Home
| Databases
| WorldLII
| Search
| Feedback
Journal of Law, Information and Science |
KAREN WHEELWRIGHT[∗]
The increased use of email and the internet in the workplace raises important legal questions for workers and employers. The purpose of this paper is to explore some of the legal implications of use by employees of workplace email and internet systems, with particular focus on employer monitoring of the use of email and internet and its implications for employee privacy.
It is widely accepted that during the last 20 years technological change has had a profound effect on the way work is performed in many Australian workplaces. The widespread use of computers and the flexibility provided by email and internet systems means that office work need not be performed at the employer’s premises, nor be confined to the traditional ‘9 to 5’ working day.[1] The internet and email have revolutionized access to, and exchange and dissemination of, huge amounts of information for work, social and entertainment purposes. At work, email, intranet systems and the internet can facilitate speedy and efficient communications between management and staff and with clients, can assist business productivity and flexibility, and can give employees access to a vast amount of work-relevant information that it would otherwise be very costly for the employer to provide. There are also risks to the employer, which include productivity implications and legal risks.
One area of possible risk is to workplace productivity by private use by employees of the employer’s email and internet. There seems little doubt that private use of workplace email and internet is common. A recent study undertaken by Griffith University for a marketer of IT monitoring systems found that almost half of internet use in the Australian workplace is of a personal nature.[2] Research in the USA suggests that 85% of employees send or receive personal emails at work.[3] According to a 2003 British study, 50% of workers admit that surfing the internet and chatting online are their biggest time-wasting vices at work.[4] Studies estimate that employees’ private use of internet and email at work costs international companies up to £3 billion in annual revenue and US companies $1 billion.[5]
It is not clear what these surveys mean by ‘private use’ and whether they distinguish between different types of activities by employees. ‘Private use’ that consists of paying a bill or banking on line, or seeking union advice about a workplace issue, is arguably qualitatively different from private use consisting of viewing explicit images, sending blue jokes by email, or playing games on line. Private use for family or personal business purposes (as opposed to entertainment) is the inevitable result of technological developments that have blurred the boundaries between work time and private time, and working on the employer’s premises and working for the employer from home. The fact that Australians are working longer hours may also be reflected in work email use for family or private business purposes.[6] In some circumstances using the internet to bank, pay bills, or even to book an annual holiday is no more detrimental than making the occasional personal phone call or taking time off to visit the bank in person (activities generally accepted as reasonable in most workplaces), and such use might even contribute overall to productivity.
Commenting on the dangers of very restrictive email use policies, the managing director of Amazon.co.uk said, ‘Employers should ask themselves the question: do I want my employees taking an extra hour to get their Christmas shopping done, or do I want them to take 15 minutes online?’[7] There is also some evidence that the effect of IT use on productivity might not necessarily be a cause for serious concern. Professor Petric at Hertfordshire University studied 38,000 work emails. Whilst finding that a vast number of words written were dedicated to personal affairs, she also considered that it would be very foolish for employers to worry too much: ‘A lot of these emails were 30 to 50 words, only taking a few seconds to type. They are probably much less intrusive to your work than making a personal phone call from the office’.[8]
Some private use might also be reasonable in pursuit of promoting a productive balance between work life and family or private life. Work life-home life balance is a policy issue currently on the labour law agenda and is supported indirectly by equal opportunity laws that prohibit direct and indirect discrimination on the grounds of parental or carer status.[9]
The other broad area of risk is the possibility of security breaches and disclosure of confidential information, and the risk of an employer’s liability to third parties for their employees’ email communications. Lawyers are increasingly warning businesses that the widespread use of email and the ‘atmosphere of informality and carelessness’ that often pervades email communications exposes employers to legal liability to third parties for the activities of employees that constitute breaches of copyright, breaches of confidence and defamation.[10] In an email case in England, Norwich Union paid 450,000 pounds to a rival that had been libeled in an internal email.[11]
Employees who access and disseminate sexually explicit or racist material may also place employers at risk. Unwelcome images and messages of a sexual nature transmitted via email to other staff can constitute sexual harassment under Australian legislation and employers will be vicariously liable for the conduct of an employee unless the employer took reasonable precautions to prevent the dissemination.[12] It may not even be necessary for the images to be sent directly to a person for that person to be harassed – the downloading and viewing of sexually explicit images by male workers may create an uncomfortable environment for female co-workers, thereby constituting ‘harassment’. Industrial commissions have been largely unsympathetic to unfair dismissal claims from employees dismissed for viewing or disseminating sexually explicit material, or sending harassing emails, in breach of workplace equal opportunity policies. [13]
The ease and speed of electronic communication at work may make it easier for employees inclined to do so to disclose their employer’s confidential information in breach of the employment contract, or to even engage in criminal activities like fraud. More research is needed before it can be concluded that the availability of electronic communication increases the risk to the employer that employees will deliberately abuse their position of trust.
