Employment 2025

CANADA Law and Practice Contributed by: Christopher Pigott, Rachel Younan, Jacob Wagner and Felisha Jagiah, Fasken

General Principles In some jurisdictions, the general principles relevant to the application of privacy principles to employees are that the collection, use and disclosure of employ - ee personal information must be for the reasonable purposes of managing, establishing or terminating an employment relationship. Additionally, at the time the information is collected, the employer must give notice to the employees of the purposes for which their personal information is being collected, used or disclosed. If notice is not given, the employer will need Safeguards and processes must be put in place by employers to prevent unauthorised access, use or dis - closure of employees’ personal information. Employ - ers must also have privacy processes and procedures in place. Employees are entitled to request access to the personal information collected by their employer and may correct any inaccuracies therein. to obtain employee consent. Safeguards and Processes In addition, rules regarding the transfer of data across borders are also included in privacy legislation and must be respected. If employees’ personal informa - tion is to be transferred out of Canada, including to a subsidiary, the same rules of notification and consent apply. In the event of transfers to the USA, any notice given to employees should include a statement that the information may be available to the US govern - ment or its agencies in accordance with local laws. Provincially Regulated Workplaces For provincially regulated workplaces outside of Alber - ta, British Columbia, and Quebec, there is no legisla - tion that specifically establishes requirements around employee privacy (except in respect of employees’ personal health information). However, Ontario’s Employment Standards Act, 2000 requires that employers with 25 or more employees on 1 January of any year have a written policy in place with regard to electronic monitoring of employees by March 1st of that year. Courts and adjudicators in all Canadian jurisdictions are increasingly attentive to privacy- related concerns and have begun using common law principles to hold employers and other parties liable for violations of privacy rights.

clauses of limited duration (six months to 12 months) and applicable to those customers or suppliers with whom the former employee had contact as a result of their employment are more likely to be found to be enforceable. 3. Data Privacy 3.1 Data Privacy Law and Employment In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs the col - lection, use and disclosure of personal information. However, in the employment context, PIPEDA only applies to federally regulated organisations. PIPEDA requires employers to adhere to the following ten basic principles regarding the collection, use or dis - closure of employees’ personal information: • accountability; • identifying purposes; • consent; • limiting collection; • limiting use, disclosure and retention; • accuracy; • safeguards; • openness; Alberta, Quebec, and British Columbia have enact - ed similar legislation that applies to employees and employers in those provinces. If an individual believes their privacy rights have been violated, a complaint can be filed with the provincial or federal privacy com - missioner. In June 2022, the federal government proposed the Digital Charter Implementation Act 2022 (Bill C-27), which – if passed – would have modernised Canada’s current federal framework for the protection of per - sonal information in the private sector and introduce new rules for the development and deployment of AI. However, as of 6 January 2025, Bill C-27 was termi - nated following the prorogation of Parliament until 24 March 2025. • individual access; and • challenging compliance.

91 CHAMBERS.COM

Powered by