the concerns which it has raised as a matter of weight to be
given to the evidence, citing Delta Catalytic Industrial Services, (2002) 112 LAC
(4th) 72 (Surdykowski).
[42] The Association then turns to its argument based upon the Charter.
[43] The Association takes the position the search was contrary to section 8 of the
Charter.
[44] The Association argues that the onus of proving a reasonable search lies upon
the Employer: Hunter v. Southam Inc., 1984 CanLII 33 (SCC) at para 28 and 30;
R. v. Cole (SCC) at para 37.
[45] The Association argues that the search could only be lawful if authorized by law.
Acknowledging that this is a non-criminal context, the Association argues that the
necessary authorization in this case would have been pursuant to section 6.4 of
the I&IT Policy. That section permits “personal monitoring”, but only if
authorization is obtained from the Chief Administrative Officer. No such
authorization was obtained here. Even if the search was authorized in relation to
“government documents” on the USB key, the Association argues that does not
constitute authorization in relation to other documents: R. v. Jones, 2011 ONCA
632.
[46] The Association argues, therefore, that the question is whether the Complainant
had a reasonable expectation of privacy in the contents of the USB key.
Applying the totality of circumstances test used in R. v. Cole, and referring to the
cases discussed above with respect to the expectation of privacy which attaches
to digital technology, the Association argues that he does. Accordingly, the
search of the USB key breached the Complainant’s section 8 Charter rights.
[47] The Association then turns to the question of whether the evidence should be
excluded pursuant to section 24(2) of the Charter. The test to be applied is set
out in R. v. Grant, 2009 SCC 32. Reference was also made to: R. v. Harrison,
2009 SCC 34; R. v. Rocha, 2012 ONCA; R. v. Ting, 2016 ONCA 57; and R. v.
- 11 -
Newman, 2014 NLCA 48. With respect to the first part of that test, the
Association focuses on whether the breach can be said to have been committed
in good faith. It notes that Mr. Tee did not testify, and argues that therefore we
don’t know that he was acting in good faith. It argues that Mr. Tee’s repeated
searches of the USB key, with no attempt to obtain prior authorization, constitute
a flagrant breach of the Complainant’s Charter rights. The information was not
otherwise “discoverable”, as there was no basis on which to obtain authorization
to conduct the search in the first place. The right to privacy in the workplace is
well established, and Mr. Tee was or should have been aware of it. Further, the
failure of the Employer to train managers with respect to the right to privacy and
any policies which it may have in relation to the right to privacy constitutes a
systemic breach, an aggravating factor which further favours exclusion. With
respect to the second part of the test, the Association argues that there was
significant impact on the Complainant’s rights. There is a high expectation of
privacy with respect to digital technology. There were repeated intrusions upon
his rights. With respect to the third part of the test, the Association argues that
society’s interest in the adjudication of the case on the merits does not weigh
heavily for the admission of the evidence. There is no safety or security concern
as there might be in a criminal context if exclusion of evidence resulted in a guilty
party walking free. Conversely, the admission of the evidence would undermine
the integrity of the arbitration system as it would mean that an employer could
benefit from illegal conduct. Balancing all of these factors results in the
conclusion that the evidence should be excluded.
Argument for the Employer
[48] The Employer organizes its argument into three areas.
[49] First, the Employer notes that the key was found in the workplace and bore no
identifying markings. There was, the Employer asserts, a reasonable possibility
that the USB key contained government information. Accordingly, the Employer
argues, pursuant to its duties under Freedom of Information and Protection of
Privacy Act, R.S.O. 1990, c. F.31(hereafter “FIPPA”), it was required to examine
the USB key.
[50] Second, the Employer argues that the appropriate test is one of relevance, not
reasonableness. It cites Society of Energy Professionals v. Ontario Power
Generation (Scarfo), (2015) 254 LAC (4th) 223 (Surdykowski) in support of this
proposition. The evidence is clearly relevant, and thus should be admitted.
However, it argues, even on a reasonableness standard the evidence should be
admitted. The Employer argues that the Complainant’s expectation of privacy
was low. The Employer notes that this is not a criminal proceeding and that a
lower constitutional standard applies in an administrative context: Kelly v. Ontario,
2014 ONSC 3824; British Columbia Government and Service Employees’ Union
v. British Columbia (Fotheringham), (1995) 51 LAC (4th) 225 (Bruce); ATU, Local
113 v. Toronto Transit Commission (Lacaria), (2004) 126 LAC (4th) 353 (Shime);
OSSTF, District 25 v. Ottawa-Carleton District School Board (Donnnelly), (2015)
257 LAC (4th) 1 (Knopf) . It refers to various arbitral decisions holding that there
- 12 -
is in general a reduced expectation of privacy within the workplace: La-Z-Boy
Canada Ltd., (2005) 143 LAC (4th) 88 (Surdykowski); Ontario Power Generation
(Scarfo), (Surdykowski). The expectation of privacy is further reduced with
respect to items that have been abandoned: Ottawa-Carleton Public Employees
Union, Local 503 v. Ottawa (Nguyen), (2009) 181 LAC (4th) 24 (Simmons). In this
case the Employer argues that the Complainant’s expectation of privacy is
reduced because of the location in which the USB key was found, the fact that he
used it as a workplace tool, and by the terms of the I&IT Policy. It notes that the
I&IT Policy provides that Government IT resources “are to be used exclusively for
government business”. The Employer argues that this serves to distinguish this
case from R. v. Cole and SGEU, as in each of those cases the applicable policies
contemplated the incidental use of the employer’s IT resources for personal use.
The Employer argues that once the Complainant made use of his USB key for
work related purposes, it became a Government IT resource.
[51] The Employer argues that the Complainant’s conduct demonstrates that he had
a diminished expectation of privacy in relation to the USB key. He did not
password protect its contents. He used the USB key in the workplace and
intermingled work documents with his personal documents. He shared his USB
key with his colleagues. He lost his USB keys with some degree of frequency,
and yet did nothing to mark them in such a way as to identify them as his own.
He lost this USB key: this is not a case in which the Employer went looking for a
USB key to search. Finally, the Employer argues that the Complainant has been
at best equivocal about whether he owned the USB key or not, including at the
August 1, 2013 meeting during which he did not assert that he owned the USB
key. The Employer asserts that in the absence of a demonstrated ownership
interest in the USB key, the Complainant’s reasonable expectation of privacy in it
is extremely low. It cites the following cases in support of this proposition: R. v.
Belnavis, [1997] 3 SCR 341; R. v. Barnett, [2011] OJ No. 5730 (OSC); R. v. B.
(L.) (2007) 86 OR (3d) 730 (ONCA).
[52] The Employer argues that the search was reasonable. A USB key was found in
the workplace. It turned out to have highly sensitive government documents on
it. It also had personal documents on it, in breach of the I&IT Policy (the premise
of this assertion appears to be that the use of a personal USB key for work
related purposes converted it into a government IT resource).
[53] The Employer then turns to the section 8 Charter analysis. It cites R. v. Getz,
2014 SKBQ 92 (CanLII) as illustrative of how the analysis is to be applied. It
notes that the first step in the analysis is whether or not the individual had a
reasonable expectation of privacy in relation to the property searched. For the
reasons already stated, the Employer argues that the Complainant did not, or
that any such expectation was low.
[54] The Employer argues that the search was authorized pursuant to FIPPA, in the
alternative under the I&IT Policy, and in the further alternative by common or
arbitral law. The Employer argues that the reasons for Mr. Tee’s search can be
inferred from the evidence. By the time the USB key is given to Mr. Tee, it is
- 13 -
clear that there has been a prima facie breach of the I&IT Policy and that the
Employer’s obligations under FIPPA have been engaged. Mr. Tee had an
obligation to investigate. He looked at a few files and then passed the USB key
on, as he should have.
[55] With respect to section 24 of the Charter, the Employer agrees with the
Association that R. v. Grant sets out the applicable test. With respect to the first
part of that test, the Employer argues that its actions did not constitute a serious
breach of the Complainant’s Charter rights. There was nothing wilful or reckless
about the search. There was no liberty interest at stake. Unlike the police, the
Employer is not duty bound to keep the peace, and enforce the laws; rather it is
simply trying to run its operations. There is no basis for a finding of bad faith.
With respect to the second part of the test, the Employer argues that there was
minimal impact on the Complainant’s rights. There was not a high expectation of
privacy. There was nothing demeaning of the Complainant’s dignity, which is
confirmed by the failure of the Complainant to raise the issue until two years after
his discharge on the first day of the hearing. The Employer cites in this respect
R. v. Fearon at para. 96. The search was not of a dwelling house. With respect
to the third part of the test, the Employer argues that society’s interest in the
adjudication of the case on the merits weigh heavily for its admission. The
evidence is reliable and relevant. Its exclusion would “gut” the Employer’s case.
Balancing all of these factors results in the conclusion that the evidence should
not be excluded.
[56] Third, the Employer argues that in any event I should exercise my discretion
pursuant to section 48(12)(f) of the Labour Relations Act, 1995, S.O. 1995, c. 1,
Sched. A (hereafter “OLRA”) to admit the evidence. It cites: Windsor-Essex
County Health Unit, (2011) 208 LAC (4th) 392 (Williamson); OPSEU v. Ministry
of Community Safety and Correctional Services (Marshall Grievance), (2013) 232
LAC (4th) 181 (ON GSB; Abramsky); Ottawa-Carleton District School Board
(Donnelly); and Greater Niagara Transit Commission, [1987] OJ No. 835.
Analysis and Decision
R. v. Cole
[57] I find it convenient to start with a discussion of R. v. Cole. I do so for two
reasons. First, R. v. Cole considers the content of a reasonable expectation of
privacy in the informational content of digital technology for the purposes of
section 8 of the Charter. As such, it has direct relevance to the Association’s
argument that the Complainant’s rights under section 8 of the Charter have been
infringed. I also accept the Association’s argument that Charter case law may
inform the development of the common law in other areas. More specifically, I
accept that R. v. Cole is of assistance with respect to the non-Charter based
claim asserted by the Complainant in the informational content of the USB key.
[58] Second, when the decision of the Ontario Court of Appeal in R. v. Cole (2011
ONCA 218 (CanLII)) is considered along with that of the Supreme Court of
- 14 -
Canada, the case provides insight into the differences in the application of the
Charter to the actions of the state in a criminal or regulatory context and its
application to the actions of the state as an employer. I note in this respect that
all of the cases provided by the Association with respect to the application of the
Charter are criminal cases (as it candidly acknowledged). While the cases cited
by the Employer indicate that there is a difference because liberty interests are
engaged by actions of the state in a criminal context but not as an employer, they
provide no guidance as to how the Charter applies to actions of the state as
employer. Because of the seemingly different treatment by the Court of Appeal
in R. v. Cole of actions by the state as the employer and actions of the state in a
criminal law context referenced in the Supreme Court’s decision, I specifically
requested submissions on the Court of Appeal’s decision during the course of the
hearing.
[59] In R. v. Cole a school provided a teacher, Cole, with a laptop for his use in
teaching communication technology and supervising a laptop program for
students. In the course of his duties he accessed the email account of one of
his students. He found nude photographs of another student and copied them to
a hidden folder on his own laptop, called simply “New folder”. A technician was
also employed by the school. His duties included monitoring and maintaining the
integrity of the school computer network through accessing laptops of users.
