Winter 2023 Final Paper

Submitted by Sadaf Shahzad

March, 21 2022 LREL 6025 Winter 2023

This paper is divided into three sections concerning privacy, whistleblowing and working time.

Each section will address the problems with the current regulatory regime, and will provide

guidance with regards to what principles should govern the same.

I. Privacy

The right to privacy has been defined by Warren and Brandies to mean the right to be left alone. 1

Courts have also recognized the right of privacy as underlying specific Charter2 rights and

freedoms.3 For the purposes of this paper, we will be focusing on informational privacy and laws

protecting the same. The regulation of an individual’s right to informational privacy remains

even more important with recent technological advancements and the popularity of remote work.

This section will provide a brief overview of the current regulatory regime, along with

deficiencies that exist within it. It will argue that for a new regulatory scheme there must be

clearer policies in place, better enforcement mechanisms vis a vis the role of the Privacy

Commissioner, and an overall balancing of the employees’ right to privacy with the employer’s

legitimate business objectives.

A. Current Legal Regime

Canada currently has two federal privacy laws. The Privacy Act4 protects the privacy of

individuals with respect to their personal information held by a government institution. 5 The

1
Samuel D. Warren & Louis D. Brandeis, “The Right to Privacy” (1890) 4:5 Harvard Law Review.
2
Canadian Charter of Rights and Freedoms, Part I of the Constitution Act, 1982, being Schedule B to the Canada
Act 1982 (UK), 1982, c 11.
3
John D.R. Craig, “Invasion of Privacy and Charter Values: The Common Law Tort Awakens” (1997) 42 McGill L.J.
355.
4
Privacy Act, RSC 1985, c. P-21.
5
Ibid, s. 2.
Personal Information Protection and Electronic Documents Act 6 (PIPEDA) establishes rules to

govern the collection, use and disclosure of personal information by organizations in a manner

that recognizes the right of privacy of individuals.7 PIPEDA is only applicable to employees and

organizations in operation of federal work, undertaking or business. 8 It is not applicable to the

individual collection and usage of information, or the usage by an organization in respect of

personal information that the organization collects, uses or discloses for literary, journalistic or

artistic purposes.9

At a provincial scale, there are some provinces that have enacted privacy laws. Four common

law provinces have a statutorily created tort of invasion of privacy namely British Columbia,

Manitoba, Saskatchewan and Newfoundland. The privacy acts in all four of these provinces are

very similar. Privacy protections in Ontario, however, are found in common law. The tort of

intrusion upon seclusion was first recognized by the Ontario Court of Appeal in Jones v Tsige10.

The recognition of a right of privacy underlying s.8 of the Charter, and given the principle that

common law should be developed in a manner consistent with Charter values, also supports the

recognition of damages for intrusion upon the plaintiffs seclusion. 11 In the case of Colwell v.

Cornerstone Properties Inc.12 T.D Little J. of the Ontario Superior Court also recognized that

while Ontario does not have any applicable privacy legislation, there is a tort of the invasion of

privacy.

6
Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (PIPEDA).
7
Ibid, s. 3.
8
PIPEDA, supra note 6, s. 4 (1)(b).
9
PIPEDA, supra note 6 , s 4 (2)(b).
10
Jones v. Tsige, 2012 ONCA 32.
11
John D.R. Craig, “Invasion of Privacy and Charter Values: The Common Law Tort Awakens” (1997), 42 McGill L.J.
355.
12
Colwell v. Cornerstone Properties Inc., [2008] O.J. No. 5092.
B. Recommendations

After being enacted in 2000, PIPEDA has not changed significantly. It can be argued that with

the evolution of technology, it is necessary it is necessary for privacy laws to evolve to overcome

the new threats to an individual’s privacy.

For a new law to come into place, it must have clear policies and clear expectations. The

employee must be aware of the employer’s privacy policy and any monitoring and/or collection

of information that occurs. The newly enacted s. 41.1.1 in PIPEDA does require employers with

more than twenty five employees to disclose whether and how they electronically monitor their

employees. It would be beneficial for a new regulatory regime to define what constitutes

“electronic monitoring”. PIPEDA fails to define this broad term and what kind of monitoring an

employee should be cognizant of. New regulations can also seek to limit the types of monitoring

that are permissible. For instance it should not be permissible for an employee’s devices to be

constantly under surveillance even during their downtime. Additionally, there can be

requirements for an employer’s privacy and monitoring policies to be clear and concise. It is

often difficult for employees to read and comprehend the implications of complex legal jargon.

Privacy policies should therefore be formulated in a clear way outlining the exact means of

monitoring and have requirements for these monitoring policies to be reasonable.

It would also be beneficial for the employees’ consent to play a more active role in the

collection of the employees’ personal information. PIPEDA does address the need for the

employees’ consent when collecting their personal information. Section 4.3 in Schedule 1 states

that the knowledge and consent of the individual are required for the collection, use or disclosure
 13
of personal information. In Wansink v. TELUS14, it was held that an employer cannot collect

an employee’s personal information if he has refused to give consent. PIPEDA only allows for

collection without consent when it is in the interests of an individual and consent cannot be

obtained in a timely manner, or if the collection is for reasonable purposes. 15 However, with

recent innovations in information technology, there has been an increase in the complexity of the

collection of personal information.16 In the report of the House of Commons Standing Committee

on Access to Information, Privacy and Ethics (the Privacy Committee), it was confirmed that due

to the frequency of interactions with organizations that collect information, it is impossible for

individuals to take the time to give actual consent. 17 Employees often are not aware of when their

personal information is being collected and if they have consented to the same. Keeping this in

mind, employers need to be cognizant of the increasing difficulty in obtaining meaningful

consent from employees. To counteract this, a new regulatory approach can have requirements

for employers to have easily understandable privacy policies in place. These policies will require

that employees will be informed when personal information is being collected, and if it is being

shared with any third parties and/or the purpose of such collection. 18 This places the principle of

the employees’ consent as that of paramount importance when collecting their private

information, even if they are not aware of information being collected.

The safeguarding of personal information retained by employers is also a key concern that must

be addressed by a new regulatory scheme. PIPEDA provides that personal information is to be

13
PIPEDA, supra note 6, Schedule 1, s. 4.3
14
Wansink v. TELUS, [2007] F.CJ. No. 122.
15
PIPEDA, supra note 6, s. 7.
16
Canada, Parliament, House of Commons, Special Standing Committee on Access to Information, Privacy and
Ethics, Towards Privacy by Design: Review of the Personal Information Protection and Electronic Documents Act,
42nd Parliament, 1st Sess ( February 2018) (Chair: Bob Zimmer) at page 14 (“PIPEDA Report”).
17
Ibid.
18
PIPEDA Report, supra note 16, at page 21.
protected by security safeguards appropriate to the sensitivity of the information. 19 These security

safeguards are to protect personal information against loss or theft, as well as unauthorized

access, disclosure, copying etc.20 The new regulatory scheme can take guidance from the

European Union’s General Data Protection Regulations21 to enact more robust protections for

the storing and sharing of an employee’s personal data. For companies processing or storing

personal data on a large scale basis, there can be a requirement to appoint a data protection

officer. The tasks of the data protection officer can be to monitor compliance with the data

privacy law, and to act as a contact point for the supervisory authority on issues relating to

processing.22 Additionally, recognizing the sensitivity of an employees’ personal information,

there can also be procedures to follow in circumstances where there has been a data breach.

Employees can be informed immediately so they can take appropriate measures.

Another guiding principle in a new regulation is to balance the employee’s right to privacy with

the business interests of the employer. In the digital age, social media usage has arisen

considerably. This has led to employees making social media posts that might reflect badly on

their employer. In the Sheridan23 case, the employee in question received a warning about his

twitter posts. His posts while shared on his personal twitter page reflected badly on the college as

it could be deduced from his profile that he was an employee at Sheridan. Following the

reasoning in Sheridan, it will therefore not be a violation of the employee’s right to privacy if

they are penalized for their social media posts if they jeopardizes the employer’s business

interests. Currently, PIPEDA does not provide any guidance regarding the same. To address this

lacunae in the law, a new regulation can highlight circumstances in where an employer’s
19
PIPEDA, supra note 6, Schedule 1, Principle 4.7.
20
PIPEDA, supra note 6, Schedule 1, Principle 4.7.
21
EC, General Data Protection Regulation, (2016) OJ, L 119 (GDPR).
22
Ibid, art. 39.
23
Sheridan College v OPSEU (2022).
monitoring an employee’s public social media posts wherein the employer can be implicated will

not be considered a breach of their privacy rights. This is particularly important when

considering the actions of model employees such as teachers, athletes or other public figures who

can seriously damage the employer’s business through their social media posts.

The role of the Privacy Commissioner is a major aspect of PIPEDA that requires a complete

overhaul. PIPEDA is enforced by the Privacy Commissioner of Canada, who investigates and

helps businesses improve their personal information handling practices. However, the Privacy

Commissioner can only make findings and recommendations, his decision is not binding. If a

party wants a binding outcome, they must proceed to a hearing in Federal Court. Recognizing

this shortcoming, Bill C-27 is currently before Parliament and if passed it would replace

PIPEDA with a new Consumer Privacy Protection Act and strengthen enforcement. It would be

incredibly useful for a new regulatory regime to incorporate the same and give the Commissioner

power to impose monetary penalties or fines, and make binding decisions. This will also reduce

the burden on the Federal Court and will allow for a more efficient procedure in resolving issues.

C. Conclusion

In conclusion, the right to privacy, especially in the realm of informational privacy, remains

crucial in light of technological advancements and remote work. Although Canada has federal

and provincial privacy laws, deficiencies exist in their enforcement mechanisms and balancing of

employees' privacy rights with employers' legitimate business objectives. To address these

issues, a new regulatory scheme should have clear policies, define what constitutes electronic

monitoring, limit the types of monitoring permissible, require clear and concise privacy policies,

and emphasize employees' consent. Additionally, safeguarding personal information retained by

employers is important. As technology continues to advance, privacy laws must evolve to protect

individuals' privacy rights.

II. Whistleblowing

Whistleblowing is the public disclosure by an employee of illegal fraudulent, corrupt and/or

harmful activities being carried out by the employer or on behalf of the employer. 24 There has

been a demonstrated strong public interest in ending corrupt and illegal practices, and in

protecting those employees who for legitimate reasons go public to bring an end to such

practices.25 In Canada, there are laws in place and a body of jurisprudence that regulate

whistleblowing. However, this regulation still leaves much to be desired. This section will

provide a brief overview of the regulations governing whistleblowing, and will then delve into

potential improvements that can be enacted within the legal regime to address various lacunae

within the law. In doing so, this section will argue that a new whistleblowing law must have

clear standards to regulate whistleblowing and clearer mechanisms to prosecute the same, with

the protection of employees being of paramount importance.

A. Current Regime

Whistleblowing in the federal public sector is protected under the Public Servants Disclosure

Protection Act26. The salient features of the act pertain to establishing a procedure for the

reporting of wrongdoings. In the act there is an attempt to balance the employees’ freedom of

24
John D.R Craig, “Freedom of Expression and Whistleblowing in the Workplace” at page 2 (Craig).
25
Ibid at page 2.
26
Public Servants Disclosure Protection Act, S.C. 2005, c. 46
speech with their duty of loyalty to the employer. 27 The PSDPA requires the establishment of an

internal disclosure procedure with the designation of a senior officer to manage disclosures in the

public sector (s. 10). An employee can also can also disclose wrongdoings to a senior officer or

to the Public Sector Integrity Commissioner (s. 12 and s. 13). The PSDPA also establishes

protections for employees who have to face reprisals or threats thereof at the workplace.

Complaints can be made to the Commissioner if there is reasonable ground for believing that a

reprisal has been taken against an employee (s.19). The Commissioner has the power to refer

cases regarding reprisals to the Public Servants Disclosure Protection Tribunal (s. 20.7).

For private sector employees, the Criminal Code28 has a provision that safeguards them against

threats and retaliation by the employer in cases of whistleblowing. S. 42.5(1) of the Code

provides that no employer or any person acting on behalf of the employer can threaten or take

any disciplinary measure or adversely the affect the employment of any employee with the intent

to silence the employee or to retaliate against them for disclosing actions that are in

contravention to federal or provincial laws or regulations. Other examples of provincial laws and

statutes of specific application that regulate whistleblowing also exist.

B. Improvements to the Regulatory Regime

The protections afforded under the Criminal Code to employees in the private sector are

lackluster. The PSDPA has also been criticized for a number of shortcomings that it possesses. In

2016, the President of the Treasury Board asked the House of Commons Standing Committee on

Government Operations and Estimates (the Committee) to conduct a review of the PSDPA. The

Committee’s statutory review report of the PSDPA presented in 2017 contained a number of

suggestions. Although the Committee’s suggestions were never incorporated in the law, it still
27
Craig, supra note 24 at page 3.
28
Criminal Code, RSC 1985, c C-46.
brought forward a number of important points that can be considered in recommending changes

to the current regime. To address these shortcomings it would be beneficial for the following

principles to be of paramount importance in a new regulatory approach.

