B.C.’s Privacy Act creates a statutory tort. It applies where one person “wilfully and without a claim of right” violates the privacy of another. The nature and degree of privacy, as set out in the Act, is one which is “reasonable”, given due regard to the lawful interests of others. To establish what may or may not meet this test, “regard must be given to the nature, incidence and occasion of the act and to any domestic or other relationship between the parties. 1
This could allow for an action against the employer and/or the investigator for a breach of privacy rights.
Conduct Wilfull & Without Claim of Right
The B.C. Court of Appeal considered this issue in a 1998 case. 2 The word “wilfully”, the court stated, must be read narrowly to mean “an intention to do an act which the person doing the act knew or should have known would violate the privacy of another person”. The phrase “without a claim of right” means an absence of “an honest belief in a state of facts which, if existed, would be a legal justification or excuse..”
As to the issue of reasonableness, it was held in a further case that the Charter cases dealing with s. 8 issues of reasonable search and seizure would offer helpful guidelines. 3 As in R. v Cole, the issue is firstly, whether the person had a subjective expectation of privacy in the matter at hand and secondly, whether this subjective view was objectively reasonable.
The court in this instance stated that the totality of the circumstances must be examined to determine whether the person had a reasonable expectation of privacy in the context of the case. On the facts before the court in this instance, the judge determined that the plaintiff indeed did have such a subjective view of the emails in controversy but when viewed objectively, this was not a reasoned view. The facts driving this conclusion were as follows:
- The company owned the computer;
- The company had no policies regulating employee computer use or rules regarding accessing one another’s computer;
- Employees were allowed to use work email accounts for personal use;
- Security measures to protect employees against unauthorized access were “very relaxed”;
- Passwords were generally required to access “locked” computers but it was not uncommon for employees to leave computers unlocked;
- Individual passwords were not closely guarded and in fact “quite the opposite”;
- Others had access to the plaintiff’s password as did the immediately alleged offender, a person who had accessed the plaintiff’s computer, sometimes seeking her permission and sometimes, not.
The court denied the claim for these reasons.
Such a claim should consider the various cases dealing with the expectation of privacy interests in the workplace, as is reviewed here.