This was known to Cole. In the course of his duties, the technician came across
the hidden folder on Cole’s computer, opened it and found the nude
photographs. The technician took a screen shot of the photos. He showed the
screen shot to the principal. In the course of his duties, the principal directed the
technician to access Cole’s computer again. The principal directed the
technician to copy the photos to a disc. The next day the principal asked Cole to
hand over his laptop and provide his password. Cole gave the principal his
laptop but did not provide his password, stating it was not required to access the
laptop. Another school technician was given the laptop. He searched Cole’s
computer and copied the temporary Internet files which had been in the browsing
history to a second disc: the password was not required for this search. The
Internet files contained a large number of pornographic images. The principal (or
school officials) gave the police the two discs and the laptop. The police
subsequently conducted a warrantless search of the discs and the laptop and
made a mirror image of the hard drive on the laptop.
[60] The Court of Appeal held that Cole had a reasonable expectation of privacy with
respect to the contents of the laptop, but that this expectation “was subject to the
limited right of access by his employer’s technician’s performing work-related
functions”: see OCA para. 48. The technician’s access was limited to
performance of those work-related functions. Accordingly, Cole had no
expectation of privacy with respect to the access made by the first technician,
and the right afforded by section 8 of the Charter to be secure from unreasonable
search and seizure was not engaged.
[61] By contrast, the Court of Appeal determined (without further elaboration) that
Cole did have a reasonable expectation of privacy in relation to the search
- 15 -
conducted by the principal, as it found that section 8 was engaged and
proceeded to consider whether or not the search was reasonable. The Court
concluded the search was reasonable, for reasons discussed further below.
[62] Finally, the Court of Appeal found that Cole had a reasonable expectation of
privacy in the laptop vis a vis the police and that the warrantless search was not
reasonable. The Court concluded that the disc containing the nude photographs
had been legally obtained in the first instance and that its subsequent transfer to
the police was “the functional equivalent of photographs in an envelope” not
requiring any further search by the police: para 80. The disc containing the
Internet search history was excluded pursuant to section 24(2) of the Charter,
with the option of the trial judge re-assessing its admissibility. The laptop itself
and the mirror image of the drive made by the police were excluded pursuant to
section 24(2) of the Charter.
[63] No appeal was taken to the Supreme Court of Canada from the findings of the
Court of Appeal with respect to the searches by the technician or the principal.
Further, no appeal was taken with respect to the admissibility of the photographs
on the disc transferred to the police. What was appealed was whether the
searches by the police involving the disc created by the school board containing
the Internet history, the laptop and the disc which the police created containing
the mirror image of the hard drive, breached section 8 of the Charter and if so
whether that evidence should be excluded pursuant to section 24 of the Charter.
[64] The Supreme Court re-affirmed that the “totality of circumstances” test is to be
applied to determine whether or not an individual has a reasonable expectation
of privacy for the purposes of the application of section 8 of the Charter. It
described the test as follows at paragraph 40 of its decision:
The “totality of the circumstances” test is one of substance, not of
form. Four lines of inquiry guide the application of the test: (1) an
examination of the subject matter of the alleged search; (2) a
determination as to whether the claimant had a direct interest in the
subject matter; (3) an inquiry into whether the claimant had a
subjective expectation of privacy in the subject matter; and (4) an
assessment as to whether this subjective expectation of privacy was
objectively reasonable, having regard to the totality of the
circumstances (Tessling, at para. 32; Patrick, at para. 27).
[65] In R. v. Cole, the circumstances were such that the Supreme Court concluded,
with little need for analysis, that the first three lines of inquiry should be answered
in the affirmative with respect to the search by the police: see paras. 41 - 43. I
would note that this does not vitiate the need to consider their application in
another case. The Court then turned to the fourth line of inquiry: whether the
claimant’s subjective expectation of privacy with respect to the informational
content of the device was objectively reasonable. At paragraphs 44 to 58 of its
decision the Court laid down the following principles:
- 16 -
i. There is no definitive list of factors that must be considered: see para. 45.
ii. “The closer the subject matter of the alleged search lies to the biographical
core of personal information, the more this factor will favour a reasonable
expectation of privacy”: see para. 46.
iii. The biographical core of personal information “includes information which
tends to reveal intimate details of the lifestyle and personal choices of the
individual”: para 45. Computers used for personal purposes “contain the
details of our financial medical and personal situation” (citing R. v. Morelli):
see para. 47. Browsing histories and cache files on Internet connected
devices fall at “the very heart” of the biographical core because they reveal
our “specific interests, likes, and propensities” (again citing R. v. Morelli): see
para 47.
iv. Ownership of the device is relevant but not determinative and should not be
given undue weight: see para 51.
v. The context in which the information is placed on an employer-owned
computer is significant: operational realities, practices and policies may
diminish the objectively reasonable expectation of privacy. Nonetheless,
none of these are determinative: see paras. 52 - 56.
[66] The Supreme Court’s decision makes clear that where the claim relates to the
informational content of digital technology, the ownership of the digital technology
is not determinative and the degree to which the search impinges upon the
biographical core of the claimant is an important consideration.
[67] Given that Cole conceded that the search by the technician did not violate
section 8 of the Charter, the Supreme Court declined to comment on the decision
of the Court of Appeal that no right of privacy was engaged by the inspection by
the first technician (see SCC para. 60). Accordingly, the Court of Appeal’s
reasoning on this issue remains undisturbed. There are several points made by
the Court of Appeal which are worth noting. First, the technician’s duties of
monitoring and maintaining the network gave rise to an implied right of access.
While Cole had a reasonable expectation of privacy, it “was subject to the limited
right of access by his employer’s technician’s performing work related functions”:
OCA para 48. Provided he was acting in performance of those duties, it was not
necessary for the technician to “have reasonable and probable grounds, or a
reasonable suspicion of illegal activity”. The reasonableness of such a search
was not in issue because the search was contemplated by Cole’s expectation of
privacy. Accordingly, section 8 was not engaged. See OCA reasons at paras.
53 and 54.1 Second, as noted, the performance of the technician’s duties
1 This is consistent with the decision of LaForest J. in Thomson Newspapers Ltd. v. Canada
(Director of Investigation and Research, Restrictive Trade Practices Commission), 1990 CanLII
135 (SCC), [1990] 1 S.C.R. 425 at pp. 506 and 549, discussing the different content of the
- 17 -
included locating and opening the hidden folder, called “New folder”. Once that
folder was open the nude photographs were “in plain view” and the nature of the
photographs was “readily apparent”: OCA para 57. The technician acted
reasonably in taking the screen shot and contacting the principal: see OCA para.
58. I note in this respect that this was so notwithstanding that there was no
suggestion that taking the screen shot fell within the scope of the technician’s
duties of monitoring and maintaining the network.
[68] Notwithstanding the fact that Cole also did not challenge Court of Appeal’s
decision that the subsequent search and seizure by the principal was not
unreasonable within the meaning of section 8 of the Charter, the Supreme Court
specifically agreed with certain findings of the Court of Appeal. In particular, the
Supreme Court agreed with the finding of the Court of Appeal that the search and
seizure by the principal was reasonable on the basis that there was a
“reasonable power to seize and search a school-board issued laptop if the
principal believed on reasonable grounds that the hard drive contained
compromising photographs of a student”. This power arose by “necessary
implication” from the principal’s statutory duty to maintain a safe school
environment: see SCC para. 62. Further, the Supreme Court specifically agreed
with paragraphs 64 - 66 of the Court of Appeal decision (see SCC para. 63). At
paragraph 64, the Court of Appeal had affirmed that the search related to Cole’s
Internet browsing was reasonable. The Court of Appeal noted that this search
was done on the direction of the principal as part of “investigating teacher
misconduct”. It stated:
While there was no longer any immediate threat to the school, its
students or the school's computer network, the school board had
an ongoing obligation to take steps to ensure a safe and secure
learning environment for its students and to protect the students'
privacy rights. The search of the laptop and preservation of the
evidence for an internal discipline procedure was an obvious
means to do so. Although there was no suggestion that the
images copied from the temporary Internet files depicted any
student or were obtained from the school network, presumably
they would be evidence potentially relevant to the purpose of the
appellant's possession of the student's photographs or to whether
this use of the computer contravened the school board's Policy
and Procedures Manual.
[69] In the result:
i. The same subject matter (the informational content of the laptop) gave
rise to a reasonable expectation of privacy which could be asserted
against the police and the principal, but not the technician in the
performance of his duties.
reasonableness requirement of section 8 in a criminal law context as opposed to an
administrative or regulatory context.
- 18 -
ii. The same search (inspection of that informational content) was
unreasonable when conducted by the police, but not when conducted
by the principal in the performance of his duties.
iii. This demonstrates the highly contextual nature of the analysis.
Application of R. v. Cole to USB Keys
[70] I turn now to address another aspect of the Association’s argument with respect
to the nature of the privacy interests engaged in this case.
[71] The Association equates a USB key with the computer in R. v. Cole, as simply
another form of digital technology. In R. v. Morelli, the Supreme Court
emphasized the privacy interests in the personal information to be found on
home computers. In R. v. Cole, the privacy interest in the informational content
of workplace computers used for personal purposes was recognized. The
Association notes that in R. v. Vu and R. v. Fearon, the Supreme Court extended
the logic of R. v. Morelli to cellphones, on the basis that there was no meaningful
distinction between a computer and a cellphones, because of the computing and
storage capacity which has come to characterize the latter. The Association
argues that a USB key is digital technology and so the same principles apply. In
my view this equation is not supported on the facts.
[72] In R. v. Morelli, the Court was concerned with the search and seizure by the
police of a person’s computer. At paragraph 3 it noted that this could result in
access to the entire contents of a person’s hard drive: “your emails sent and
received; accompanying attachments; your personal notes and correspondence;
your meetings and appointments; your medical and financial records; and all
other saved documents that have downloaded, copied, scanned or created”. The
Court noted that the police might also scrutinize “the electronic roadmap of your
cybernetic peregrinations, where you have been and what you appear to have
seen on the internet”. As noted in R. v. Vu, many of these characteristics are
likely to be shared by a cellphone or smart phone.
[73] A USB key, on the other hand, is storage device. It does not have independent
connectivity to the internet. I would not expect it to contain an “electronic
roadmap of … cybernetic peregrinations”, and there is no evidence in this case
that the USB key in question does. Further, a USB key has no independent
capacity to create, copy, scan, save or delete documents, and thus has no
independent usage history of such activities. It must be connected to some other
device which has the capacity to perform these functions. The user determines
what content of the other device to copy to the USB key. It is unlikely the entire
contents or usage history of the other device will be copied to the USB key.
- 19 -
[74] However, the dissimilarities between USB keys and computers, cell phones or
smartphones must not be overstated. Like a computer, cell phone or
smartphone, the storage capacity of a USB key may be immense, and this
appears to be true of the USB key in question in this case. As noted by the
Supreme Court in R. v. Vu at para. 41 and R. v. Fearon at para. 51, the scale
and variety of material which may be stored on these devices makes any
equation with, for example, a briefcase, unrealistic. Further, the fact that a USB
key is unlikely to have all of the content of some other device or devices is
because there is an element of selection involved. The content selected to be
placed on a USB key may be the most intimate and personal of files, it may be
the least or it may be some combination of the two. Finally, it may be possible to
recover files deleted from a USB key.