Firstly, the employees’ freedom of expression at the workplace must be at the forefront when

formulating new regulations on whistleblowing. In guaranteeing employees freedom of

expression at the workplace, a broader definition of whistleblowing can be incorporated in the

law. The PSDPA defines wrongdoing under s.8 in a limited capacity to mean gross

mismanagement, misuse of public funds or assets, serious breaches of the code of conduct and

acts that create danger to the life, health or safety of persons or the environment. A new standard

outlining whistleblowing can have a definition that includes actions that threaten the integrity of

an organization, actions against its mission and vision and the abuse of authority. This definition

allow for a clear standard and perhaps a more expansive threshold to allow for an early detection

of wrongdoing in an organization.

It has been recognized in case law that an employees’ freedom of expression must be balanced

against their duty of loyalty and fidelity to the employer (Fraser v. Canada [1985] 2 SCR 455).

However, whistleblowing is not a violation of the employees’ obligation of loyalty. In fact,

whistleblowing is actually beneficial to the employer and will be keeping with the employees’

obligation of fidelity and loyalty. It employer to be mindful of corrupt practices, and allows its

practices to stay aligned with the organizations values. It would also be useful, if a new

regulatory approach fosters the culture of whistleblowing and accountability within an

organization. This will not change organizational attitudes against whistleblowing but will

encourage employees to speak out if they see a wrongdoing.

Secondly, there need to better and more effective channels to deal with cases of whistleblowing.

Currently, as per Ministry of the Attorney General, Corrections Branch (1981), the duty of

loyalty requires an employee to exhaust internal whistleblowing mechanisms before going

public. It is worth considering that when wrongdoing extends to the highest echelons of an

organization, internal reporting mechanisms will not be effective. In these situations employees

reasonably believe that an internal complaint will be pushed under the carpet or there might be

serious consequences if they come forward. This highlights the need for the presence of multiple

channels for disclosure under a new or an amended law. It would also be beneficial to allow

individuals who reasonably believe that there is no safe way to address the complaint internally

or through a regulator, to go public. Currently, the PSDPA only allows whistleblowers to go

public in case there insufficient time to follow internal procedures, and if there’s a threat to the

life, health or safety of the public. This creates a very restrictive channel for whistleblowers who

want to disclose major wrongdoings and cannot use internal procedurals.

Thirdly, there need to be stronger protections in place for employees. These protections can be

against reprisals and in ensuring the confidentiality of the whistleblowers and any witnesses

involved. While, the PSDPA and the Criminal Code recognize that employees should be

protected from reprisals, there need to be tougher penalties in place. The PSDPA can be

amended to allow for a range of civil and employment remedies and sanctions on the person

having exercised reprisals.29 This will create a culture of accountability, and will go a long way

in keeping employers from retaliating against whistleblowers. There also need to be alternative

avenues of employment for whistleblowers, such as transfer to a different branch while

maintaining confidentiality, and perhaps even an inter-departmental transfer if that is an option

29
Canada, Parliament, House of Commons, Standing Committee on Government Operations and Estimates,
Strengthening the Protection of the Public Interest with the Public Servants Disclosure Protection Act, 42nd
Parliament, 1st Sess (June 2017) (Chair: Tom Lukiwski) at page 60 (“PSDPA Report”).
that is available. This protection offered against reprisals can also extend to any individual who

helped the whistleblowers as well. 30 In extending the protection offered against reprisals,

whistleblowers should also be given a more efficient channel of reaching the Public Servants

Disclosure Protection Tribunal. Currently cases can only be referred to the Tribunal if they are

referred by the Commissioner and very few cases actually reach the Tribunal. This process of

requiring the whistleblower to go through an executive branch agency “perverts” the separation

of powers, and creates a bottleneck effect.31 Under a new regulatory system, a whistleblower can

directly apply to the tribunal to seek an expeditious remedy, rather than go through a prolonged

procedure through the Commissioner. This shortened procedure will allow for greater

accountability, and more protections for whistleblowers.

Lastly, it would also be beneficial for a new law to have requirements for private organizations

not covered under the PSDPA to have robust internal policies in place to deal with

whistleblowing. This can also include regular evaluations by the office of the Commissioner or

the Treasury to ensure the policies meet the minimum requirement.

