On October 29, 2009 the Office of the Privacy Commissioner of Canada (OPC), together with the Privacy Commissioners' offices of Alberta and British Columbia, published a guidance document titled "Privacy in the Time of a Pandemic: Guidance for Organizations." This guidance document was published in response to inquiries from organizations regarding the application of privacy laws to the management of the H1N1 pandemic in the workplace.
The federal privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA) applies only to information about employees of certain organizations – namely a "work, undertaking or business that is within the legislative authority of Parliament." This includes banks, telecommunication companies and interprovincial transportation companies such as airlines, shipping and rail carriers. Alberta, British Columbia and Quebec have provincial private sector privacy legislation that has been deemed "substantially similar" to PIPEDA and that applies within those provinces instead of PIPEDA. Unlike PIPEDA, each of the substantially similar provincial Acts applies to the handling of all private sector organizations' employee information within those provinces.
In the guidance document, the OPC confirms that as long as the H1N1 pandemic has not been declared a public emergency, privacy laws continue to apply normally. The OPC notes, however, that should the situation change and a public emergency be declared, public health legislation and certain emergency measures may permit broader handling of personal information as required to protect public health.
According to the guidance document, in non-emergency situations such as the current pandemic, employers are not permitted to collect more personal information from their employees than necessary for the purpose of the collection. For example, if the reason for collecting personal information about employees' health is for contingency planning, an employer may track which employees are absent from work due to illness; however, asking whether they have been specifically diagnosed with the H1N1 flu goes beyond the information required to meet the employer's reasonable need.
The guidance document says that employers should provide employees with information on prevention rather than asking them specific questions that go beyond the reasonable need for information, such as whether a particular employee is at high risk of contracting H1N1 or whether he or she has had the H1N1 vaccine. Relevant information may include advising employees of the need for certain high-risk groups to take extra precautions or providing details about vaccination clinics.
Finally, the guidance document states that should an employee tell a manager that he or she has H1N1, the manager should keep that information private and simply tell others that the employee is unavailable.
Further details can be found in the guidance document.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