Non-Charter Test for Admission of Evidence
[75] There is no question that the evidence with respect to the informational content
of the USB key is relevant to the complaint before me. The legal issue is
whether otherwise relevant evidence can and should be excluded on the basis
that its admission would impinge upon the privacy interests of the Complainant
and if so when.
[76] I agree with the Association that the authorities provided establish that this Board
has recognized that individuals have an interest in protecting the privacy of
personal information in an employment context: see OPSEU (Union), 2011.
Reference might also be made to any number of decisions of this Board in which
the production of medical records is resisted on the basis that they infringe the
privacy interests of a grievor or complainant. Those cases are frequently
decided on the basis of whether or not the grievor or complainant has or has not
put a portion of their medical status in issue, thereby implicitly consenting to
release of relevant portions of their medical history. By focusing on the question
of consent, these decisions recognize the existence of privacy rights in the
workplace at least in relation to an individual’s medical history.
[77] Further, I agree with the Association that in OPSEU (Guelph), Vice Chair Harris
balanced the privacy interests of an employee against the legitimate interests of
the employer in determining whether or not to exclude otherwise relevant
evidence pursuant to the discretion afforded him by section 48(12)(f) of the
OLRA. Vice Chair Harris declined to be drawn into the “talmudic vortex” of the
debate about whether or not there is a right to privacy in the workplace. I pause
to note that I agree with the Association that subsequent to Vice Chair Harris’
decision this debate has been largely decided in the affirmative by the Ontario
Court of Appeal in Jones v. Tsige, and that in any event this Board has now
recognized a right to privacy, as noted above. Rather, Vice Chair Harris adopted
a “labour-relations centred approach”. He cited with approval the decision of
Arbitrator Albertyn in CUOE v. Centenary Health Centre (Ahluwalia), (1999) 77
LAC (4th) 436, which in determining whether or not to admit covert surveillance
evidence held: “Boards of arbitration should … not condone conduct which
serves to undermine the trust and the good faith foundation of efficacious labour
- 20 -
and employment relationships unless there is good reason to do so.” He also
cited with approval the following portion of the decision of Arbitrator M. Picher in
BMWE v. Canadian Pacific, (1996) 59 LAC (4th) 111:
… Part of the bargain in many contemporary employment relationships
involves the payment by the employer or its insurance carrier of sickness
benefits or other forms of insurance or indemnities, short term or long
term, when an employee is incapacitated by illness or injury. An
employer obviously has a legitimate interest in preventing abuse of that
system of employee protection by those who would advance fraudulent
claims.
That interest must be fairly balanced with what is becoming recognized
as the employee’s interest in a respect for his or her personal privacy the
employer’s interest does not extend to justifying speculative spying on an
employee whom the employer has no reason to suspect will be
dishonest. As a general rule, it does not justify a resort to random
videotape surveillance in the form of an electronic web, cast like a net, to
see what it might catch. Surveillance is an extraordinary step which can
only be resorted to where there is, beforehand, reasonable and probable
cause to justify it. What constitutes such cause is a matter to be
determined on the facts of each case. As well, the method and extent of
such surveillance must be appropriate to the employer’s purpose, and
not excessive or unduly intrusive. A legitimate interest in an employee’s
physical condition might not, for example, justify the covert examination
of his or her bank records or other personal information.
In my view, in a case such as this, in considering the admissibility of
videotape evidence acquired in the course of surreptitious surveillance,
the appropriate test involves a two-part analysis.
1. Was it reasonable, in all of the circumstances, to undertake
surveillance of the employee’s off-duty activity?
2. Was the surveillance conducted in a reasonable way, which is not
unduly intrusive and which corresponds fairly with acquiring information
pertinent to the employer’s legitimate interests?
This approach, diligently applied, should protect reasonably against the
possible abuse of the right of an employer to resort to surveillance of its
employees, in a manner consistent with the obligation which boards of
arbitration have to safeguard the integrity of their own procedures, and
the credibility of the arbitration process generally.
[78] On the facts before him Vice Chair Harris concluded that it was reasonable for
the employer to have engaged in the surveillance, which was of off duty conduct.
The evidence was held admissible. The decision contains no discussion of the
extent of the privacy interest of the Complainant.
- 21 -
[79] It is interesting that OPSEU (Guelph) does not appear to been cited in any other
decision of this Board. The issue of whether the Board should apply a
reasonableness test when privacy interests are engaged to exclude otherwise
relevant evidence has been raised in other proceedings before this Board, but
not decided: see Ontario Public Service Employees Union v. Ontario (Ministry of
the Attorney General), 2004 CanLII 55312 (ON GSB) (Abramsky); and
Amalgamated Transit Union, Local 1587 v. Ontario (Metrolinx - GO Transit),
2010 CanLII 68772 (ON GSB) (Mikus). However, in Ontario Liquor Boards
Employees' Union v. Ontario (Liquor Control Board of Ontario) (Goncalves), 2005
CanLII 55216 (ON GSB) (Carrier) the issue was both raised and decided. In that
case, Vice Chair Carrier also adopted a reasonableness test, citing extensively
and agreeing with the analysis of Arbitrator Shime in Toronto Transit Commission
and Amalgamated Transit Union, Local 111 (Russell), 88 L.A.C. (4th) 109.
However, Vice Chair Carrier found that the circumstances before him were such
that there was a low reasonable expectation of privacy and admitted the
evidence.
[80] Thus, there are at least two decisions of this Board which have adopted a
reasonableness test in relation to the admissibility of otherwise relevant evidence
which engages the privacy interests of the Complainant. Application of the Blake
principle means that in my capacity as a Vice Chair of this Board I am required to
follow these decisions, unless “exceptional circumstances” have been
established.
[81] Without alluding to the Blake principle, the Employer relies upon the decision of
Arbitrator Surdykowski in Ontario Power Generation (Scarfo) to argue that the
appropriate test is relevance. Counsel cites paragraph 21 of that decision in
support of the assertion that Arbitrator Surdykowski rejected a reasonableness
test.
[82] In paragraph 21, Arbitrator Surdykowski states:
It is neither useful nor appropriate to conflate the reasonableness of
conduct with relevance as the test for admissibility. The well-established
test for the admissibility of evidence in a grievance arbitration proceeding
is arguable relevance. I disagree with the suggestion that there is a
“reasonableness” test for admissibility in cases in which privacy concerns
are raised. Evidence is either arguably relevant or it is not. This threshold
is low, but it is real. .…
[Emphasis supplied]
The key word in this paragraph is “conflate”. It is crystal clear from reading the
balance of the decision that while Arbitrator Surdykowski considers relevance to
be the first step in the analysis, the second step is reasonableness: see paras.
22, 23 and 24. Thus, contrary to the suggestion of the Employer, Arbitrator
Surdykowski concludes that where the right to privacy is engaged a
- 22 -
reasonableness test will be applied to determine whether to exclude otherwise
relevant evidence.
[83] Similar conclusions have been reached in any number of decisions by arbitrators
not sitting as Vice Chairs of this Board, many of which were referred to by the
Association in its submissions. I conclude that the Employer has not
demonstrated any basis for departing from the approach previously taken by this
Board in OPSEU (Guelph) v. Ministry of Transport and Ontario Liquor Boards
Employees' Union v. Ontario (Liquor Control Board of Ontario) (Goncalves):
otherwise relevant evidence may be excluded where a privacy interest of an
employee has been engaged and the legitimate interests of the employer do not
on balance compel its admission. Further, I agree with Vice Chair Harris that the
authority for this exclusion is the exercise of the discretion afforded to arbitrators
by section 48(12)(f) of the OLRA.
[84] Before leaving this discussion of the nature of the reasonableness test, I note
that the nature of the privacy interest of the employee and the legitimate interest
of the employer must each be considered. Some interests are greater than
others. The nature of the search undertaken is also relevant. See for example
Labatt Ontario Breweries at para. 37. I agree, however, with those arbitrators
who have declined to hold that an employer is required to prove that other
alternatives have been exhausted before the search was undertaken: Toronto
Transit Commission (Collins) per Arbitrator Johnston at paras. 41-43;
Intercontinental Hotel, per Arbitrator Sheehan, at para. 30. As stated by
Arbitrator Whitaker, in Securicor at para. 73: “This requirement would
undoubtedly in some circumstances amount to an artificial and formalistic
barrier.”
The Privacy Interest of the Complainant in the USB key
[85] Does the Complainant have a privacy interest in the USB key, and if so what is
the extent of that interest? I find it useful to refer to the totality of circumstances
test applied by the Supreme Court in R. v. Cole. As noted by the Court, the test
is one of substance not form. The test itself is described in somewhat greater
detail in R. v. Patrick, [2009] 1 SCR 579, 2009 SCC 17 (CanLII) as follows (at
para. 27):
On the facts of this case, we need to address:
1. What was the nature or subject matter of the evidence gathered by
the police?
2. Did the appellant have a direct interest in the contents?
3. Did the appellant have a subjective expectation of privacy in the
informational content of the garbage?
- 23 -
4. If so, was the expectation objectively reasonable? In this respect,
regard must be had to:
a. the place where the alleged “search” occurred; in particular,
did the police trespass on the appellant’s property and, if so,
what is the impact of such a finding on the privacy analysis?
b. whether the informational content of the subject matter was in
public view;
c. whether the informational content of the subject matter had
been abandoned;
d. whether such information was already in the hands of third
parties; if so, was it subject to an obligation of confidentiality?
e. whether the police technique was intrusive in relation to the
privacy interest;
f. whether the use of this evidence gathering technique was
itself objectively unreasonable;
g. whether the informational content exposed any intimate details
of the appellant’s lifestyle, or information of a biographic
nature.
[86] It is apparent that the factors identified by the Supreme Court as relevant to the
objective reasonableness of a subjective expectation of privacy for the purposes
of section 8 of the Charter are among those identified by arbitrators as relevant in
determining the reasonableness of an employer search or surveillance which
engages the privacy interests of an employee. Indeed, one way of thinking
about the balancing approach to the exclusion of otherwise relevant evidence in
arbitration proceedings is that such evidence is excluded if it engages a
reasonable expectation of privacy, but that such an expectation of privacy is one
which is subject to reasonable searches by the employer. For present purposes,
however, I prefer to deal with the reasonableness of the Employer’s search
separately from other components of the Complainant’s expectation of privacy. It
will be addressed below.
[87] The Association places particular reliance upon Arbitrator Ponak’s decision in
SGEU, which considers the Supreme Court’s decision in R. v. Cole in an arbitral
context for the purposes of determining the extent of an employee’s privacy
interest for the purposes of a non-Charter balancing of interests. I turn to that
decision now.
[88] In SGEU, the employer had cause to be concerned that an employee was
affiliated with a biker gang. Such an affiliation would have prevented him from
performing his job duties, which involved representing SGEU members employed
- 24 -
at provincial correctional facilities. The employee denied that he had any such
affiliation. The Province then advised the SGEU that it had received a letter from
a police force outlining criminal activity and involvement in organized crime on
the part of the employee. The Province also indicated that as a result it was
denying the employee access to all provincial correctional facilities immediately.
The SGEU’s director of human resources had its IT department give her access
to the employee’s work email account. In reviewing the emails she found
thousands of deleted emails between the employee and his wife. She did not
read the emails but opened photos attached to the emails. She found pictures
which caused her to believe that the employee had lied when denying that he
was affiliated with biker gangs. The employee was terminated. A grievance was
filed. The employer sought to rely upon the emails between the employee and
his wife. The union objected to their admission on the basis that they constituted
an intrusion upon his privacy rights.
[89] Quoting extensively from the Supreme Court’s decision in R. v. Cole with respect
to the employee’s expectation of privacy in the informational content of digital
technology, Arbitrator Ponak considered whether the emails should be excluded.
He noted that the SGEU had a detailed IT use policy which clearly stated that
SGEU’s resources were to be used for SGEU business, that any and all files and
messages were the property of the SGEU and that employees should not expect
their communications to be either confidential or private. Arbitrator Ponak noted,
however, that the policy did not completely prohibit personal use of the email
system. As argued by the Employer, this serves to distinguish the IT policy in
that case from the one before me. It is, however, a distinction without a
difference. As Arbitrator Ponak noted at para. 34:
The point is, the SGEU’s strong IT policy pronouncements
notwithstanding, inevitably some personal emails will be sent and
received on the SGEU’s system. It is a fallacy to believe it might be
otherwise. Given that it is unrealistic to expect that the SGEU email
system to be entirely free of employee personal emails, can the
SGEU still claim the right to examine these emails at will?
Regardless of what its policy says, the answer must be no.
Employees do not automatically lose any right to privacy simply
because they happen to send or receive a personal email on the
employer’s email system. Cole is clear in this regard when it says
that “written policies are not determinative of a person's reasonable
expectation of privacy” (paragraph 53). Neither is ownership as
long as it is unreasonable to expect that no personal emails will find
their way onto a business email system (Cole, paragraph 51).
Employees know that there will be at least some leakage of their
personal emails onto the SGEU system; this fact translates into
some expectation of privacy (Cole, paragraph 58).
[90] I agree with this analysis. Regardless of what the I&IT Policy says, I reject the
argument advanced by the Employer that the fact the Complainant used his
personal USB key as a government resource means he loses any expectation of
- 25 -
privacy with respect to personal information on that key. The I&IT Policy served
to diminish the expectation of privacy, but it did not eliminate it. There are,
however, other features which distinguish SGEU from this case.
[91] As noted, in SGEU the subject matter of the impugned search was the personal
emails between the grievor and his wife. Arbitrator Ponak noted “personal
communications between a husband and wife are, by definition, among the most
intimate and personal of all communications” (at para. 37). Presumably for this
reason, Arbitrator Ponak did not expend any further time addressing the first
three lines of inquiry in the totality of circumstances test. There was no doubt
that the grievor had a direct interest in the informational content of the emails and
that he had a subjective expectation of privacy in that informational content. The
same cannot be said in this case.
[92] In this case, the Association effectively asserts the Complainant has a privacy
interest in the entire informational content of the USB key. It asserts that the first
unreasonable search occurred when Mr. Tee opened the USB key at all. The
Association seeks to rely on the personal nature of some of the information on
the USB key to establish a significant privacy interest of the Complainant in all of
the information on the USB key, and specifically in information of which he
disavows any knowledge.
[93] I accept that the Complainant has a privacy interest in relation to at least some of
his personal files on the USB key. While the subject matters of these files vary,
clearly he had a direct interest in all of them. It is less clear that he had a
subjective expectation of privacy with respect to them all. Rather, they appear to
me to fall within a continuum: the Complainant’s subjective expectation of privacy
in the spread sheet he created for his passwords is obvious; less so in the
photographs which he showed to co-workers in the office; perhaps even less with
documents which are copies of documents he would expect to use or distribute
and likely did use or distribute such as his passport. Unlike the computer in R. v.
Cole, there is no suggestion that the USB key contained a record of Internet
search history, highly revealing of personal interests and preferences. Unlike the
emails in SGEU, the nature of the documents is not such as to give rise to a
presumption of highly personal intimate communications between spouses.
[94] The greater difficulty is that the USB key does not only contain information
personal to the Complainant. It also contains government data files and
documents related to the anonymous emails. As noted, the Complainant testified
most of the government related documents were “test mode”. His evidence was
not contradicted. For the purposes of this decision, therefore, I accept that these
documents contained “made up” data. Nonetheless, it is clear that the subject
matter of these files is work related. The interest of the Complainant, while direct,
is similarly work related. He had no subjective expectation of privacy in these
files: they were created to be shared and were in fact shared with co-workers.
Nor would any such interest be objectively reasonable. Further, it is clear that in
transporting these test mode documents on his personal USB key, he was
choosing to use it for a work related purpose.
- 26 -
[95] The Complainant denies any knowledge in four of the documents identified as
“government related” by the Final Report. While there is no other evidence
before me with respect to the content of three of those documents, one of them,
MB 20 Final Figure.xls, was viewed by Ms. Mareski and identified by her as
being a highly sensitive proposal to Management Board. The Complainant also
denies any knowledge in the documents found on the USB key related to the
anonymous emails. I am hard pressed to see how the Complainant can assert
any privacy interest with respect to documents of which he denies any
knowledge: MB 20 Figure.xls and the documents related to the anonymous
emails.
[96] In the result, the USB key contains files or documents in which the Complainant
has a reasonable expectation of privacy (albeit not as pronounced as in R. v.
Cole or SGEU) but also contains files or documents in which the Complainant
has no reasonable expectation of privacy at all. The difficulty, of course, is that
viewing the contents of the USB key for the purposes of examining the files in
which the Complainant has no reasonable expectation of privacy inevitably gives
rise to the prospect of viewing files or documents in which he does. This will be
particularly so if, for example, the precise location of a work file is unknown or
uncertain.
[97] In these circumstances, the Complainant’s expectation of privacy yields to the
interests of the Employer in at least two ways. The first is that because of its
use for work related purposes, the Complainant’s expectation of privacy in
relation to the USB key is subject to a limited right of access of the Employer
related to monitoring its use for those work related functions. This is analogous
to the situation addressed by the Court of Appeal in R. v. Cole in relation to the
search by the technician. To be clear, this is a fact specific determination. I do
not suggest, for example, that work related use will always be a pre-condition for
a search. For example, in workplaces characterized by highly sensitive and
confidential information with express and enforced policies prohibiting personal
IT devices in the workplace, the mere fact of bringing a personal IT device into
the workplace might make any reasonable expectation of privacy subject to the
right of an employer to search it. In any event, the merits and parameters of
such a right of access need not be determined in this case. The search of the
USB key was not occasioned by its use in the performance of work related
functions; there was no outright ban on bringing personal IT devices into the
workplace or warning that devices brought into the workplace would be subject to
search; nor is it clear that such a ban or warning would be reasonable given the
characteristics of the workplace.
[98] The second is that while the use of a private USB key for work related purposes
diminished the Complainant’s reasonable expectation of privacy with respect to
the contents of the USB key, it did not extinguish it entirely. The mixed contents
of the USB key are, however, a factor to be considered under the
reasonableness of the search. This is analogous to the situation addressed by
the Supreme Court in R. v. Cole in relation to the search by the principal. This is
- 27 -
the basis on which I will proceed. Before doing so, however, I wish to comment
on some of the other arguments made with respect to the expectation of privacy
in this case.
[99] The Employer argues that “location matters”. It cites several cases for the
proposition that employees have a diminished expectation of privacy once they
enter the workplace compared to their private lives: Ottawa-Carleton District
School Board; La-Z-Boy Canada Ltd.; Society of Energy Professionals v. Ontario
Power Generation (Scarfo). Each of these cases was concerned with
surveillance of the activities of an employee in the workplace through
observation. I accept the proposition that the reasonable expectations of privacy
of an individual with respect to his or her observable activities is diminished while
at work. It does not follow, however, that reasonable expectations of privacy with
respect to personal items is by diminished simply because they have been
brought to work. As applied to this case, the mere fact that a personal USB key
is brought to the workplace by an employee does little if anything to diminish the
reasonable expectations of privacy which the employee has in the informational
content of the USB key.
[100] The Employer argues that the use of the USB key for work related purposes had
the effect of transforming it into a government resource. As such, the Employer
argues it was subject to monitoring in accordance with its I&IT Policy. The
“transformation” argument is, in my view, misconceived. It is at odds with the
analysis of the Supreme Court in R. v. Cole as discussed above. If personal
information on a digital device owned and supplied by an employer may attract a
reasonable expectation of privacy, I fail to see how personal information on
digital device supplied by the individual loses the expectation of privacy merely
because the device was also used for a work related purpose. To be clear, it
also cannot be the case that a work related use of personal digital device is
completely insulated from review by the mere fact that the employee has a
privacy interest in relation to other informational content on that device. I will
address this further below under the subject of the reasonableness of the search.
[101] The Employer argues that the USB key was abandoned. I do not agree. As
stated by the Supreme Court in R. v. Patrick at para. 25:
Abandonment is … an issue of fact. The question is whether the claimant
to s. 8 protection has acted in relation to the subject matter of his privacy
claim in such a manner as to lead a reasonable and independent observer
to conclude that his continued assertion of a privacy interest is
unreasonable in the totality of the circumstances.
[102] In that case, the mere fact that the accused had deliberately placed material in
garbage bags at the curb for pick up was not sufficient to give rise to the
conclusion that he had “abandoned” any interest in the informational content of
that material without consideration of the totality of the circumstances. In
Ottawa-Carleton Public Employees Union, Local 503 (Nguyen), Arbitrator
Simmons considered the deliberate actions of the grievor in leaving her bags
- 28 -
unattended in an area which was signed with warnings not to do so, and the fact
that the employer had provided lockers for personal items, before concluding that
the grievor had “relinquished her right to privacy” in those bags: see para 38. In
this case, the Complainant did not deliberately leave his USB key anywhere for
disposal. He simply lost it. It is not reasonable to conclude that he thereby gave
up the right to assert a privacy interest in its contents.
[103] The Employer relies upon the fact that the USB key was not password protected.
As the Association noted, in R. v. Fearon, the Supreme Court had this to say
about the argument that the protection afforded to cell phones by section 8 of the
Charter varied depending on whether or not it was password protected (at para.
53):
I would not give this factor very much weight in assessing either an
individual’s subjective expectation of privacy or whether that expectation is
reasonable. An individual’s decision not to password protect his or her
cell phone does not indicate any sort of abandonment of the significant
privacy interests one generally will have in the contents of the phone.
So here, I attach very little weight to the fact that the USB key was not password
protected.
[104] The Employer asserts that in the absence of a demonstrated ownership interest
in the USB key, the Complainant’s reasonable expectation of privacy in it is
extremely low. In my view, this argument is entirely misdirected. The
Complainant’s privacy interest attaches not to the key, but to the informational
content of the key (or most of it, as discussed above). While the Complainant
stated during the August 1, 2013 meeting that he could not be sure whether the
key itself belonged to him without seeing the key and opening it, he never
disavowed an interest in the personal information found on the key. On the
contrary, he immediately identified the documents shown to him as being his,
other than the MB20 document and documents related to the anonymous emails.