C. Conclusion

Although Canada has regulations in place to protect whistleblowers, there is still much to be

desired in the current regime. The new whistleblowing law must have clear standards to regulate

whistleblowing and clearer mechanisms to prosecute the same, with the protection of employees

being of paramount importance. It is suggested that the regulatory approach fosters the culture of

whistleblowing and accountability within an organization. Additionally, better and more

30
Ibid at page 61.
31
Ibid at page 62.
effective channels to deal with cases of whistleblowing need to be established, especially when

wrongdoing extends to the highest echelons of an organization. The new law must balance the

employees’ freedom of expression with their duty of loyalty to the employer and allow

individuals to go public if they reasonably believe that there is no safe way to address the

complaint internally or through a regulator. It is hoped that these changes will strengthen the

whistleblowing regime and encourage employees to speak out against wrongdoing, ultimately

leading to a more transparent and accountable corporate culture.

III. Working Time

Covid-19 has changed the notions of modern-day work. There has been an evident breakdown of

the home and office divide as a large number of employees have started teleworking. Employees

have found themselves working around the clock, whether its checking emails or replying to

messages on their phones. The law governing working time, however, has not evolved as quickly

with the changing notions of work and working time. This section will address the issues within

the regulatory scheme in addressing modern day notions of working time, and will then delve
into the need for a right to disconnect to be incorporated in the law and principles needed to

govern the same.

A. Current Regime

Time is regulated under Ontario’s Employment Standards Act32, and is linked to the employees’

compensation and benefits. The ESA allows for an 8 hour work day and overtime if 44 hours per

week is exceeded, allowing for some exceptions. 33 It lays down the need for 11 consecutive

hours free each day and 8 hours free between shifts. 34 Breaks are to be at least thirty minutes, and

no employee can work more than 5 consecutive hours. 35 Lastly, the employee is entitled to

holiday leave, sick leave and vacations. 36 Employees are also entitled to time in lieu of overtime

pay and 1.5 hours of paid time off for each overtime hour worked.

More so, in recognizing changing global trends the Ontario government recognized the “right to

disconnect” through the Working for Workers Act37. This act amended the ESA to include

provisions governing the right to disconnect. Disconnecting from work was defined to mean not

engaging in work-related communications, including emails. Telephone calls, video calls or

sending or reviewing other messages so as to be free from the performance of work. 38 Employers

who had 25 employees or more, are now required to have a written policy in place with respect

to disconnecting from work.39 However, no guidance is provided regarding the content of the

right to disconnect policy and no mechanism is laid down for its enforcement.

B. Recommendations
32
Employment Standards Act, S.O. 2000, c. 41 (ESA).
33
Ibid at s. 17.
34
ESA, supra at note 32, s. 18.
35
ESA, supra at note 32, s. 20.
36
ESA, supra at note 32.
37
Working for Workers Act, S.O. 2021, c. 35.
38
ESA, supra at note 32, s. 21.1.1.
39
ESA, supra at note 32, s.21.1.2(1).
Essentially, the right to disconnect allows employees to disconnect from work and enjoy

downtime. This involves not answering emails, or replying to work related texts or calls in their

downtime. The ESA provides little to no guidance in what a right to disconnect policy should

look like. It gives the employer wide discretion and simply states that the written policy required

can contain such information as may be prescribed. 40 For any policy to be effective, it would be

useful for the regulatory scheme to set out a floor of rights that must be guaranteed. A key

guiding principle in any regulatory regime must be ensuring the employees’ overall health and

mental wellbeing. Research has demonstrated that the organization of working time has profound

effects on the physical and mental health of employees and on their well-being. 41 Overwork

without breaks can cause exhaustion, illness and mental health issues for employees. 42

Additionally, in order to account for the varying nature of different industries and workplaces,

the new regulation can have mandatory and default arrangements. 43 The mandatory arrangement

can be legally binding so the content cannot be changed. 44 The default arrangements can be

negotiated between the employers and the employees and/or their representative. 45 This will

allow for flexibility for various employers but will simultaneously ensure that the employees’

welfare is safeguarded.

In order to ensure effective enforcement of the new regulations, there need to be penalties in

place. The ESA requirement for the right to disconnect seems to be soft law as the ESA does not

outline any repercussion for noncompliance. There is also no penalty if the content of the policy

is subpar and affords mere lip service. Employers may use this gap in the ESA to draft a

40
Ibid.
41
Tammy Katsabian, “It's the End of Working Time as we Know It: New Challenges to the Concept of Working Time
in the Digital Reality” (2020) 65:3 McGill L.J. 379.
42
Ibid.
43
Ibid.
44
Ibid.
45
Ibid
namesake policy to simply meet the regulatory requirement without real enforcement.

