I don't have all the details of what they would be doing. That could be asked of them.
Generally speaking, you would be talking about the tools that are provided to the employee by the employer—the email, the laptop and these types of things. Again, nonetheless, there are some expectations of privacy vis-à-vis these tools, but it's contextual. Employers have legitimate reasons for obtaining certain types of information. We talk about that in our guidance and really highlight it: Make sure you've assessed the tool. Make sure you've assessed the necessity and proportionality of it. Make sure you are transparent about it and people know.
In our annual report last year, we talked about one of our investigations in the private sector where a trucking company was using a monitoring device for truck drivers. Even when they were not on duty, they were being filmed and recorded 24-7. We found that this was too broad. It was legitimate to do it when you were driving, for safety reasons, but it had to be limited to that. That was done.
This is the type of questioning that goes on with regard to the privacy impact assessment. When my office is consulted, especially before it's initiated, then we can raise these types of questions. Let's prevent these things. Let's prevent Canadians worrying about it so that they can feel like, “Okay, this is a tool and here's what it does. The Privacy Commissioner's office was consulted and provided input.”
That's what I'd like to see more of, especially in situations where we often learn after the fact that something was being used.