The ownership of the key is of limited relevance. If, for example, a third party
had, without his permission, copied the Complainant’s files to another key, the
Complainant’s privacy interest in the informational content of those files would
remain the same, notwithstanding that he did not own the key on which they
were now found. Indeed, this is clear from R. v. Cole. Cole retained a privacy
interest in the informational content of the internet search history on his work
supplied laptop notwithstanding that information had been copied to a disc.
[105] The Employer argues the fact that the Complainant did not place any identifying
markings on the USB key and the fact that the Employer did not go looking for
the USB key to search, rather it examined an unidentified USB key which had
been found, serve to diminish the Complainant’s privacy interests. For
essentially the reasons already stated, I do not agree that these facts are
relevant to the Complainant’s privacy interest. That interest is with respect to the
informational content of the USB key. These facts are, however, relevant to the
reasonableness of the Employer’s search. I turn now to that issue.
- 29 -
Reasonableness of the Search
[106] The onus of proving that the search was reasonable lies upon the employer:
Toronto Transit Commission (Belsito) at para. 83.
[107] The Association asks that I draw an adverse inference from the failure of Mr. Tee
to testify. Mr. Tee’s failure to testify is unexplained. I agree with the Association
that I should draw an adverse inference as a result. However, an adverse
inference does not exist at large. It must be an inference that can be reasonably
drawn based on the evidence heard in respect of an issue of significance. Thus,
for example, in the face of conflicting evidence of two parties, the failure of a
party to call a witness who could corroborate their evidence permits the inference
to be drawn that the witness’ evidence would not have in fact supported the
party. In this case, the evidence with respect to Mr. Tee’s actions consists
primarily of the Final Report, and to a lesser extent the evidence of Ms. Rosenow
and the Complainant. There is no conflict in this evidence, as discussed below.
[108] With this in mind, I proceed to review the relevant evidence.
[109] On Thursday July 26, 2012, a USB key bearing no identifying marks was found
on the Employer’s premises. It was given to Ms. Rosenow, who decided to insert
the USB key into her computer and examine its contents. Whether or not it was
reasonable for her to do so (and I note that the Association has not asserted that
it was not), Ms. Rosenow was not a member of management and there is no
suggestion that she was acting on behalf of management. Ms. Rosenow viewed
several files. She then gave the USB key to Mr. Tee. In doing so, she told Mr.
Tee essentially two things: the USB key appeared to contain files personal to the
Complainant; and the USB key contained what appeared to her to be
government files.
[110] On Thursday July 26, 2012, Mr. Tee inserted the USB key into his computer.
The Association states this constituted the first unreasonable search. The
Association argues that given the information Mr. Tee had received from Ms.
Rosenow he knew or ought to have known that the USB key contained files
belonging to the Complainant. Given this, he should have had “Debbie” send out
an email inviting the owner to claim the USB key, turned the key over to the
Complainant, invited the Complainant to sit with him while he examined it further,
or sought authorization from someone higher up before doing so. I disagree.
The ownership of the USB key and the files on it was not clear. Further, Mr. Tee
had been told that the USB key contained not only personal files, but what
appeared to be government files. The unauthorized presence of government
data files on the USB key would have constituted a significant breach of the
Employer’s legitimate interests and provided grounds for Mr. Tee to examine the
USB key to confirm whether or not this was the case. The Complainant himself
testified that it would be improper to copy government data files to a personal
USB key without prior authorization. The Employer has a right to manage its
workplace. Mr. Tee would have been acting within the scope of this authority in
- 30 -
investigating possible misconduct. He would not have been engaged in a
speculative search of the USB key. Rather he would have been responding to
specific information that the USB key appeared to contain government files.
[111] The Association argues that Mr. Tee knew that the Complainant used a USB key
for the purposes of transporting government data files and thus the presence of
such files on the USB key was not grounds for reasonable suspicion of
impropriety. I disagree. The only basis for this assertion is the Complainant’s
evidence that on one evening, some two years earlier, he had worked on a
project from his home. Since he was reporting to Mr. Tee over the course of that
evening, and since “test mode” data was not available over the VPN, the
Complainant asserted that Mr. Tee must have known that he had used a USB
key to transport test mode data home. I am not prepared to infer from this that
Mr. Tee must have known the Complainant was using a personal USB key for
this purpose on a regular and ongoing basis, and continued to do so two years
later. Further, and in any event, Ms. Rosenow did not tell Mr. Tee that the file in
question was “test mode” data. Rather, she indicated that it had a long name
which she could not understand and that it appeared to her to be a government
file.
[112] When Mr. Tee inserted the USB key into his computer he would have seen the
“desktop” or root directory. The Association notes that the name of one of the
files in the root directory includes the Complainant’s name: Travel Reservation
Number 28 for BHATTACHARYA.pdf. At this point, the Association argues, it
should have been clear to Mr. Tee that the USB key belonged to the
Complainant. Accordingly, the Association argues, when Mr. Tee proceeded to
open files he engaged in the second unreasonable search. I disagree. The root
directory of the USB key contained the names of a large number of directories
and files, not all of which on their face appeared to relate to the Complainant.
The ownership of the USB key and the files on it remained unclear. The files
which Mr. Tee opened were not manifestly personal to the Complainant. Rather
Mr. Tee opened the following files: “Surender Saini Resume.doc.docx” and
“430160 [long series of number omitted]_n.jpg”, both of which were located in the
root directory, and “MB20 Final Figures.xls”, which was located the “New folder”
directory. The Complainant testified that the first of these documents was a
resume of a friend, the second was something that someone in his family had
downloaded from the Internet. The third document is one of which the
Complainant disavows any knowledge. It is also the document which Ms.
Mareski identified as being a highly confidential and sensitive submission to
Management Board. Given that the USB key contains over a thousand files, and
yet Mr. Tee accessed this document on the very first occasion on which he
opened files, it appears reasonable to infer that Ms. Rosenow specifically
identified this document and its location to Mr. Tee.
[113] On Friday July 27, 2012, Mr. Tee inserted the USB key into his workplace
computer again and looked at eleven documents. The Association argues this
constitutes the third unreasonable search. I disagree. At this point, it would have
been clear to Mr. Tee that the USB key contained at least one document which
- 31 -
did not just appear to be a government file, but was in fact a highly confidential
and sensitive government file. Its presence on the USB key was unauthorized
and thus misconduct. Mr. Tee would have been justified in continuing to gather
evidence in aid of prospective discipline. The investigation was minimally
intrusive. The documents at which Mr. Tee looked were located in the root
directory, except “oci-brochure.pdf” which was located in the “OCI
REGISTRATION” directory, and three documents in the “New folder” directory.
With one exception, there was nothing in the names of the files looked at or in
the directory name “OCI REGISTRATION” which suggested personal details of
the Complainant’s life might be contained therein. The one exception was Travel
Reservation Number 28 for BHATTACHARYA.pdf. I infer that Mr. Tee looked at
this document in order to confirm the USB key had a connection to the
Complainant. The name of this file does not suggest that it would contain highly
personal or intimate information about the Complainant, and in fact it does not.
Rather it is a flight itinerary for the Complainant, his wife and two sons for a trip to
India from November 28 to December 30, 2012. The three documents Mr. Tee
looked at in the “New folder” directory were: Project-Consolidation.ppt;
Doc14.doc; and MB20 Final Figures.xls. As already noted, the Complainant
disavows any knowledge of these documents and can assert no privacy interest
in them. All three of these documents are identified in the Final Report as
government related.
[114] Mr. Tee maintained possession of the USB key over the course of the weekend.
The Final Report does not include an examination of any personal computer Mr.
Tee may have at home. Accordingly, the Association argues that a fourth
unreasonable search may have taken place by Mr. Tee over the course of the
weekend. I am not persuaded by this argument. There is no evidence to support
it.
[115] On Monday, July 30, 2012 Mr. Tee inserted the USB key into his workplace
computer and again looked at Project-Consolidation.ppt and Doc14.doc. The
Association argues that this constitutes another unreasonable search. I
disagree. The Complainant disavows any knowledge of these documents and
can assert no privacy interest in them.
[116] Mr. Tee then turned the USB key over for forensic investigation. The Association
argues that the forensic investigation constitutes a further unreasonable search.
[117] In my view, it is reasonable to infer that Mr. Tee’s actions of handing the USB key
over for forensic investigation was done in furtherance of the investigation of
misconduct. This was reasonable, done within the scope of the Employer’s
authority and in furtherance of its legitimate interests.
[118] Before turning to the subsequent forensic investigation, I will address some other
issues relevant to the reasonableness of the search conducted by Mr. Tee.
[119] The Association argues that the search conducted by Mr. Tee was “speculative”
and constituted “rummaging around” on the USB key. It asserts that if Mr. Tee
- 32 -
had been interested in finding files which might contain government data, he
would have or should have searched directories which appeared to be work
related, such as EPS, TPAS or CR. I do not find this a persuasive argument. As
noted in R. v. Vu, in discussing whether search warrants issued in relation to
computers should set out detailed conditions under which the search might be
carried out, such an approach does not reflect the reality of computers: see
paras. 57 and 58. Given the ease with which files can be misfiled or hidden on a
computer, it is difficult to predict where a file relevant to an inquiry will be found.
It may be filed within a directory bearing a related name, but if the intention is in
fact to hide the file it is unlikely that it will be. Further, the type of file, as
identified by the filename extension, is not a guarantee of contents. A
photograph, for example can be embedded in a Word document. Provided that
the Employer had reasonable cause to view the contents of the USB key in the
first place (as I have found there was in this case), an employee who uses the
same key for both personal and work related purposes creates and thereby
assumes the risk that some of their personal documents may be viewed in the
course of an otherwise legitimate search by the employer for work related files or
documents.
[120] In any event, in total Mr. Tee looked at 12 files out of what appears to be over a
thousand on the USB key. Of the files he looked at, three are “government
related documents” in the “New folder”, of which the Complainant disavows any
knowledge and has no privacy interest. As discussed above, with one exception,
the file names of the remaining nine files did not suggest a personal connection
to the Complainant. It is also notable that Mr. Tee did not look into any of the
following directories: 2011-01-01; AUDIO ONLY; Canadian Passport; CR;
DATALOADER SPREAD SHEET; EPS SCRIPT 2011-2012; HORSESHOE
ADVENTURE; IMP DOCS SCAN; INSURANCE; JOBS; MY AQUARIUM
MARCH 2012; Ottawa March 2012; PERSONAL; PR CARD RENEWAL;
SUMMER 2011; T4A; TORONTO ZOO APRIL 2012; TPAS TICKETS; and
VIDEO or most of the files found in the root directory. He opened the PCC 51
directory, where he would have seen various file names, but did not actually
open any of the files contained in the directory. Similarly he opened the JOBS
directory, where he would have seen various file names, but did not actually
open any of the files contained in the directory. This cannot be described as
“rummaging”. Rather it was minimally intrusive.
[121] As noted, in R. v. Patrick the Supreme Court identified “whether the informational
content exposed any intimate details of the appellant’s lifestyle, or information of
a biographic nature” as a relevant factor in determining whether or not there is a
reasonable expectation of privacy. I understand the focus here to be on what
information was actually exposed, not what information might have been: see R.
v. Tessling, [2004] 3 S.C.R. 432, 2004 SCC 67 at para. 59 - 62; see also R. v.