Regulations imposing penalties such as monetary fines against employers with policies less than

the minimum threshold outlined in the law, will go a long way in ensuring effective enforcement.

A statutory body can also be set up under the regulatory scheme to listen to complaints arising

from the right to disconnect policy. The body can be given the task to audit right to disconnect

policies from time to time and measure organizational compliance. In doing so principle of the

employees’ wellbeing and their right to enjoy their time off is of primary focus.

Additionally, within a new regulatory system adequate protection for the employees is a key

principle that needs to be incorporated. This protection will exist for those employees who

exercise their right to disconnect. For instance, the employer may look more favorably on an

employee who continues to be available and answers work related emails versus than employee

who exercises their right to ignore such communication. The employer may also retaliate against

the employee by withholding promotions or increments. In cases like these, the employee’s

rights must be protected by the statute. The employee may also approach the statutory body set

up to adjudicate complaints in case they face repercussions by their employer.

Lastly, it would be beneficial to have better time management where employees are paid for the

time that is worked beyond the required hours. This can include time spent answering emails on

their phone, taking work calls outside of work timings. American courts have attempted to

clarify whether using technology in brief intervals fits within the definition of work. 46 In doing

so, they have created both a test to determine when an employee's activities should be deemed

compensable.47 Conversely, most employees do not work on an hourly basis but companies can

46
Ibid.
47
Ibid.
include policies where overtime work is rewarded through monetary means. It serves as adequate

compensation for employees, where they can log in hours that they have worked overtime.

C. Conclusion

In conclusion, the COVID-19 pandemic has brought about significant changes in the way we

work, blurring the lines between home and office and resulting in a need for a right to disconnect

from work. While the ESA provides some regulations regarding working hours, breaks, and

overtime pay, it does not adequately address the need for a right to disconnect. Therefore, it is

crucial to incorporate a right to disconnect policy in the regulatory scheme to safeguard the

employees' overall health and well-being. This policy should have mandatory and default

arrangements, with penalties for noncompliance, and adequate protection for employees who

exercise their right to disconnect. Better time management and compensation policies for

overtime work can also help improve employees' overall welfare. Ultimately, ensuring that

employees have adequate time to disconnect from work and enjoy their personal time is vital for

their physical and mental health, and the regulatory framework must reflect this.
 TABLE OF AUTHORITIES

STATUTES
Canadian Charter of Rights and Freedoms, Part I of the Constitution Act, 1982, being Schedule
B to the Canada Act 1982 (UK), 1982, c 11.
Criminal Code, RSC 1985, c C-46.
EC, General Data Protection Regulation, (2016) OJ, L 119 (GDPR).
Employment Standards Act, S.O. 2000, c. 41.
Privacy Act, RSC 1985, c. P-21.
Personal Information Protection and Electronic Documents Act, SC 2000, c 5.
Public Servants Disclosure Protection Act, S.C. 2005, c. 46.
Working for Workers Act, S.O. 2021, c. 35
CASES
Colwell v. Cornerstone Properties Inc., [2008] O.J. No. 5092
Jones v. Tsige, 2012 ONCA 32.
Sheridan College v OPSEU (2022)
Wansink v. TELUS, [2007] F.CJ. No. 122

SECONDARY SOURCES

ARTCILES
Craig, John D.R. “Invasion of Privacy and Charter Values: The Common Law Tort Awakens”
(1997) 42 McGill L.J. 355
Craig, John D.R “Freedom of Expression and Whistleblowing in the Workplace”
Warren, Samuel & Brandeis, Louis D. “The Right to Privacy” (1890) 4:5 Harvard Law Review.
Katsabian, Tammy “It's the End of Working Time as we Know It: New Challenges to the
Concept of Working Time in the Digital Reality” (2020) 65:3 McGill L.J. 379

REPORTS
Canada, Parliament, House of Commons, Special Standing Committee on Access to Information,
Privacy and Ethics, Towards Privacy by Design: Review of the Personal Information Protection
and Electronic Documents Act, 42nd Parliament, 1st Sess ( February 2018) (Chair: Bob Zimmer)
Canada, Parliament, House of Commons, Standing Committee on Government Operations and
Estimates, Strengthening the Protection of the Public Interest with the Public Servants
Disclosure Protection Act, 42nd Parliament, 1st Sess (June 2017) (Chair: Tom Lukiwski)