As a general principle, employers are entitled to take reasonable steps to safeguard their interests, including their interest in the security of their property.[14] In the area of email and internet use, both the productivity and liability risks are said to ‘make it essential for an employer, or any other provider of a communications network used for human communication, to actively monitor the behaviour of users, in order to lessen the risk of liability’.[15] Even if we accept that monitoring may be necessary in certain circumstances, we need to ask how the rights and interests of employers are to be balanced against the rights and interests of employees. A significant concern for employees is that monitoring appears to be a well-established and accepted facet of the electronic information and communications age at the same time as the law in Australia offers no real protection to employees against misuse and abuse of monitoring systems. Not only that, there appears to be no positive legal obligation on employers to inform their employees that they are being monitored.
In their chapter of a recent book The Evolving Employment Relationship and the New Economy, Creighton and Fenwick remark:
Never before have employers had such significant capacity to monitor employees and their performance, and to intrude upon their private lives. Employers’ monitoring and surveillance capacities have been greatly enhanced by the combination of improvements in technology, and reductions in its cost.[16]
Monitoring employees’ outgoing email can be done as part of a larger email system that checks all incoming mail for viruses or spam, and monitoring web accesses can be done as part of a firewall, or employees’ access to particular sites can be blocked.[17]
Increasingly sophisticated technology makes specific monitoring easier. Media reports indicate that a monitoring system introduced in the UK in 1999 went beyond searching for keywords (such as an obscene word) in a company’s email traffic, and could determine whether an email concerned legitimate company business or whether it could constitute fraud, deception or espionage. [18]
A fairly recent survey by an Australian law firm indicated that 75% of Australian companies periodically monitor their employees’ emails, usually by covert surveillance.[19] Australian employers are also apparently enthusiastic users of technological monitoring such as closed circuit television and data tracking devices.[20] Overseas studies confirm the trend is worldwide. The number of employees worldwide under such surveillance is estimated to be 27 million, just over a quarter of the global online workforce. In the USA, the Privacy Foundation has estimated that 14 million employees (or just over one third of the online workforce in the USA) have their internet or email use under continuous surveillance at work.[21] In 2001, the American Management Association found that more than 77% of major US firms record and review employee communications and activities on the job, including phone calls, email, internet connections and computer files. Considering email specifically, smaller surveys suggest that 20% of UK companies monitor internet usage on a monthly basis and 11% on a daily basis.[22] A recent study of the Institute of Employment Rights, an independent non-government body in England, found that surveillance of workers is becoming more widespread, more continuous, more intense and more secretive.[23]
Is increased monitoring linked to increased employer concern about the effect of non-work use of email and internet systems on productivity, and fears of misuse and abuse? It appears that what is driving the growth of monitoring email and internet activity more than any other factor is the low cost of monitoring technology.[24]
The fact of private use by employees of work email and the fact that monitoring takes place raise important questions for employees. First, in what circumstances, if any, might employees have the ‘right’ to use work email systems for private purposes? Second, what legal protections, if any, are in place to protect employees against intrusive monitoring of email and internet use?
It has already been noted that some private use of email and the internet at work is the inevitable result of the blurring of the boundary between work and private life (itself a product of technological developments), and the increased working hours of knowledge workers in Australia. It has also been argued that some permitted private use might foster a better work-family balance and may even contribute to productivity.
Although there are perceived benefits of reasonable private use, and many employers appear to tolerate a level of private use at work, there is no positive legal principle in Australian law that supports employees’ reasonable use of such workplace resources.[25] Employees must point to an express term in the contract, or to workplace policies or guidelines that have the effect of express terms because, for example, they are incorporated by reference into the employment contract.[26] ‘Reasonable private use’ clauses could be negotiated for in enterprise bargaining agreements, although usage and monitoring policies appear to be rarely addressed.[27]
Terms can be implied in fact into particular contracts, but the conditions that must be satisfied before a court will imply a term are very stringent: in particular, any term about ‘reasonable personal use’ will not be implied unless the term can be expressed with certainty and is necessary to make the contract workable.[28]
Two recent cases indicate a clear unwillingness on the part of courts and industrial tribunals to imply an employees’ right to use the employer’s email systems, at least for the purposes of communicating with the employee’s union. In Australian Municipal, Administrative, Clerical and Services Union v Ansett Airlines[29], the employer had a policy permitting use of the email system ‘for the purpose of performing lawful business activities’. An employee was dismissed for serious misconduct when she used the email system to advise union members of the outcome of a meeting of a Joint Work Group between union delegates and the company’s representatives to discuss the company’s business recovery program. The Federal Court found that the use of the email system on this occasion was authorised by the policy because Ansett established the Joint Work Group structure for its business purposes. An integral part of that structure was the communication by management and unions of meeting outcomes to employees. Accordingly, an email to union members about the meetings were ‘authorized lawful business activities’.[30] Merkel J was very careful, however, not to extrapolate any general right from the particular application of the policy to the email in question. He stated that ‘it forms no part of my decision to suggest that union delegates have any general authorization to distribute union material using their employer’s email or IT system.’[31]
In the Seven Network (Operations) case,[32] the union and the employer asked the Australian Industrial Relations Commission to resolve their dispute over the meaning of a clause in their certified agreement. Clause 16 of the agreement provided that ‘the Company shall provide workplace union representatives with reasonable paid time and facilities to represent Employees provided that sufficient notice is given to allow release of the relevant Employees’. The Commission (Larkin C) held that, whilst ‘electronic communication in this day and age is a fact of life’, ‘reasonable facilities’ did not include the general right of workplace representatives to receive emails from the union for distribution to union members at Channel 7. In the Commission’s view, the employer was entitled to concede such a right only for the purposes of the current enterprise bargaining negotiations. Channel 7’s IT policy said that the communications systems were provided to enable users to perform their duties to the company. The policy specifically prohibited messages ‘of a political or industrial nature’, including distribution of material from any union.[33]
There was a different outcome in QTU v Department of Education[34], where the Queensland Industrial Relations Commission appeared to accept as legitimate the distribution by email of material critical of the Department of Education by a teacher standing for union election. Again, the outcome was determined by the wording of the employer’s policy – here the Department’s code of conduct permitted public debate on political and social issues and the teacher’s campaign fell within that description.
In the absence of an express policy setting out the employees’ responsibilities and rights in using employer email, employees must comply with any directions or restrictions from the employer about use of its IT resources, where those directions are lawful and reasonable orders within the scope of the contract.[35] Unauthorised use will very likely be a breach of the employee’s duty of obedience. In Kenny v Epic Energy, an IT manager was dismissed for accessing inappropriate sites on six occasions over a 6-month period through his company’s internet account, but using his home computer. The Commission held that his resulting dismissal was not harsh, unjust or unreasonable, concluding that the decision ‘is based entirely on the employer’s right to place rules and constraints on the use of its assets’.[36] Unauthorized use may also breach the employee’s implied duty of fidelity, which requires the employee to act in the employer’s interests and to not use the employer’s property or resources for personal benefit, unless the employer expressly permits it.[37] All of this reflects the underlying assumption in the contract of employment that the employee must submit to the direction and control of the employer.[38]
There is increasing recognition that, whilst some level of surveillance may be justified to protect the employer’s legitimate interests, systematic and covert monitoring of employee use is not appropriate or desirable.[39] Systematic monitoring of email and internet usage, particularly covert monitoring, has significant implications for employee privacy and morale. Email and internet monitoring are very different from the traditional forms of supervision that have been accepted in the workplace. The nature of modern technology means that this monitoring is more extensive, more intrusive, able to be done covertly, and creates a ‘permanent, reproducible record of an individual’s activities’.[40] Employment law doctrine permits an employer to justify an employee’s dismissal by facts discovered after the dismissal has been effected, as long as the facts existed at the time of dismissal.[41] Permanent records of ‘misuse’ of the employer’s IT systems therefore place employees in an invidious position, particularly where the surveillance has been covert.[42] Systematic surveillance may inject an air of suspicion and hostility in the workplace. There is evidence that monitoring may reduce productivity.[43] More importantly, systematic, suspicionless monitoring of communications reflects a lack of respect for the privacy, dignity and autonomy of the individual employee.
In Australia, there are few protections for employees against covert surveillance of email and internet use. There is no general right to privacy, and the statutory protections against surveillance do not appear to cover email and internet monitoring. Very few certified agreements and individual contracts are likely to deal with the issue. In the absence of proper protections, employers effectively have a de facto right to monitor their employees’ use of email and the internet. Whilst individual remedies such as unfair dismissal actions or actions for breach of trust and confidence may be available for intrusive monitoring in a limited range of situations, they can be invoked only after monitoring has occurred. Each of these matters is discussed below.
There has been increasing interest in Australia over the last few years in the issue of employee privacy from the media, the trade union movement, and as a result of the work of the Privacy Commissioner and some law reform commissions.[44] The concept that employees should be accorded some degree of privacy is not new. In 1944, the Constitution of the International Labour Organisation stated that workers should work ‘in conditions of freedom and dignity’.[45] It has been said that: ‘No man or woman on entering into an employment contract thereby agrees to forego those basic liberties which distinguish our society from more barbarous regimes’;[46] and that in our liberal society, most staff do not expect to completely sacrifice their privacy whilst at work.[47] Nevertheless, the liberal values of individual privacy, dignity and autonomy are not, as yet, recognised by the common law in Australia for citizens generally, or for employees specifically.
In a recent case, however, some members of the High Court have spoken in favour of the development of privacy protections within already-established legal and equitable principles, or even the development of a new principle ‘protecting the interests of the individual in leading to some reasonable extent, a secluded and private life free from the prying eyes, ears and publications of others’.[48] The principles discussed by the High Court have been relied upon in a recent Queensland case to award substantial damages to a female plaintiff ‘based on the actionable right of an individual person to privacy’.[49] The plaintiff suffered post traumatic stress disorder as a result of being stalked and harassed by a man with whom she had had a relationship. The court set out the four essential elements of the cause of action. These are, in summary (1) a willed act of the defendant, (2) which intrudes upon the privacy or seclusion of the plaintiff, (3) in a manner that would be considered highly offensive to a reasonable person, and (4) which causes the plaintiff detriment, or hinders or prevents the plaintiff from doing an act which she is lawfully entitled to do.[50]
Whilst these developments appear promising, Australia currently lags behind other western liberal democracies, where there is recognition of a general right to privacy. Examples include Article 8 of the European Convention on Human Rights, the Quebec Charter of Human Rights and Freedoms, the Human Rights Act 1998 (UK) and common law recognition of privacy rights in New Zealand and the USA.[51] There are also controls over the collection and sharing of private information, including information about employees. The European Union Directive on Privacy and Electronic Communications, which has operated since October 1998, establishes uniform minimum standards of privacy protection in the collection and sharing of data.[52]
Some of these laws provide positive protection against covert email monitoring. In the case of Halford v United Kingdom,[53] the European Court of Human Rights held that a police officer had a reasonable expectation of privacy in respect of telephone conversations using her office telephone. She was not aware her employer monitored her telephone calls. It has been argued that the finding can be extended logically to email communications.[54] The Hong Kong Code of Practice on Human Resource Management provides that employers should have a policy on internet and email use and inform employees of the policy.[55]
Statutory privacy protection has been focused on regulating the lawful collection and dissemination of information about individuals.[56] The Commonwealth legislation for the private sector currently confers on employers an exemption from compliance with the National Privacy Principles with respect to employee records, but this exemption is currently under review with the release in February 2004 of the paper Employee Records Privacy: A Discussion Paper, prepared jointly by the Attorney-General and the Department of Employment and Workplace Relations.[57] There is some statutory protection of employees against video surveillance and telecommunications interception, but it is doubtful this covers the covert monitoring of employees’ email and internet use. Overall, legislative protection of workers’ privacy is ‘at best, piecemeal’.[58]
The Telecommunications (Interception) Act 1979 (Cth) prohibits the interception of telecommunications, for example telephone tapping. Under s 6(1), an employer may monitor communications if the employee is aware of the monitoring. The interception of communication is also not prohibited where it is done on the premises of the employer by use of equipment that is part of the service provided by the telecommunications carrier. In its Workplace Privacy Issues Paper, the Victorian Law Reform Commission pointed out the lack of clarity over whether the reading of an email, for example by an employer whilst the email is sitting on an ISP server or a network, could constitute the interception of a communication ‘passing over a telecommunications system’. The question of whether the Act applies to email interception is further complicated by the issue of whether a networked computer system in a workplace is a single entity or a ‘telecommunications network’ separate from the carrier’s communications network. The Commission concluded that the reading of an email may not be covered by the Act.[59] In any case, legislation that depends on complex definitions and the examination of the type of computer systems of individual employers cannot offer much protection for employees.
At the state level, the Workplace Video Surveillance Act 1998 (NSW) regulates covert video surveillance of employees in the workplace, as does the Surveillance Devices Act 1999 (Vic).[60] The Victorian act has a wider reach than the NSW one, covering data surveillance devices as well as optical and listening devices.[61] However, data surveillance does not cover the monitoring of email and internet use. These statutes, whilst offering no direct protection in the current context, at least recognise the need for protection of employees from covert surveillance and provide some models for the balancing of employer and employee rights in the privacy area, which may be useful in other areas of covert surveillance.[62]
Federal awards can only deal with the 20 allowable award matters listed in s 89A(2) of the Workplace Relations Act 1996 (Cth) and issues of surveillance of privacy do not fall within the list. It is unlikely that surveillance can be included as an ‘exceptional matter’ under s 89A(7), as the Commission has been reluctant to make exceptional matters orders. In the view of the Victorian Law Reform Commission (‘the VLRC’), there is very little scope for federal awards to protect worker privacy.[63] This may differ in the states, depending on the specific provisions governing state awards. Under the Industrial Relations Act 1996 (NSW), the surveillance of employees in the workplace is specifically listed as an industrial matter. It can therefore form the basis of an industrial dispute that can be subject to arbitration by the NSW Commission.[64]
Under state industrial legislation and the Workplace Relations Act 1996 (Cth), employers and employees can negotiate clauses about surveillance in enterprise bargaining agreements, so as to limit the right of the employer to monitor, or requiring that employees be informed about when and for what purposes monitoring is taking place. Such a matter would clearly pertain to the employment relationship.[65] The Victorian Law Reform Commission has found that, so far, certified agreements have been infrequently used to deal with workplace privacy issues, except perhaps drug and alcohol testing procedures.[66] The Commission has identified a number of agreements that provide such clauses, for example, the Maroondah City Council Enterprise Agreement No 4 2001 provides:
The employer undertakes that email will not be routinely read or monitored. Email will be monitored and retrieved only if the employer is legally obliged to do so or has reasonable cause to believe that an employee has committed a criminal offence or a serious disciplinary offence.[67]
As the VLRC notes, whilst agreements bargained for collectively give employees the opportunity to bargain for more favourable terms than under an award, ‘only workers in relatively strong bargaining positions will be able to achieve the best protection of their privacy interests’. The Commission notes also that such protections will be uneven, as enterprise bargaining is not evenly spread across the workforce, with small businesses less likely to be covered by certified agreements.[68]
In the absence of any common law right to privacy, how might employees argue for legal protection from intrusive email surveillance? The contract of employment offers limited if any protections to employees generally. The contractual model of employment assumes that the employee has consented to the terms of the individual contract, although many writers have noted that, in reality, most employees lack the bargaining power to insist on privacy provisions in their contract, or to reject an employer’s policy providing for surveillance of the employee’s email use.[69] Only rarely would an employee have the bargaining power to demand a non-surveillance clause in the contract in the face of an employer’s unwillingness to agree to such a term.
There is some debate about whether any real protection flows from the implied duty in every employment contract that the parties must not, without reasonable cause, act in a way that will destroy the trust and confidence necessary to maintain the employment relationship.[70] There may be some capacity for the term to protect employees against some violations of privacy. In the English case Bliss v South East Thames Health Authority, an employer’s insistence that a surgeon undergo a psychiatric examination without reasonable cause breached the employer’s duty of trust and confidence.[71] The capacity of the implied term to protect privacy has been largely untested in Australia, particularly in the area of electronic surveillance. The duty has been rarely mentioned, much less debated, by our industrial tribunals in unfair dismissal cases, in spite of the fact that a number of these cases involve the discovery of employee misconduct through email and internet monitoring.
Whilst there is potential for the duty of trust and confidence to develop into a broader duty of ‘reasonableness’ on the part of employers, it is argued that the duty is likely to only protect employees against ‘the most arbitrary and intrusive forms of surveillance’ or extreme and deliberate conduct by the employer.[72] The duty is only breached if the employer acts ‘without reasonable cause’ – the employer could therefore invoke his or her legitimate rights to protect property and resources and to guard against liability.[73] There is some support, however, for the potential of the trust and confidence duty to impose a positive duty to act fairly.[74] The duty might support a positive obligation on employers to at least inform employees that monitoring is taking place.
Like the breach of contract remedy, the unfair dismissals regimes deal with individual disputes. Remedies apply only after an employee has been dismissed. Nevertheless, industrial commissions exercise a wide discretion in seeking to ensure ‘industrial justice’ in dismissal disputes and not uncommonly, commissions make useful statements about how employer and employee interests are to be balanced in the area of employees’ personal autonomy and privacy.[75] Such findings have the potential to affect employer behaviour in the future.
