Is it a privacy breach if an employer accesses the direct messages in their former employee’s social media account?

Employers sometimes discover evidence that a former employee may be or have been in breach of their obligations to the employer. Sometimes the employee’s own direct messages on social media accounts corroborate wrongdoing. Is it a privacy breach if an employer accesses the social media direct messages, and can the employee sue them for breach of privacy?

A recent decision decision from the New Brunswick Court of King’s Bench, the Plaintiff a former Director of Computer Program Development, left his position claiming that he had been constructively dismissed. Ten months after the Plaintiff’s departure, the employer was working at the Plaintiff’s former workstation when his Facebook messages “popped up” on the screen. This was not the first time the employer had accessed the Plaintiff’s former workstation, but it was the first time that Facebook messages had appeared. The Employer was worried about some sort of security breach, and investigated the messages further.

The messages revealed that the Plaintiff had exchanged messages with current and former employees, and some implied that the Plaintiff had breached the terms of his non-compete and non-disclosure agreements. The Employer sought an injunction against the Plaintiff to restrain him from disclosing confidential information by way of summary trial. The Plaintiff counter-claimed for breach of privacy based on the tort of intrusion upon seclusion, and argued that he had a reasonable expectation that his Facebook communications would be private.

The Court did not allow the Employee’s claim for breach of privacy.  The Court made note of the following:

  • The Facebook messenger application had never popped up before, even though the computer had been accessed many times. This was distinguishable from the scenario in Jones v Tsige, 2012 ONCA 32, where the Defendant deliberately and surreptitiously accessed the Plaintiff’s information;
  • The information was stored on, or at least accessed via a company computer;
  • The Plaintiff was an experienced IT professional;
  • A co-worker had reminded the Plaintiff to ensure that he logged off his Facebook account on his work computer so that the Employer could not read his messages;
  • The Plaintiff failed to log off of Facebook or remove the application from his work computer; and
  • The Plaintiff gave his workstation password to the Employer.

Key Takeaways

Every case is different, and it may be no surprise that the Court did not grant judgment for breach of privacy in the circumstances. However, employers need to take care before accessing any of their employees’ private messages or social media accounts. Although privacy laws may allow employers to collect information in some circumstances without consent, such as for investigations, they may be challenged.  Privacy torts are evolving across the country, including provinces with statutory privacy torts.  For example, the BC Court of Appeal left open the possibility of the existence of common law privacy torts earlier this year in a class action against Google.

We recommend establishing a clear privacy policy and device/systems use policy to provide appropriate notice and set expectations with employees.

If your organization has any questions about privacy, conducting investigations, device/systems use policies or data privacy generally, we would be pleased to help you. Please contact a member of our Privacy & Data Management Group.

  • Ryan  Berger

    Ryan Berger is a leading privacy and employment lawyer, with a primary focus on providing strategic advice to businesses and employers.

    Ryan leads the firm’s Privacy Group and routinely advises public and private sector ...

  • Emily  Raymond

    Emily is an associate in both the Labour, Employment and Human Rights Group and the Privacy and Data Management Group in Vancouver. She practices in all aspects of workplace law including occupational health and safety issues ...

About Us

Lawson Lundell's Privacy and Data Management Blog provides updates on the most recent issues emerging in the legal and business communities. We cover a range of issues, legal developments, and new technology as they impact privacy and data management. We will focus on how organizations can protect, manage and innovate with information considering the various risks, regulatory and governance requirements.

Legal Disclaimer: The information made available on this webpage is for information purposes only. It does not constitute legal advice, and should not be relied on as such. Please contact our firm if you need legal advice or have questions about the content of this webpage. 




Recent Posts



Jump to Page