Can Your Employer Use Your Internet Browsing History as Evidence to Fire You

Is your employer watching? Are they monitoring the time you spend on the internet? But more importantly, can they use what they find out as evidence to fire you? In a recent decision, the answer to all of the above was YES.

A nearly 10-year employee was terminated for excessive internet usage – basically for not working while on duty. The union grieved the termination and made an application in advance of the arbitration that the internet investigative report is excluded as inadmissible because it infringed the employee’s privacy and was in violation of the B.C. Freedom of Information and Protection of Privacy Act (“FIPPA”). In the decision, Fraser Health Authority v. H.S.A.B.C., 2011 CarswellBC 1174 (B.C.A.B.), Arbitrator Glass held that there was no privacy violation and the report was admissible

One of the key facts in the decision was that the employer had a clear policy that the computers and the data on them were the property of the employer and that they would be monitored. The policy also stated that personal use of the computers was to be done while on breaks and was not to interfere with the employer’s operations.

The internet investigative report was generated based on data pulled from the employer’s proxy server, which included log records of the URL visited, web category, date and time, IP address of the source computer and the user account when the internet was accessed through the proxy server. The internet report was only requested after the employer had several pieces of evidence from other employees about the individual’s excessive use of the internet.

The employer, in this case, was a public body and therefore under FIPPA including the following:

(a) the collection of that information is expressly authorized under an Act, or
(b) that information relates directly to and is necessary for an operating program or activity of the public body.

The Arbitrator found that the internet investigative report fell within the exception of s. 26(c) and was not in violation of FIPPA. The Arbitrator found that the purpose of the audit was “legitimate and necessary” and the basis for looking into it was “reasonable”. I would suggest that a key factor was that the Arbitrator held that the scope of the internet investigative report was reasonably limited. It was not simply a copy of all the personal data of that employee, it was basically a list of websites visited and the time spent browsing.

%d bloggers like this: