Electronic media, such as email and the internet now forms part of most workplaces. At the same time, developments in information technology have expanded the parameters of surveillance of employees in the workplace, providing employers with the ability to monitor email and internet use.
Any business or employer considering the introduction of electronic surveillance in the workplace should ensure they are first compliant with legislative requirements or face potential penalty. This article gives a brief overview of employer‟s rights and responsibilities with respect to electronic workplace surveillance.
In NSW, the Workplace Surveillance Act 2005 commenced on 7 October 2005 and restricts the ability of employers to monitor computer usage (among other things) by its employees. This includes controlling the extent to which employers can block their employee‟s access to email and the internet.
The Act extends what is meant by the term „employee‟ to include others in the workplace, such as long term contractors and those under labour hire arrangements, to ensure that those „employees‟ also benefit from the protections provided under the Act.
Further, protection is provided to employees extending beyond the traditional workplace, such as an office or the factory floor, to anywhere an employee is working. This is significant given the increasing number of employees working remotely from home or other public places.
The Act prohibits employers carrying out computer surveillance - taken to include surveillance by means of software or other equipment that monitors or records the information input, output or other use of a computer (including sending and receiving emails and accessing websites) unless the surveillance complies with the Act.
An employer is only permitted to carry out computer surveillance of an employee if it is either „notified surveillance‟ or authorised „covert surveillance‟ as defined by the Act.
Employers are required to provide written to their employees at least 14 days before any intended surveillance is to occur. The Act provides that the notice must provide:
- that computer surveillance is to be carried out;
- how it will be carried out;
- when the surveillance will start;
- whether the surveillance will be continuous or intermittent; and
- whether the surveillance will be limited or ongoing.
Any surveillance which cannot be classified as notified surveillance is covert surveillance. This type of surveillance is only permissible where:
- a covert surveillance authority is obtained from a Magistrate for the sole purpose of establishing whether a particular employee(s) are involved in any unlawful activity at work; or
- it is for the sole purpose of ensuring the security of the workplace and/or persons in it.In addition, the employer must have notified its employees in writing of such surveillance before it was carried out.
Filtering and Monitoring of Email and Websites
The Act also regulates where an employer is entitled to restrict the content of emails and websites accessed by its employees. Under the Act, employers are entitled to prevent the delivery of emails (inbound or outbound) or access to all or certain websites provided:
- the employer has a policy on email and internet access that has been notified to its employees in advance in such a way that it is reasonable to say that the employee is aware of and understands the policy;
- the employer acts in accordance with that policy; and
- where there is an email filter, the employee is notified (by a “prevent delivery notice”) as soon as it is practicable that a delivery of an email sent by or to them has been prevented (for example, by the use of an instant email notification from the mail server).
Apart from the criminal sanctions involved, failure to comply with the Act can prevent an employer relying on computer surveillance evidence in employee disciplinary matters and legal proceedings.
Contravention of the Act is a criminal offence, with fines of up to $5,500 capable of being imposed. Senior managers and directors may also be personally liable where they knowingly allow their company to contravene the Act.
The legislative requirements in NSW have now been in place for some time. However, it is important for all employers to ensure that their existing policies regarding email and internet surveillance be reviewed for ongoing compliance with the Act and to ensure for example, in the case of employee disciplinary matters, employers are able to rely on such policies.
A recommended approach for all employers is to consider incorporating notification of computer use/surveillance policies into their standard form employment contract so that employees are given the requisite notice before they start employment and enter the workplace.
To compliment this practice, employers should ensure that they have in place a written policy on computer surveillance and bring that policy to the attention of their employees as soon as possible. In addition, it may also be prudent for standard procedures to be in place to ensure that employee-recipients of blocked emails are notified as soon as practicable.
Importantly employers should consider the potential benefits and implications of workplace surveillance and monitoring. Any monitoring should be appropriate for the type of work being done and the nature of the business.