Companies need to ensure they’ve checked the legal ramifications, and have an electronic usage policy in place before they embark on monitoring employee e-mail use, according to industry experts.
Employers should avoid possible affront to employee dignity, as well as the negative health effects associated with surveillance, argued Michael Gadiel from the Labor Council of NSW, at a panel discussion on balancing employer liability and employees’ rights yesterday.
He said that companies needed to provide for reasonable personal use, just as they would with the telephone. Gadiel also advised businesses to let their employees know what was the extent of the monitoring and logging of e-mails. He suggested that this should extend to making clear who was looking at this information, and how often.
Chris Cooper, director of policy at the Office of the Federal Privacy Commissioner, said principles under the Privacy Act generally permitted monitoring of employees’ e-mails.
According to Cooper, employees understand that monitoring could occur. She suggests that e-mail monitoring policies address risk assessment, proportionality, collection limitation, and openness. This means that companies needed to be thinking about the risk they were guarding againstÃÂ¢Ã¢,Â¬”such as whether there was a need to monitor everything, or just conduct random monitoring, she said.
The Privacy Act, Cooper said, acknowledged the need for investigation. However, she said that balance was also important and employers should realise that people didn’t like being watched. -It’s characterised by having the right sized hammer for the nut you want to catch,” she explained.
She said that it was also important to take into account that monitoring might capture information about a person other than the employee.
Peter Knight, a partner at law firm Clayton Utz, also warned businesses that they may have a duty to monitor electronic communication. -You can have liability because of what employees do,” he said.
Examples Knight used included a duty to keep confidential information provided to a company by another party secret, and possible defamation by employees. -There is a positive obligation to be responsible and monitor what is going on in the network,” he said. -[Businesses] should do it in a way that employees don’t feel like they’re being spied on.”