No limitation.                       Pick the right level of disclosure.   security  risk;  however,  employers
        Bill  88  does  not  impose  a  limit  on  Organizations  typically  keep  security   should  be  aware  of  the  risk  and
        electronic   monitoring,   which   is  controls   confidential   to   protect   not  take  the  Bill  as  an  invitation  to
        permissible  in  Ontario  absent  an  against  adversary  behaviour  called   disclose too much. We see no reason,
        express  contractual  or  collective  “threat  shifting”  -  the  shifting  of   for  example,  to  identify  software
        agreement      restriction.   Such  tactics to circumvent existing, known   make  to  comply.  This  simple  table
        monitoring  restrictions  are  rare  in  controls.  The  disclosure  that  Bill   that  sets  out  the  information  as
        most  sectors.  Note  that  unionized  88  requires  is  unlikely  to  create  a   follows should suffice (see below).
        employers  continue  to  face  the
        possibility  of  grievances  alleging
        that  monitoring  constitutes  a  privacy   Tool      Circumstances  How                     Purpose
        violation   under   their   collective                              “EDR” monitors the use
        agreements,  though  most  unionized                                of workstations (programs
        employers  are  already  transparent                                run, files read and written,
        about   their   use   of   monitoring   Endpoint                    etc.) and compares it    Network
        technologies.                         detection and   Continuous    against a baseline to    security
                                              response
        List network security tools.                                        detect abnormalities and
        Bill  88  does  not  distinguish  between                           potential unauthorized
        monitoring  via  software  installed                                use.
        on  “endpoints”  (workstations  and                                 On board sensors detect
        handhelds)   and   other   network                                  and report on vehicle
        devices,  and  most  employers  now                   All fleet     location, driver behaviour   Fleet
        compile  and  use  a  wide  range  of   Vehicle       vehicles      (hard braking, rapid     management
        data  for  network  security  purposes.   Telematics  during on     acceleration, etc.) and   and driver
        Employers  should  list  applications                                                        safety and
        regardless of where they are installed                shift use     engine diagnostics. For   security
        on the network.                                                     more information see our
                                                                            Vehicle Telematics Policy.

        www.lbmao.on.ca                                                            LBMAO Reporter - May-June 2022  21