BC Freedom of Information and Privacy Association
Your Data Your Rights
An arbitrator has partially upheld a grievance filed by the Queen’s University Faculty Association (QUFA) over the university’s requirement that faculty install third-party security software on any device used for work.
After reviewing submissions from both sides and holding a hearing in Kingston on Tuesday, Nov. 4, 2025, arbitrator William Kaplan ruled on Friday, Nov. 7, 2025 that the grievance was justified in part. The decision directs Queen’s to make several significant changes affecting device reimbursement, cybersecurity protocols, and the implementation of technological changes.
According to the decision, QUFA’s grievance was filed when the university administration adopted a new rule requiring faculty members to install third-party monitoring software, Microsoft Defender for Endpoint (MDE) and Microsoft Intune, on any device they use for work, whether a computer, tablet, or phone.
QUFA argued the policy was unreasonable, violated academic freedom and privacy rights, and ignored the need for transparency and meaningful consultation. The grievance also claimed the requirement conflicted with several articles of the Collective Agreement, including provisions addressing discipline, privacy, and decision-making through joint committees.
QUFA also noted that the administration had admitted more work was needed to ensure transparency and informed consent, yet it still went ahead with the new rule regardless. According to QUFA, this was unreasonable and an improper use of management authority.
Finally, QUFA considered the policy unreasonable because it did not account for the special privacy concerns in a university setting, where the free exchange of ideas through teaching and research is essential. QUFA said the administration’s unilateral action also ignored the fact that faculty have a reasonable expectation of privacy on any device they use for work, no matter who paid for it.
Reimbursements and device requirements
One significant component of Kaplan’s ruling directs all Queen’s faculties and departments to reimburse faculty for purchasing devices, including mobile phone upgrades, through existing professional expense accounts.
The ruling clarifies that term adjunct faculty are also entitled to these reimbursements and that their expense funds must be released early in the academic term once the required forms are submitted.
(In North America, an adjunct professor, also known as an adjunct lecturer or adjunct instructor [collectively, adjunct faculty], is a professor who teaches on a limited-term contract, often for one semester at a time, and who is ineligible for tenure.)
Kaplan also ruled that term adjuncts who do not use a Queen’s University funded device cannot be required to install MDE or Intune. Instead, they may use alternative security measures — such as more frequent multi-factor authentication or activity restrictions — to access university systems. Queen’s must notify all affected term adjuncts immediately about this changed requirement and must also update its website accordingly.
New technology committee and increased transparency
The decision also requires the creation of a new Standing Joint Committee on Technology (SJCT). The committee will include three QUFA-appointed faculty members, the University’s Chief Information Officer, and two representatives appointed by the Queen’s Provost. Beginning in January 2026, the committee will meet quarterly to discuss technology issues affecting working conditions.
One of the committee’s first tasks will be to review the university’s Endpoint Protection FAQ (frequently asked questions) page to ensure it is “clear, accurate, and comprehensive.” Queen’s must consider QUFA’s suggestions in good faith and work with the committee on communicating finalized information to faculty.
In addition, Queen’s must now provide the committee with a detailed written report every quarter outlining all security threats detected by Endpoint that require university intervention. The report must include sufficient detail to provide the committee with complete transparency into the nature of each threat and the university’s response.
Advance notice for significant tech changes
Under the ruling, Queen’s Information Technology (IT) Services must hold in-person information sessions for QUFA members at least four months before introducing new major technological requirements. These sessions must allow for questions and meaningful dialogue. All significant technology changes must also be discussed at both the new SJCT and the Joint Committee to Administer the Agreement (JCAA).
Policy consultations and new privacy review
The arbitrator also ordered Queen’s to consult with QUFA before finalizing several key policies, including the new Exceptional Access Authorization Procedure and the Cybersecurity Policy for Faculty. Consultation is also required before renewing the Electronic Monitoring Transparency Policy in 2027.
Within 30 days, QUFA and the university must attempt to agree on an external provider to conduct a new privacy impact assessment of the software used in the Endpoint system. If they cannot agree, Kaplan will choose the provider from a list of names submitted by both parties. The assessment must focus on the protection of personal, research, and intellectual property data. The results must be shared with QUFA, and Queen’s must consult on any recommended changes.
Arbitrator remains involved
Kaplan concluded by stating he will remain “seized” of the matter, meaning he will stay involved to help resolve any disputes over the implementation of his ruling.
Reached for comment, a spokesperson for the university stated, “Queen’s is satisfied with the outcome of the Endpoint Protection (EP) grievance as it enables the university to maintain an EP program to safeguard university IT systems. The university is adjusting the implementation of EP on some personal devices used to access our systems to comply with the decision of the arbitrator. Additional information and a list of Frequently Asked Questions about Endpoint Protection are available on the Queen’s IT Services website.”
The Local Journalism Initiative (LJI) is a federally funded program to add coverage in under-covered areas or on under-covered issues. This content is created and submitted by participating publishers and is not edited. Access can also be gained by registering and logging in at: https://lji-ijl.ca
You can support trusted and verified news content like this.
FIPA’s news monitor subscribers, donors and funders help make these available to everyone rather than behind a paywall. We appreciate every contribution because it makes a difference.
If you found this article interesting and useful, please consider contributing here.