There has been no support for an employee’s right to use the employer’s systems for private purposes.[76] One or two commissioners have at least acknowledged, however, that the employee’s own belief that the use of email or internet was a private activity, unobserved by others, must be taken into account in determining whether the dismissal was harsh, unjust or unreasonable. There is no doubt that many people have perceived using email and the internet through a computer accessed by a personal password as private activities:
Until recently, email systems generated the illusion of privacy. E-mail users often required a password to access their email account. Messages appear to have no permanent existence unless they are printed out because the user has the option of deleting them from their computer. This apparent privacy can cause email users to correspond in a manner more frank or personal than would be the case in a traditional letter.[77]
In Burrows v Commissioner of Police,[78] Burrows sought a review of an order under the Police Service Act 1990 removing him from the NSW police service for downloading ‘pornographic and offensive’ material from the internet using the police computer system. The NSW Industrial Relations Commission (Boland J) was satisfied on a number of grounds that Burrows’ dismissal was harsh, unjust or unreasonable. It was important to Boland J’s assessment that the officer believed that what he was doing was essentially private and that he was unaware that his emails were being monitored. Although Burrows had read the guidelines relating to the use of the Police Memo System, he believed that the email messages were private and that as long as they were not sent to someone who may be offended by them, he was not doing anything wrong.[79] The Police Commissioner himself had accepted Burrows’ assertion that he believed the emails were private, but had nevertheless dismissed him. The Commission found that the applicant did not appear to have been fully aware of the consequences of continuing to send inappropriate material over the Memo System.
…if the applicant realised his email messages could be read by persons not meant to see them he would have ceased transmission of such messages. In other words, the applicant continued to use the system inappropriately, not out of arrogant disregard but because he believed no-one else could gain access to his messages and, therefore, he was not doing anything seriously wrong.[80]
By contrast, in Toyota v AFMEPKIU, the Australian Industrial Relations Commission rejected the idea that viewing and downloading offensive material could be a private activity if it occurred on company equipment, at company premises, within working time and in breach of a clear policy.[81]
In Giardini v Commissioner of Police[82], the NSW Industrial Relations Commission acknowledged that there was some substance in the submission that an act done in private (ie the viewing by the officer of the explicit material at home and out of work hours, although using the department’s facilities) was not ‘indecent’.[83] Other tribunals have rejected the idea that viewing material that is contrary to company policy is a ‘private activity’ when done using work equipment and connections, even if done out of work hours and away from work premises.[84]
Employers have legitimate interests in safeguarding their property and rights. The question then arises – how far do these interests justify uncontrolled and covert monitoring of employees’ use of IT systems at work? It has been cogently argued elsewhere that the traditional norms of employment law permit electronic surveillance and monitoring and assume the legitimacy of these forms of employer conduct.[85] The unfair dismissals and ‘union email’ cases very largely support this. In the unfair dismissals cases, there has been no debate about the right to monitor, and of even greater concern, no debate about the importance of informing employees that they are being monitored. As Semphill has observed, the absence of debate probably reflects that developments in technology do not raise new issues of a contest between technology and civil liberties, but only reflect that surveillance is simply a new method of enforcing the employer’s legal rights to control, to secure fidelity and obedience, and to protect property.[86]
Recent reports of the Victorian and NSW Law Reform Commissions have placed employee privacy more firmly on the public policy agenda. Both Commissions have contributed significantly to the community and media debate about the privacy interests of employees. These reports acknowledge, as do other commentators, that any right of privacy for employees must be subject to justifiable limitations, given that employers have legitimate interests requiring appropriate protection. Both reports recognize the importance of legislation in setting out privacy principles, circumscribing conduct of both employers and employees and providing for sanctions. The Surveillance Act proposed by the NSW Commission would cover monitoring of employee use of employer IT systems. The Victorian Law Reform Commission has suggested that the response to concerns for the protection of employee privacy should be based on six broad principles, namely to:
• provide an appropriate balance between the interests of employers, employees and affected third parties;
• set minimum standards of privacy protection for all employees;
• ensure that measures affecting privacy are transparent to workers;
• provide certainty to employers and employees about their rights and obligation; and
• be sufficiently flexible to take into account diverse workplaces and different working relationships.[87]
These certainly provide an excellent basis for serious work to begin on legislative protection of workers’ privacy.
In the meantime, workplaces can very usefully develop their own IT use and monitoring policies, for example through the formal negotiation processes provided by the enterprise bargaining system. There are excellent Australian model codes of practice on which IT monitoring policies can be based. These include the Federal Privacy Commissioner’s Guidelines on Workplace E-mail, Web Browsing and Privacy[88] and the Model Acceptable Use Policy For Employee Use of the Internet produced by Electronic Frontiers Australia.[89] The importance of alerting employees to the possibility of monitoring is an essential element of any code of practice. The Privacy Foundation suggests that a ‘splash screen’ warning each time the employee logs on to their work computer is an ‘absolute minimum’ for adequate notice of on going continuous monitoring of online activities.[90] There are numerous benefits of a fairly-negotiated IT policy for employers as well as employees, including certainty about what online activities are and are not permissible, increased trust because any monitoring activities are overt rather than covert, and the likelihood that employees will be discouraged from inappropriate or unlawful online activities or disclosures.
