What not to do with employee monitoring software

The British Columbia Information and Privacy Commissioner has published a report strongly criticising The District of Saanich’s use of employee monitoring software, which included keystroke logging, automated regular screen captures and a range of other intrusive features across the District’s IT systems.

The report reminds readers that “employees do not check their privacy rights at the office door”, and goes on to set out the Commissioner’s findings that:

  • The District did collect personal information through its use of monitoring software. In fact, because of how the software was configured, the District collected all personal information that a user entered into their workstation.
  • Under the Freedom of Information and Protection of Privacy Act (FIPPA), which regulates only public bodies, the District did not have the authority to collect the personal information recorded by the monitoring software.
  • The District did not notify employees of the collection of their personal information as required by FIPPA.
  • It could not be determined whether the District used or disclosed personal information collected by the monitoring software in compliance with FIPPA because the District had not activated the functionality to monitor user access through logs that show user activity.

Link (CanLII): Saanich (District) (Re), 2015 BCIPC 15 (Hat-tip: Barry Sookman)