Keeping an eye on the unauthorized use of surveillance cameras by employees

This issue may be decided, in part, by the Federal Court of Canada. It will soon hear a case involving the Greater Toronto Airports Authority (GTAA). A few years ago a GTAA employee, whose job it is to monitor the flow of traffic at Toronto Pearson International Airport using video surveillance equipment, allegedly used it to spy on her ex-husband as he walked through the airport terminal with their children and his new girlfriend.  The GTAA employee then confronted them in the arrivals area. Needless to say, the entire episode was extremely unsettling to the “ex.”

Documents filed in Federal Court reveal that the unnamed complainant shared his privacy concerns with the GTAA in July 2008 and the GTAA conducted an internal investigation and concluded that two employees — including his former spouse, a resource coordinator — took photographs of the man and his children on two occasions that year.

In December 2008, the “ex” formally requested access to his personal information from the GTAA, which months later replied that “it held his email address as well as the photographs taken of him and/or his family while in the airport terminal building.”

The “ex” filed a complaint with the Federal Privacy Commissioner, who investigated and concluded the GTAA did not comply with Canadian law governing privacy and personal information (PIPEDA).

According to a report tabled in Parliament, the Privacy Commissioner “found that the photographs were not taken for a proper use in that they were taken without knowledge and consent, and for purposes that were clearly beyond normal surveillance requirements.” In addition, the GTAA took much longer than the required 30 days to respond to his request for information.
 
“The Privacy Commissioner recommended the GTAA implement a log-in system on all computers that have access to video surveillance and develop a policy on appropriate use of the equipment signed by employees authorized to access it.  The Privacy Commissioner also recommended the GTAA provide a full list of the complainant’s personal information in its control, along with any reasons why he was not granted access to some of it.”

The Privacy Commissioner was reporting as saying that her office decided to file an application to federal court after the GTAA “refused” to implement the recommendations.

The Federal Privacy Commissioner wants the Federal Court to declare that the GTAA “failed to meet its obligations under PIPEDA,” implement the recommendations and award damages to the complainant.

The Privacy Commissioner, Jennifer Stoddart, commented that she was concerned with “how the GTAA reacted”:

“(That) the GTAA didn’t recognize the seriousness of this situation when we spelled it out for them, refused to take steps to correct it, refused to put in place our recommendations, is even more worrisome,” Stoddart said. “This is an organization that holds a lot of personal information, when you look at the volume of people going through the Toronto airport.”

This Federal Court application raises important issues regarding the use of surveillance technology for purposes other than those for which it was intended. To avoid bad publicity and potential legal liability, employers should draft a video surveillance policy that prohibits employees from using their employer’s video surveillance equipment to view and record events for personal purposes and the employees’ own benefit.  That policy should be printed, distributed to all employees, well publicized and, most important of all, enforced.
 
The aforementioned policy should also deal with the employees use of images recorded using the video surveillance equipment.
 
We trust that those who watch us at public transportation terminals are doing so for our protection and benefit, and not some ulterior (personal) purpose. Public confidence demands that the watchers be watched (by their employers).  If the watchers breach our trust, they and their employers should be held accountable.
 
It will be interesting to see how the Federal Court rules on the application brought by the Federal Privacy Commissioner.  We will keep a close watch.