Fearon at para. 54 and R. v. Vu at para. 72. As also noted above, in R. v. Cole
the Supreme Court gave further guidance as to the type of information on digital
technology which is particularly sensitive. For ease of reference, I reproduce my
summary from earlier in this decision of the Court’s statement on this issue:
- 33 -
The biographical core of personal information “includes
information which tends to reveal intimate details of the lifestyle
and personal choices of the individual”: para 45. Computers used
for personal reasons “contain the details of our financial medical
and personal situation” (citing R. v. Morelli): see para. 47.
Browsing histories and cache files on Internet connected devices
fall at “the very heart” of the biographical core because they reveal
our “specific interests, likes, and propensities” (again citing R. v.
Morelli): see para 47.
[122] The informational content of the directories and files in which the Complainant
asserts a privacy interest and which were actually viewed by Mr. Tee is as
follows:
• “430160 [long series of number omitted]_n.jpg”. This is a “joke” downloaded
from the internet. As such, it may tend to reveal the specific interests, likes
and propensities of the Complainant. However, the Complainant testified that
he did not download the file in question, rather someone in his family did and
placed it on his USB key.
• “Surender Saini Resume.doc.docx”. The Complainant testified that this the
resume of a friend. As such it reveals little if anything about the biographical
core of the Complainant
• “Project-Consolidation.ppt”. The Complainant testified that he did not
recognize this document. It appears to be a power point presentation with
respect to Ministry of Government Services Project Management Office
Consolidation Proposal. It appears, therefore, to be a public document. In
any event, it contains no personal information in relation to the Complainant.
• “OCI REGISTRATION/oci-brochure.pdf”. This is a brochure with respect to
the procedure to apply to the government of India for registration as an
“Overseas Citizen of India”. At most its presence on the USB key reveals that
the Complainant had or was considering doing so.
• “User Name.xls”. This is an excel spreadsheet created by the Complainant
on which he has recorded his user name and related passwords for various
“instances”. The instances all appear to be work related. In any event, the
passwords, sensibly, are not set out in full. While the information is clearly
personal and intended to be confidential, it reveals nothing about the “intimate
details of the lifestyle and personal choices” of the Complainant, or any other
aspect of his biographical core.
• “Project.xls”. This is an excel spreadsheet, created by the Complainant on
which he has recorded the bi-weekly expenses of his family. Viewing this
document does trench upon the biographical core of the Complainant.
Having said that, I note again that the name of the document contains no clue
as to its contents.
• “executive-summary.pdf”. This appears to be a copy of the Executive
Summary of the report produced in 2012 by the Commission on the Reform of
Ontario’s Public Service. It is a public document. It reveals nothing about the
biographical core of the Complainant other than some interest in the report of
that Commission.
- 34 -
• “Heritage_Tool_Kit_POW.pdf”. The full title of the document is “Ontario
Heritage Tool Kit: Heritage Places of Worship: A Guide to Conserving
Heritage Places of Worship in Ontario Communities”. It is a publication of the
Ministry of Tourism and Culture. It is, therefore, a public document.
Arguably, its presence on the USB key reveals something of the “specific
interests” of the Complainant. However, it is important to realize that it is a
stand alone document. It cannot be equated to an internet search history
which will provide many data points as to an individual’s interests.
• “Travel Reservation Number 28 for BHATTACHARYA.pdf”. As noted, this is
a flight itinerary for the Complainant, his wife and two sons for a trip to India
from November 28 to December 30, 2012. Its presence reveals something of
the Complainant’s interests.
[123] Throughout my discussion of the evidence in this section I have referred to what
Mr. Tee “would have” been justified in doing. This is because Mr. Tee did not
testify. Nonetheless, considering the evidence before me as a whole (including
the Final Report), in my view the inferences which I have drawn are not only
plausible but the most plausible explanations of Mr. Tee’s actions. Accordingly,
for the purposes of this motion I conclude that what he would have been justified
in doing is in fact what he did.
[124] In the result, while some of the informational content viewed by Mr. Tee touches
upon the biographical core of the Complainant, the touch is fleeting at best.
[125] I pause here to note that the arbitral decisions provided by the Association which
apply a balancing test to determine whether to exclude otherwise relevant
evidence are all surveillance cases. I wish to emphasize that in my view Mr.
Tee’s actions cannot be characterized as surveillance. Nor can they be
characterized as a random search. Rather, Mr. Tee was acting reasonably in
response to specific and concrete information given to him by Ms. Rosenow with
respect to the presence of government files on the USB key. The unauthorized
presence of such files constituted misconduct. In this respect, this case is
analogous to Ottawa-Carleton Public Employees Union, Local 503 v. Ottawa
(Nguyen), in which the visible presence of employer property in a partially open
personal bag prompted a further search. It is also analogous to the investigation
directed by the principal in R. v. Cole in response to the information he received
from the technician that Cole’s computer contained evidence of misconduct. (I
note that in R. v. Cole the technician showed the principal a screenshot of the
offending file where as in this case Ms. Rosenow merely told Mr. Tee about the
presence and location of the file. However, in my view, given that there was no
suggestion that there was any reason for Mr. Tee to doubt Ms. Rosenow, this is a
distinction without a difference.) Mr. Tee acted reasonably and within the scope
of his duties in investigating further. Just as the presence of Cole’s personal files
on the computer did not render the principal’s search unreasonable in R. v. Cole,
the presence of files personal to the Complainant on the USB key did not render
Mr. Tee’s search unreasonable.
- 35 -
[126] On balance, having regard to all of the factors discussed, in my view Mr. Tee’s
search was reasonable. I turn briefly to the forensic investigation.
[127] The forensic investigation received little attention in the submissions of the
parties. The only material before me with respect to the forensic investigation is
the Final Report which it produced. Leaving aside whether at this point in the
proceedings the Final Report as a whole may be considered evidence, it is clear
that the forensic investigation looked at more files than Mr. Tee had because the
Final Report indicates five documents were found on the USB key which (in the
opinion of the author) are related to the anonymous emails, including a file called
“Issue.docx”, found within the “New folder” directory, which appears to be a draft
of the third anonymous email. The Final Report also indicates that there were
106 “government related documents” found on the USB key. They were found in
the following folders listed in the root directory: New folder; CR; TPAS TICKETS;
EPS SCRIPT 2011-2012; PCC 51; and PERSONAL. However, the material
before me does not disclose the full scope of the examination of the informational
contents of the USB key during the forensic investigation itself. I am unable to
say at this point, therefore, whether the forensic investigation was conducted in a
reasonable manner.
[128] In an effort to provide guidance to the parties, I would note that once misconduct
had been established, R. v. Cole appears to contemplate a fairly broad and
intrusive forensic examination by an employer in pursuit of its legitimate interests,
which includes gathering evidence for disciplinary proceedings. Indeed, the
examination by the school board of Cole’s internet browsing history (which is at
the very heart of the “biographical core” of an individual) in order to obtain
evidence potentially relevant to the pursuit of discipline was specifically affirmed
by the Supreme Court.
Balancing the Complainant’s Privacy Interests with the Employer’s Legitimate Interests
[129] For the reasons stated, the Complainant has a reasonable expectation of
privacy, albeit not as pronounced as with other digital technology, in some of the
informational content of the USB key. That expectation attached only to the
personal files, not to the work related files and not to the files of which he
disavows any knowledge. His use of the USB key for work related purposes
diminishes that expectation of privacy but did not extinguish it.
[130] The search by the Employer (specifically Mr. Tee) of the USB key was
reasonable. The fact that when Mr. Tee was given the USB key he was told it
appeared to have government documents on it, which use would have been
unauthorized, provided a legitimate reason for him to examine the contents of the
key. The fact that the key proved to contain a highly sensitive and confidential
document provided a legitimate reason to investigate further. The use of the
USB key for both personal and work related purposes made some degree of
intrusion into the personal documents during the course of the search inevitable.
Nonetheless the investigation was conducted in a minimally intrusive manner.
- 36 -
Further, as it turned out, the search exposed little in the way of intimate details of
the Complainant’s biographical core.
[131] On balance, I decline to exercise my discretion pursuant to section 48(12)(f) of
the OLRA to exclude the otherwise relevant evidence of the informational content
of the USB key.
The Charter
[132] In the alternative, the Association asserts that the Employer’s inspection of the
USB key constitutes a breach of section 8 of the Charter and that the evidence
should be excluded pursuant to section 24 of the Charter. The Employer is the
Government of Ontario. It is common ground that the Charter applies to the
actions of the Employer in this case. It is also common ground that this Board
has jurisdiction to grant a remedy under section 24(2) of the Charter
Section 8
[133] Section 8 of the Charter provides:
Everyone has the right to be secure against unreasonable search or seizure.
[134] The Complainant’s allegation of a breach of section 8 requires two distinct
inquiries:
1. Did the Complainant have a reasonable expectation of privacy?
2. If so, was that reasonable expectation of privacy violated by the conduct of
the Employer?
The second question is only to be addressed if the first question is answered in
the affirmative: see R. v. Cole, OCA, at paras. 52- 54; R. v. Tessling at paras. 31-
33; R. v. Patrick at paras. 26 to 28. This is of some significance in this case
because my conclusion that an arbitral test of reasonableness does not result in
the exclusion of the evidence is essentially based on an application of the
“totality of circumstances” test used to answer the first of the section 8 inquiries,
as I have explained above. In other words, I have already answered the first
inquiry in the negative with the result that the second inquiry need not be
addressed. Nonetheless in the event that I am wrong, I will proceed to answer
the second inquiry.
Onus of Proof
[135] The Association asserts that the onus of proof lies upon the Employer, citing
Hunter v. Southam at para 28 and 39; and R. v. Cole, SCC, at para 37.
[136] Hunter v. Southam and R. v. Cole held the onus of proving that a warrantless
search was reasonable lay upon the state, in the context of regulatory and
criminal proceedings respectively. They are not directly applicable to the case at
- 37 -
hand as there is no requirement for a warrant in this context. Nonetheless, I
accept that if the second line of inquiry is reached under section 8, then the onus
of proof is upon the Employer in this case to establish the reasonableness of the
search because those reasons lie within its knowledge. However, I would note
that with respect to the first line of inquiry, it is clear the onus of proof lies upon
the party asserting a reasonable expectation of privacy: R. v. Cole, OCA, at para
52 citing R. v. Edwards, [1996] 1 SCR 128.
Was the Search Authorized by Law?
[137] Assuming, contrary to my finding, the Complainant had a reasonable expectation
of privacy in the informational content of the USB key, the second line of inquiry
becomes relevant. What does this line of inquiry look like in an employment
context? In my view, the answer is provided by the decision of the Supreme
Court in R. v. Cole, as discussed above. In short, if authorized by law, including
by necessary implication from a statutory duty, an employer has a reasonable
power to seize and search a digital device if it has reasonable grounds to believe
that the device contains evidence of serious misconduct.
[138] For essentially the reasons I have already stated, I find that Mr. Tee had
reasonable grounds to believe that the USB key contained evidence of serious
misconduct and that the search which he conducted was reasonable. The
remaining question is whether Mr. Tee’s actions were authorized by law, as
required by the Charter.
[139] The Association in effect argues that the search was only authorized if authorized
in accordance with the I&IT Policy. The Employer argues that the search was
authorized pursuant to FIPPA, in the alternative under the I&IT Policy and in the
further alternative by common or arbitral law. I will consider each of these
arguments in turn.