We can perhaps be cautiously optimistic about some recent Australian developments, including the Commonwealth government discussion paper on employee records, the possible development of a cause of action for invasion of privacy at common law and the work of our law reform commissions. It is hoped that these developments will move Australia more quickly to the proper recognition of employee privacy, and privacy in general, as ‘a fundamental right at the core of an organized free society’.[91]
[∗] Lecturer, School of Law, Deakin University, Melbourne.
[1] Ronald McCallum, Employer Controls Over Private Life, (2000), 12-13.
[2] Adam Turner, ‘Time Bandits’, The Age (Melbourne), 26 August, 2003, Next 5.
[3] Peter Isajiw, ‘Workplace Email Privacy Concerns: Balancing the Personal Dignity of Employees With the Proprietary Interests of Employers’, (2001) 20 Temple Environmental Law and Technology Journal 73, 75.
[4] Turner, above n 2, Next 5.
[5] Patrick Barkham , ‘Can Surfing Get You the Sack?’ (Guardian Unlimited, www.guardian.com.uk), 16 December 1999, 1 (citing a study by the computer security firm InfoSec).
[6] Working Hours Case July 2002, (2002) 114 IR 390.
[7] Barkham, above n 5, 2.
[8] Ibid.
[9] See eg Equal Opportunity Act 1995 (Vic), s 6(l). The ACTU launched a work-family test case in the AIRC in July 2003.
[10] Peter Knight and Jim Fitzsimons (Clayton Utz), Legal and Commercial Issues for Email and Internet Communications (paper presented at ClearSwift conference, North Sydney, 5 March 2001), 2 - 7.
[11] Turner, above n 2, Next 5.
[12] See eg Equal Opportunity Act 1995 (Vic), ss 85-86; ss 102 and 103.
[13] Micaleff v Holden Ltd, Print PR900664, AIRC, 25 January 2001 (employee who sent pornographic material to friends outside the company breached company diversity policy and dismissal was justified); Toyota v AFMEPKIU, Print T4675, AIRC, 18 December 2000 (downloading images a breach of EEO policy, justifying dismissal); Hale v ANZ Banking Group, Print S4068, AIRC, 14 March 2000 (emails and other communications breached harassment guidelines because the employer said so, even though no complaints of harassment were received. However, the dismissal was held to be harsh in all the circumstances, including the employee’s length of service).
[14] Paul Roth, ‘Workplace Privacy: new HK and UK codes’ [2000] PLPR 52, 52.
[15] Knight and Fitzsimons, above n 10, 1; employers’ concerns are also canvassed by the New South Wales Law Reform Commission in its report, Surveillance: An Interim Report, Report 98, (2001), [7.48].
[16] Colin Fenwick and Breen Creighton, ‘Australia’, in Roger Blanpain (ed), The Evolving Employment Relationship and the New Economy, Kluwer Law International, 2001, 3.
[17] Andrew Schulman, ‘The Extent of Systematic Monitoring of Employee E-Mail and Internet Use’ Privacy Foundation (2001), www.sonic.net/~undoc/extenrpf.html, 5.
[18] Barkham, above n 5, 2.
[19] NSW Law Reform Commission, above n 15, [2.44], citing a February 2000 survey by law firm Freehill, Hollingdale and Page. Mathew Clarke from a large IT company SynergyIT said ‘clients ask him to covertly access employee email almost every week’: Turner, above n 2, Next 5.
[20] Creighton and Fenwick, above n 16, at 10.
[21] Schulman, above n 17, 1.
[22] Schulman, above n 17, 2, 7.
[23] See Institute of Employment Rights at www.ier.org.uk.
[24] Schulman, above n 17, 4. The Foundation notes that telephone use poses potentially as large a concern to employers as email and internet use, but, except in call centres, is not monitored to nearly the same extent.
[25] Creighton and Fenwick, above n 16, 11.
[26] Riverwood International Australia Pty Ltd v McCormick [2000] FCA 889. For example, Colonial State Bank’s email use policy supported ‘responsible personal and social use’ by employees of the bank’s email system: Markland and Colonial Services Ltd, Print PR903570, AIRC, 26 April 2001. Some workplace policies, however, may not be intended to have binding legal effect: see Australian Municipal, Administrative, Clerical and Services Union v Ansett Australia Ltd [2000] FCA 441, [49].
[27] Victorian Law Reform Commission, Workplace Privacy, Issues Paper, (2002), [4.33] – [4.36].
[28] Brackenridge v Toyota Motor Corporation Ltd [1996] IRCA 628; (1996) 142 ALR 99.
[29] Australian Municipal, Administrative, Clerical and Services Union v Ansett Australia Ltd [2000] FCA 441. The main legal issue was whether the employee was dismissed contrary to s 298K(1) of the Workplace Relations Act 1996 (Cth), which prohibits dismissal based on union membership.
