1

Clarification To Law Of Employee Surveillance

Elevator law, according to one colleague and despite our best attempts to intervene, has its ups and downs. It has a unique set of characteristics, including its own elevator union (the International Union of Elevator Constructors (IUEC)), industry- specific collective agreements and a workforce of largely independent technicians.

Technicians are often required to visit multiple worksites, work without direct supervision and manage their own time. In some cases, technicians are provided with a company phone which can track time, work completion and location. That tracking has been the source of significant tension and resulted in clarification to the law of employee surveillance.

In January 2022, the decision of Arbitrator Koml Kandola in KONE Inc. v. IUEC, Local 82 (Installation Back Reporting Tool (IBRT) 2.0 Grievance) [2022] B.C.C.A.A.A. No. 4 was published. This case revolved around a challenge to the employer’s practice of collecting GPS information about employees at work, through their mobile phones. The decision will be relevant to any organization that uses location monitoring to manage the attendance of their workforce.

The background of the matter is relatively straightforward but spans well over a decade. KONE Inc. installs, replaces and services elevators and escalators. Its employees generally fall into one of two groups: maintenance and construction mechanics. Maintenance mechanics work largely on the road, visiting multiple sites in a day without supervision. Construction employees are occasionally supervised and tend to work more consistently at a single location or group of locations, although construction employees also move between job sites.

For more than a decade, KONE has used an application to track the location of maintenance mechanics. That application was the subject of a complaint by the IUEC to the Office of the Information & Privacy Commissioner, which concluded in 2012 that KONE’s collection and use of location information was reasonable and authorized under the Personal Information Protection Act, SBC 2003, c. 63 (PIPA).

Recently, KONE introduced a new application for use by its construction mechanics – the Installation Back Reporting Tool (IBRT). This application replaced the company’s existing time entry tool. The IBRT application establishes a “geofence” with a fixed radius around each worksite and relies on GPS to track whether an employee’s phone is inside or outside that area during working hours. It cannot be used to track an employee in real time and does not show the specific location of the employee’s phone. The system only operates during hours when the employee is “clocked in.” KONE can review the information collected from IBRT to determine how close to the “geofence” area an employee has been during working hours.

The IUEC grieved the IBRT application, asserting that the collection of location information about construction mechanics was an unjustified intrusion on their privacy rights. It argued that this new application, which was designed primarily to support attendance management, violated the employees’ right to privacy.

Arbitrator Kondola was required to determine whether or not KONE’s use of IBRT complied with its obligations under PIPA. The arbitrator first confirmed that information collected about an employee’s location is “employee personal information” as defined by PIPA. She went on to consider the established list of factors used to assess the reasonableness of an employer’s collection of employee personal information:

  1. the sensitivity and amount of the information being collected or used;
  2. the likelihood of effectiveness;
  3. the manner of collection;
  4. the availability of alternatives; and
  5. the potential offence to employees’ dignity

Ultimately, Arbitrator Kandola found that KONE’s collection of information through the IBRT application was reasonable and dismissed the grievance. In doing so, she made several determinations which are significant to any employer considering using location data to manage its workforce:

  1. Information about whether an employee is at work during work hours is “at the low end of sensitivity” from a privacy perspective. The more specific the information, and the more it intrudes on an employee’s personal time, the greater the sensitivity. In this case, the “geofence” was specifically designed to gather non-specific data about attendance without tracking an employee’s movements, which made it more reasonable.
  2. An employer is not required to prove the existence of a problem in the workplace to justify the collection of location information. The employer is only required to demonstrate that it has a proper purpose linked to the management of employment. In this case, the IUEC argued that the collection of information was unnecessary because there was no proof of a problem with attendance or time- theft. The Arbitrator disagreed, finding that there was some evidence of an issue, but that even in the absence of any issues the management of attendance is a proper purpose for collecting information from employees.
  3. Similarly, an employer is not required to prove that it has exhausted every other possible alternative before collecting location data. It must only show that less privacy-intrusive alternatives are not practicable. Arbitrator Kandola rejected the IUEC’s suggestion that the employer could hire more supervisors or work with clients to monitor their employees.
  4. It pays to mindfully design a system that collects only the information needed and no more. The IBRT system was designed to collect only limited information about whether an employee was at the workplace during working hours. Arbitrator Kandola described verifying employee compliance with attendance rules as “unremarkable,” and noted that no information was collected about employees’ location on their own time. This rendered the information “on the low end” of privacy sensitivity.

Mobile and remote workforces are increasingly common, as employers across the country continue to adjust to the effects of the pandemic. Many organizations are considering implementing surveillance measures to keep track of a distributed workforce. Collection of personal information from employees is often a sensitive subject, which should always be carefully considered before implementation. This decision provides a useful outline of the detailed analysis necessary to ensure that surveillance is consistent with the requirements of privacy legislation.

Roper Greyell LLP – Employment and Labour Lawyers