[140] The Employer argues that the search was performed in fulfillment of its
obligations under section 4(1) of Regulation 460 promulgated under FIPPA:
Every head shall ensure that reasonable measures to prevent
unauthorized access to the records in his or her institution are defined,
documented and put in place, taking into account the nature of the
records to be protected.
[141] I agree with the Association that this section creates an obligation to establish a
set of measures to prevent unauthorized access to records. Whether or not such
measures might have included an obligation applicable to Mr. Tee in the
circumstances “authorizing” him to inspect the USB key, the general obligation to
create a set of measures does not constitute a conferral of such specific
authority.
[142] I turn now to the I&IT Policy.
- 38 -
[143] For the purposes of this argument, the Association appears to concede that the
USB key fell within the I&IT Policy, notwithstanding the fact that the key itself
appears to have been privately owned by the Complainant. In any event, in my
view the USB key was subject to the I&IT Policy. The I&IT Policy clearly states
that it applies to memory sticks. It also clearly states that it applies to information
created on behalf of the Government. Whether or not the “test mode” data was
made up, as asserted by the Complainant, it clearly was created by him in the
course of his work duties on behalf of the Government. The I&IT Policy also
clearly states that it applies to resources used on behalf of the Government to
transport or store information. While the I&IT Policy also provides that
“government business must only be conducted on government resources, unless
otherwise explicitly approved by your manager”, it cannot be the case that the
absence of explicit approval insulates the Complainant’s use of his personal
memory stick to transport and store the test mode data from the application of
the I&IT Policy. On the other hand, as noted above, I do not accept the
proposition advanced by the Employer that the use of a personal IT device for
work related purposes converts the entirety of the device into a government
resource for the purposes of the I&IT Policy.
[144] The I&IT Policy is not “law”, but I assume for the purposes of this analysis that it
was promulgated pursuant to appropriate statutory or other legal authority.
Among other things, the I&IT Policy specifies that “personal monitoring” of an
individual’s usage of I&IT resources requires prior approval by the Chief
Administrative Officer or equivalent. There is no suggestion that such approval
was obtained in this case. Accordingly, if Mr. Tee’s examination of the
informational content of the USB key constitutes personal monitoring, it was not
authorized by the I&IT Policy. However, in my view, Mr. Tee’s examination did
not constitute personal monitoring within the meaning of the I&IT Policy.
[145] The I&IT Policy refers to both “system monitoring” and “personal monitoring”. It
provides in part:
6.4 Personal Monitoring
Personal monitoring of a particular individual’s usage will take place if
there is reasonable belief that I&IT resources are being used
inappropriately. Personal monitoring is designed to determine whether
there is evidence of inappropriate use, and if so, whether disciplinary
action and/or legal action is appropriate.
[146] The I&IT Policy does not contain a definition of “personal monitoring”, but it does
contain the following definition of system monitoring:
Electronic / System Monitoring: Any activity that includes the
surveillance of an electronic network as it is being used or the recording
and analysis of activity on an electronic network at any time. This many
include monitoring of user accounts, activities, sites visited, information
downloaded and computer resources used.
- 39 -
[147] Personal monitoring, therefore, is surveillance of an individual’s usage of the
network. That is not what happened here. Rather, as discussed above, Mr. Tee
was given the USB key by Ms. Rosenow who told him that the stick appeared to
belong to the Complainant and it appeared to contain government documents.
[148] The I&IT Policy, however, is not limited to monitoring of usage. Rather, the
“Principles” of the I&IT Policy provide in part as follows:
5. PRINCIPLES
….
3. Use of government computers, networks, systems and software may
be subject to monitoring.
4. Unacceptable use of I&IT resources may result in progressive
discipline up to and including dismissal, and/or criminal charges when
warranted.
[149] I can see no reason to read the I&IT Policy restrictively so that “unacceptable
use” which may attract discipline is restricted to that which has been subject to
monitoring.
[150] In any event, in my view Article 3.1, the management rights clause of the
collective agreement, provides an independent source of authority for Mr. Tee’s
actions. Article 3.1 provides in part:
Subject only to the provisions of this Agreement, the right and authority
to manage the business and direct the workforce, including the right to …
discipline, dismiss or suspend employees for just cause … shall be
vested exclusively in the Employer.
[151] No challenge was taken to the validity of the collective agreement and thus, while
no party provided the statutory or legal basis pursuant to which the Government
entered into the collective agreement, the authority of the Government to do so
may be presumed.
[152] The Association argues that even if the search for government documents was
authorized, that does not constitute authority for the subsequent search or
seizure of the files said to be related to the anonymous emails. It cites R. v.
Jones. R. v. Jones is a criminal case concerned with the admissibility of
evidence of child pornography found while the police were searching the
computer of the accused pursuant to a warrant to search for evidence of fraud.
As noted, in an employment context, there is no requirement for a warrant to
conduct a search. The issue in an employment context is whether the evidence
was found as a result of a reasonable exercise of authority conferred by law. I
have insufficient information to make that determination at this time with respect
to the forensic investigation which located the anonymous emails. I have
already suggested what appears to me to be the appropriate framework of
- 40 -
analysis for that determination. It may also assist the parties to note that there
are several instances in arbitral jurisprudence in which a surveillance initiated for
one purpose yielded evidence unrelated to that purpose. It appears that in such
circumstances the unrelated evidence has been admitted: see for example
Securicor and Toronto Transit Commission (Belsito).
[153] Given my conclusions, it is not strictly necessary to address the Employer’s
remaining alternative argument, that its authority to conduct the search comes
from the common or arbitral law. I would however make two points in passing.
First, it is clear from some of the cases provided by the parties that the common
law can serve as the basis for the legal authority to conduct a search for the
purposes of section 8 of the Charter. In particular, R. v. Fearon is concerned
with redefining the framework which applies to the authority of police to conduct a
search incidental to arrest which is founded on the common law. Second, the
arbitral authority to which the Employer appears to allude for the purposes of this
argument are the cases canvassed above discussing the application of a
reasonableness test to exclude otherwise relevant evidence on the basis that a
privacy interest of the employee has been engaged. I do not understand those
cases to create the authority for an employer to conduct a search. Rather, those
cases are about the limits on the admissibility of evidence obtained through the
exercise of authority which otherwise flows from the management rights clause of
the collective agreement.
[154] Accordingly, I conclude that the Complainant’s privacy interests under section 8
were not engaged and even if they were the search of the USB key was
reasonable and authorized by law.
[155] In the event that I am wrong in that conclusion, I turn now to consider the parties
arguments with respect to section 24.
Section 24
[156] Section 24 of the Charter provides:
(1) Anyone whose rights or freedoms, as guaranteed by this Charter,
have been infringed or denied may apply to a court of competent
jurisdiction to obtain such remedy as the court considers appropriate and
just in the circumstances.
(2) Where, in proceedings under subsection (1), a court concludes that
evidence was obtained in a manner that infringed or denied any rights or
freedoms guaranteed by this Charter, the evidence shall be excluded if it
is established that, having regard to all the circumstances, the admission
of it in the proceedings would bring the administration of justice into
disrepute.
Onus of Proof
- 41 -
[157] The onus of proof is upon the Association to show that the evidence should be
excluded pursuant to section 24 of the Charter: R. v. Collins, cited in Toronto
Transit Commission (Lacaria) at para. 67.
Applicable Test
[158] The parties are in agreement that the Supreme Court’s decision in R. v. Grant
sets out the applicable test (at para. 71):
A review of the authorities suggests that whether the admission of
evidence obtained in breach of the Charter would bring the
administration of justice into disrepute engages three avenues of
inquiry, each rooted in the public interests engaged by s. 24(2),
viewed in a long-term, forward-looking and societal perspective.
When faced with an application for exclusion under s. 24(2), a
court must assess and balance the effect of admitting the
evidence on society’s confidence in the justice system having
regard to: (1) the seriousness of the Charter-infringing state
conduct (admission may send the message the justice system
condones serious state misconduct), (2) the impact of the breach
on the Charter-protected interests of the accused (admission may
send the message that individual rights count for little), and (3)
society’s interest in the adjudication of the case on its merits. The
court’s role on a s. 24(2) application is to balance the
assessments under each of these lines of inquiry to determine
whether, considering all the circumstances, admission of the
evidence would bring the administration of justice into disrepute.
[159] I will consider each of these factors in turn. Before doing so, it is important to
note that R. v. Grant is a criminal law case. In Kelly v. College of Physicians and
Surgeons of Ontario the Ontario Superior Court noted that whether the admission
of evidence obtained in breach of Charter rights would bring the administration of
justice into disrepute is a contextual analysis. Part of that context is whether the
proceeding is criminal as opposed to civil or administrative. Among other things,
in an administrative or civil proceeding the right to liberty is not at stake.
Evidence which might be or has been excluded in a criminal proceeding may be
admissible in an administrative proceeding. A similar point is made in Toronto
Transit Commission (Lacaria) at para. 69. Counsel for the Association conceded
that although she had looked, she was unable to find any case in a civil or arbitral
law context in which evidence had been excluded on the basis of section 24 of
the Charter.
(a) The seriousness of the Charter-Infringing state misconduct.
[160] In R. v. Grant, the Court noted (at para. 72): “The more severe or deliberate the
state conduct that led to the Charter violation, the greater the need for the courts
to dissociate themselves from that conduct, by excluding evidence linked to that
- 42 -
conduct, in order to preserve public confidence in and ensure state adherence to
the rule of law.” At para. 73 the Court noted:
This inquiry therefore necessitates an evaluation of the seriousness of
the state conduct that led to the breach. The concern of this inquiry is not
to punish the police or to deter Charter breaches, although deterrence of
Charter breaches may be a happy consequence. The main concern is to
preserve public confidence in the rule of law and its processes. In order
to determine the effect of admission of the evidence on public confidence
in the justice system, the court on a s. 24(2) application must consider
the seriousness of the violation, viewed in terms of the gravity of the
offending conduct by state authorities whom the rule of law requires to
uphold the rights guaranteed by the Charter.
[161] The Court also noted that there is a spectrum: admission of evidence arising
from a minor or inadvertent breach minimally undermines public confidence;
admission of evidence obtained through wilful disregard of rights will inevitably
have a negative effect. Extenuating circumstances include the need to prevent
the disappearance of evidence and good faith on the part of the police. At the
same time, ignorance of Charter standards and wilful blindness must not be
rewarded.
[162] The Association argues that the same principles apply here. It argues that the
Investigation Report demonstrates repeated inspection by Mr. Tee of files on the
stick which were personal to the Complainant. This, it argues, shows flagrant
disregard for the Complainant’s privacy rights. As Mr. Tee did not testify, there is
no evidence that he undertook these inspections in good faith. The arbitral
principle recognizing an employee’s right to privacy in the workplace is long
established. Ignorance of that principle should not be rewarded.
[163] The Employer asserts that there was no wilful or reckless act of infringing the
Complainant’s Charter rights. It also notes that this is not a criminal case. The
police, it argues, are duty bound to keep the peace, respect the rights of
individuals and enforce the laws. By contrast, the Employer is “just trying to run
its operations”.
