| Topic: | Employees, Employment and Workplace |
|---|---|
| Approval Date: | October 5, 2022 |
| Effective Date: | October 11, 2022 |
Preamble
York University (the “University”) is committed to transparency. The University uses various electronic tools to secure its computer network, infrastructure and premises as described in the related policies, procedures and guidelines. Some electronic tools also have capacity to record employee activity information. Although the electronic tools may store information about employee activity from different systems and processes, the University does not use this information for the purposes of real-time tracking of employee activity in the normal course of its operations. In exceptional circumstances, the University may access information from electronic tools for employment-related purposes with appropriate prior approval involving senior leadership of the University.
1. Purpose
1.1. The purpose of this Electronic Monitoring Policy (the “Policy”) is to provide transparency about how the University may use electronic monitoring tools for employee activity.
2. Authority, Scope and Application
2.1. This Policy is enacted by the President of York University under the authority of subsection 13 (2) (b) of the York University Act (1965).
2.2 This Policy applies to all employees, as defined by the Ontario Employment Standards Act, 2000 (“ESA”). For clarity, “employee” under this Policy means only those employees of the University who are considered employees under the ESA.
2.3 This Policy outlines the University’s electronic monitoring practices and should be read in conjunction with other applicable University policies, guidelines, or standards, including but not limited to those listed in section 4 below.
3. Policy
3.1 Electronic Monitoring Practices
a. The University uses various electronic monitoring tools in different circumstances and for different purposes as described in Appendix A.
b. Appendix A, attached, outlines how and in what circumstances the University uses electronic monitoring tools, and the purposes for which information obtained through electronic monitoring tools may be used by the University.
c. In addition to the purposes listed in Appendix A, the University may use information obtained from electronic monitoring tools for employment-related purposes including evaluating or investigating employee performance, behaviour or conduct and discipline.
d. The University does not use real-time electronic monitoring for the purposes of monitoring employee activity in the normal course of its operations.
e. University access to information obtained from electronic monitoring tools for employment-related purposes requires prior approval from senior leadership of the University. Further, the University’s use of such information is subject to any rights an employee may otherwise have per their employment contract, collective agreement or otherwise at law.
f. This Policy does not create any new privacy rights for employees or a right to not be electronically monitored. Nothing in this Policy affects or limits the University’s ability to conduct, or use information obtained through, electronic monitoring tools, subject to applicable law.
g. Nothing in this Policy is intended to amend or supersede any grievance procedure or other aspect of any applicable collective agreement.
h. If the University collects any personal information, as defined in the Freedom of Information and Protection of Privacy Act (FIPPA), when using electronic monitoring tools, the University will collect, use and disclose personal information in accordance with applicable legislation, including, but not limited to, FIPPA.
3.2 Posting, Notice and Retention
a. The University will provide all current employees with access to or a copy of this Policy within 30 calendar days of implementation.
b. The University will provide all employees hired after this Policy is first implemented with access to or a copy of this Policy (or the applicable revised version) within 30 calendar days of the employee’s start date.
c. The University will provide a copy of this Policy to assignment employees assigned to perform work for the University within 24 hours of the start of the assignment or within 30 days of the Policy’s implementation, whichever is later.
d. The University will retain a copy of this Policy and any revised version of this Policy for a period of three (3) years after it ceases to be in effect.
3.3. Admendments
a. The President of the University may amend this Policy from time to time in their sole discretion. If this Policy is amended, the University will provide each employee with access to or a copy of the amended Policy within 30 calendar days of the date the amendment(s) become effective.
4. Roles and Responsibilities
The Vice-President Finance & Administration or designate will be responsible for implementation of this Policy and may establish procedures, and guidelines pursuant hereto from time-to-time.
| Legislative History: | Approved by the President on October 5, 2022 |
|---|---|
| Date of Next Review: | Fall 2027 |
| Policies Superseded by this Policy: | None |
| Related Policies, Procedures and Guidelines: |
|
Appendix
| APPENDIX A | |||||
| Electronic Monitoring Tool | Circumstances in which Electronic Monitoring May occur | How Electronic Monitoring Occurs | Purpose(s) for which the collected information may be used | ||
| Physical Security | YU-cards or other access devices such as key FOBs, badges, ID cards, etc. with electronic functionality | At any time during use | An electronic sensor creates a record each time an authorized user scans their key fob and enters the University’s premises | Authenticating entry into buildings; purchasing goods/services on campus; library and equipment borrowing | |
| Campus vehicle management | At any time during use | A record is created of the user/operator of each vehicle. Mileage and other usage data may be recorded within the vehicle. | Track user activity
Fleet management and driver safety / security
|
||
| Parking Lot Premises Monitoring | At any time during use | An electronic image or record of license plate is captured of vehicles parked on University premises | Access to campus/ parking regulation enforcement | ||
| CCTV Video Camera Systems (facilities) | Continuous | Cameras record video footage of specific areas within the University’s facility. | Physical security | ||
| Network Security | Firewalls, Virtual Private Networks (VPN)/Web Gateway | Continuous | Network security programs and tools to monitor use and access of University systems and networks. | Network Security | |
| IT security software / cybersecurity prevention tools and software (including spam/phishing emails) | Continuous | Software tracks and triggers events for suspicious or risky user activity, including email and internet activity. | Network Security | ||
| Endpoint threat detection (“ETDR”) and response protection tools | Continuous | “ETDR” monitors the use of workstations (programs run, files read and written, etc.) and compares it against a baseline to detect abnormalities and potential unauthorized use. | Network Security | ||
| Wi-fi access points | At any time during use | A log entry is created for each user accessing Wi-fi | Wi-fi connectivity | ||
| Computer Software | Communication and productivity software | Continuous | Records and/or backups created based on use of specific software | Various functions in support of work product and security | |
| Administrative and internal management software | Continuous | Records maintained regarding employee details | Various administrative functions | ||
| Employee mobile device management | Continuous | Records of statistical usage created | Various administrative and security functions | ||
| Telecom system | Continuous | Records of call logs created | Various administrative functions | ||