[164] In my view, Mr. Tee’s initial inspection of the USB key cannot be said to have
been a flagrant breach of the Complainant’s rights. This is not a case in which
the Employer had no reason whatsoever to inspect the USB key or where its
reasons were entirely speculative. On the contrary, in giving Mr. Tee the USB
key Ms. Rosenow told him that it contained government files. Further, the search
was not “demeaning of dignity”: see R. v. Harrison at para. 30. It was not violent.
It was not invasive of the Complainant’s person. Nor, for reasons stated, am I
satisfied that there was any basis to presume that the USB key would contain the
kind of information central to the biographical core of the Complainant as would
be expected to be found on a computer or smart phone. The search did not take
place in a situation in which the expectation of privacy was high: R. v. Harrison
para. 30. The use of the USB key for both personal and work related purposes
- 43 -
made some degree of intrusion into the personal documents during the course of
the search inevitable. Nonetheless the investigation was conducted in a
minimally intrusive manner.
[165] The Association notes that systemic breaches by the state can be an aggravating
factor: see R. v. Harrison at para 26. It points to the evidence of Ms. Mareski that
she was unaware that employees enjoyed a right to privacy while in the
workplace, and that to her knowledge the Employer had no policies and provided
no training in this respect. I am not compelled by this argument. While
omission or inaction, as distinct from action, might give rise to a finding of
systemic breach in a proper case, this is not that case. I agree with the Employer
that it is inappropriate to impute or require of its employees the same level of
knowledge as to rights and obligations as would be the case with respect to
police officers, in particular given that this is not a criminal context and, unlike
police officers, managers do not have a power of arrest. Even accepting that
managers at Mr. Tee’s level knew, ought to have known or ought to have been
trained that arbitral jurisprudence has recognized a right to privacy which
engages the balancing test discussed above, there appears to be no prior
authority for the proposition that breach of those privacy interests engages the
Charter in a civil or arbitral context, let alone that such a breach affords the
remedy of exclusion of evidence pursuant to section 24 of the Charter.
[166] Thus, I would find that any misconduct on the part of the Employer (once again
referring primarily to the search by Mr. Tee) was relatively minor.
(b) The impact of the breach on the Charter-protected interests of the accused.
[167] In R. v. Grant, the Supreme Court stated this calls for an evaluation of the
“extent” to which the breach “actually” undermined the Charter-protected
interests, noting: “The impact of a Charter breach may range from fleeting and
technical to profoundly intrusive.” It is necessary to consider the specific Charter
interests engaged. With respect to the section 8 right engaged in Grant, the
Court stated:
[A]n unreasonable search contrary to s. 8 of the Charter may impact on
the protected interests of privacy, and more broadly, human dignity. An
unreasonable search that intrudes on an area in which the individual
reasonably enjoys a high expectation of privacy, or that demeans his or
her dignity, is more serious than one that does not.
[168] The Association relies on its argument that the Complainant enjoyed a high
expectation of privacy with respect to the information in question. Further it
argues that the breaches by Mr. Tee were not fleeting or technical. Rather they
were repeated over a number of days. Presumably in reference to the
anonymous emails subsequently discovered, the Association recognizes that
under this part of the test, the courts have held that a breach with respect to
evidence which would otherwise have been discoverable (for example through
the proper acquisition of a warrant) will be considered to have actually
- 44 -
undermined the claimant’s Charter interests to a lesser degree. It argues,
however, that but for Mr. Tee’s breach the Employer would have had no basis to
obtain authorization to inspect the contents of the Complainant’s USB key.
[169] The Employer argues that the Complainant had no reasonable expectation of
privacy in the USB key.
[170] For reasons already stated, in my view the Complainant had no reasonable
expectation of privacy (in the section 8 sense) in the informational content of the
USB key, or in any event a very minor one. For the reasons stated, I also do not
agree with the Association that there would have been no basis for Mr. Tee to
obtain “authorization” to inspect the contents of the key. Mr. Tee did not require
authorization from some third party. In giving him the key, Ms. Rosenow told him
that it contained government data files. This provided a reasonable basis for Mr.
Tee to examine the informational content of the key as already discussed. A
search of the USB key for government data files would have uncovered the file
which appears to be a draft of the anonymous email. There is nothing before me
to suggest that the Employer obtained access to more information than was
appropriate for the purposes of investigating employee misconduct.
[171] It is also worth noting that the search in question did not involve evidence taken
from the body of the Complainant (such as breath, blood or urine samples), nor
was it inherently demeaning of the Complainant (such as a body search). Such
searches may have greater impact on the claimant: see R. v. Grant at paras. 99
-111 and at para.114.
[172] Accordingly, I conclude the impact of any breach on the Complainant’s Charter-
protected privacy interests was minimal.
(c) Society’s interest on adjudication on the merits.
[173] The Association argues that unlike a criminal case, there is no safety or security
concern raised by an offender going free. On the other hand, it argues that there
is a public interest in ensuring that the arbitral system is above approach and that
employers cannot benefit from illegal conduct.
[174] I disagree that these are the issues raised by this line of inquiry.
[175] In R. v. Grant, the Supreme Court noted that the issue under this line of inquiry is
“whether the truth-seeking function of the criminal trial process would be better
served by admission of the evidence, or by its exclusion.” It requires
consideration of “not only the negative impact of admission of the evidence on
the repute of the administration of justice, but the impact of failing to admit the
evidence.” (See para. 79. Emphasis in the original.) The Court noted that
reliability of the evidence is important to this line of inquiry: para 81. The breach
may itself have undermined the reliability of the evidence.
- 45 -
Conversely, exclusion of relevant and reliable evidence may
undermine the truth-seeking function of the justice system and
render the trial unfair from the public perspective, thus bringing the
administration of justice into disrepute.
[176] In R. v. Grant, the Court also noted at para. 83 that the importance of the
evidence should also be considered:
[T]he exclusion of highly reliable evidence may impact more negatively on
the repute of the administration of justice where the remedy effectively guts
the prosecution.
[177] In its discussion of the application of this test to different kinds of evidence, the
Court noted (at para. 115):
Reliability issues with physical evidence will not generally be related to
the Charter breach. Therefore, this consideration tends to weigh in
favour of admission.
[178] In R. v. Cole, the Supreme Court cautioned that this consideration should not be
permitted to overwhelm the section 24(2) analysis: see para. 95. However, it
also noted that the data files in question were “highly reliable” and “probative
physical evidence”: see para. 96. It concluded that this consideration weighed in
favour of admission of the evidence.
[179] So too in this case the data files in question are highly reliable and probative
physical evidence. Further, they are central to the Employer’s case. I conclude
that society’s interest in adjudication on the merits weighs in favour of admission
of the evidence.
[180] I turn now to balancing the various considerations. For the reasons stated: any
Charter infringing breach was of minimal seriousness; the impact of any breach
on the Complainant’s Charter-protected right to privacy was non-existent or
minimal; and the evidence in question is highly reliable and probative so that the
truth seeking function is served by its admission. Balancing all of these factors, I
conclude that the evidence should be admitted even if there was a breach of
section 8 of the Charter. I am strengthened in this conclusion by the fact that it
is the same as the one reached by the Supreme Court in R. v. Cole: see para 97
and 98.
[181] Finally, as noted, R. v. Grant is a criminal case. So of course is R. v. Cole.
When consideration is given to the administrative nature of these proceedings, I
am further strengthened in my conclusion that this evidence ought not be
excluded pursuant to section 24(2) of the Charter.
[182] For all of the foregoing reasons, the Association’s objection to the admission of
evidence related to the informational content of the USB key is denied.
- 46 -
Dated at Toronto, Ontario this 29th day of March 2016.
Ian Anderson, Vice Chair
- 47 -
Appendix “A”
Excerpts from “Acceptable Use of Information and Information Technology (I&IT) Resources
Policy” dated March 2011 (the “I&IT Policy”).
4. APPLICATION AND SCOPE
The authority to issue this Policy is established in the Information and Information
Technology (I&IT) Directive.
This policy applies to:
• all ministries and public bodies (formerly agencies, boards and commissions) that
use Ontario government I&IT resources; and
• all third party individuals and organizations that have been authorized by the Ontario
government, for government purposes, to have access to the OPS integrated
network and use of computerized devices.
The scope of information includes all information that is created, received, owned by or
held in custody on behalf of the Ontario government. The scope of information
technology resources includes, but is not limited to the following:
• Desktops
• Laptops
• PDAs (e.g. BlackBerry devices)
• Servers
• All storage media (e.g. CDs/DVDs, memory sticks, diskettes)
Also included in the scope of this document are information systems and resources that
are used by, or on behalf of the Ontario government to create, enter, process,
communicate, transport, disseminate, store or dispose of information.
5. PRINCIPLES
….
3. Use of government computers, networks, systems and software may be subject to
monitoring.
4. Unacceptable use of I&IT resources may result in progressive discipline up to and
including dismissal, and/or criminal charges when warranted.
6. MANDATORY POLICY REQUIREMENTS
The mandatory requirements of this policy are as follows:
….
6.2 Unacceptable Use of I&IT Resources
Government of Ontario Information Technology (IT) resources are to be used exclusively
for government business, unless otherwise approved by your manager. In addition,
government business must only be conducted on government resources, unless
otherwise explicitly approved by your manager. This includes but is not limited to
- 48 -
computers, laptop, email internet, intranet, extranet, personal digital assistants, cellular
phones, memory sticks, etc.
….
• IT resources must not be used for unacceptable activity. Unacceptable activity
includes, but is not limited to:
….
• Using personal I&IT resources (including, but not limited to, personal home
computers and laptops, personal email accounts, cell phones, etc.) to conduct
government business unless approved by a manager.
• Accessing, displaying, downloading, creating, distributing or storing any software,
graphics, images, text, music, video or other data (including email messages and
attachments) which are offensive and conducive to a poisoned work environment
(as per the Workplace Discrimination and Harassment Prevention (WHDP) policy).
….
• Discrediting others in the government through electronic communications.
• Sending anonymous messages or impersonating others.
….
• Using IT resources to discriminate against or harass, threaten or intimidate other
employees or to create a hostile or humiliating work environment.
….
6.4 Monitoring
Systems Monitoring
Systems monitoring is performed for the purposes of systems analysis, planning and
performance, and is considered to be an on-going and regular technology management
activist unaffected by the scope of this policy.
Personal Monitoring
Personal monitoring of a particular individual’s usage will take place if there is
reasonable belief that I&IT resources are being used inappropriately. Personal
monitoring is designed to determine whether there is evidence of inappropriate use, and
if so, whether disciplinary action and/or legal action is appropriate.
Authorization
All personal monitoring must be approved by the user’s Chief Administrative Officer
(CAO) or equivalent prior to monitoring and evidence gathering.
6.9 Reporting Security Incidents
A security incident is any activity that could compromise the security of government
information or systems. Al security incident could be … loss of a laptop or blackberry,
….
• All OPS system users are responsible for immediately reporting all security incidents
(including lost or stolen information or IT assets (to their managers and to the IT
Service Desk [phone number and email address omitted]. This also includes internal
and external devices and parts.
….
- 49 -
8. APPENDICES
8.1 Appendix A: Terms and Definitions
Electronic / System Monitoring: Any activity that includes the surveillance of an
electronic network as it is being used or the recording and analysis of activity on an
electronic network at any time. This many include monitoring of user accounts,
activities, sites visited, information downloaded and computer resources used.