[30] Australian Municipal, Administrative, Clerical and Services Union v Ansett Australia Ltd [2000] [49] – [50].
[31] Ibid [82].
[32] CPSU v Seven Network (Operations) Ltd, Print PR927845, AIRC, 18 February 2003.
[33] The way unions’ right to communicate with members through email is severely circumscribed in both of these cases may be a reflection of the sidelining of unions as work relationships in Australia become increasingly individualised. In denying the unions’ request to provide general information to their representatives via Channel 7’s email system, Channel 7 management commented that ‘Seven’s email system is a fundamental part of its business infrastructure and Seven does not lightly allow access to outside bodies such as your own’ (author’s emphasis).
[35] Darling Island Stevedoring and Lighterage Co; ex parte Halliday and O’Sullivan [1938] HCA 44; (1938) 60 CLR 601.
[36] David Kenny and Epic Energy, Print S0947, AIRC, 15 November, 1999, 3.
[37] Concut Pty Ltd v Worrell [2000] HCA 64.
[38] Hugh Collins, ‘Labour Law as a Vocation’ (1989) 105 Law Quarterly Review 468, 480.
[39] NSW Law Reform Commission, above n 15, ch 7; Victorian Law Reform Commission, above n 27, ch 3.
[40] NSW Law Reform Commission, above n 15, [7.50]-[7.51].
[41] Lane v Arrowcrest Group Ltd (1990) 99 ALR 45, 74-75.
[42] In Massoud v SITEL Corporation Ltd, [2001] NSWIRComm 218, for example, Massoud was dismissed in June 2000 for fraudulently causing $1000 of her employer’s funds to be placed in her personal credit card account. To bolster its case, the employer also relied on a ‘snapshot’ of Massoud’s computer files and email box from June 1999, retrieved from the company’s back up network, which revealed that she had downloaded, stored and transmitted by email sexually explicit material contrary to company policy. The case does not reveal whether the employees were warned of the possibility of an audit (whether during or after employment) and makes no mention of the implications of a former employer’s uncontrolled capacity to store, retrieve and use the emails and computer files of former employees.
[43] Isajiw, above n 3, 99-100.
[44] The Federal Privacy Commissioner has observed that the many calls he gets from employees about privacy at work suggests that employees commonly but incorrectly believe that the law provides specific privacy protections: see The Office of the Federal Privacy Commissioner Guidelines on Workplace E-mail, Web Browsing and Privacy 30 March 2000, at privacy.gov.com.au/internet/email.
[45] Roth, above n 14, 52.
[46] In Re Security Arrangements in Retail Stores (1979) NSW Industrial Arbitration Reports 72, 79.
[47] Guidelines on Workplace E-mail, Web Browsing and Privacy, above n 44, 1.
[48] Australian Broadcasting Corporation v Lenah Game Meats [2001] HCA 63, [124].
[49] Grosse v Purvis [2003] QDC 151.
[50] Ibid, [444].
[51] Australian Broadcasting Corporation v Lenah Game Meats [2001] HCA 63, [112]-[124].
[52] For an excellent overview, see Graham Greenleaf, ‘The European Privacy Directive – Completed’ (1995) 2 PLPR 81. The Directive also prohibits the transfer of personal data from EU countries to any countries which do not have adequate data protection laws.
[53] [1997] ECHR 32; (1997) 24 EHRR 523.
[54] David Christie, ‘Employee Surveillance’ (2000) 38 Employment Law Bulletin, 2.
[55] Roth, above n 14.
[56] See eg Privacy Act 1988 (Cth); Privacy Amendment (Private Sector) Act 2000 (Cth); Information Privacy Act 2000 (Vic). For a comprehensive account of legal regulation in Australia as it relates specifically to electronic communications, see Eugene Clark and Maree Sainsbury, Privacy and the Internet (2002).
[57] Media Release, Federal Privacy Commissioner, 18 February 2004, www.privacy.gov.au/news/mdia/04_02print.html. For a discussion of the current exemption, see Margaret Otlowski, ‘Employment Sector By-Passed by the Privacy Amendments’ (2001) 14 AJLL 169.
[58] Victorian Law Reform Commission, above n 27, [4.6]. The Commission made the same assessment of non-statutory protections.
[59] Victorian Law Reform Commission, above n 27, [4.13] and fn 77.
[60] For a detailed discussion of these acts, see Julian Semphill, ‘Under the Lens: Electronic Workplace Surveillance’ (2001) 14 Australian Journal of Labour Law 111, 133-143.
[61] NSW also has the Listening Devices Act 1984 (NSW), which is a general statute that is applicable in the employment context.
[62] Semphill argues that the NSW model offers significantly greater protection for workers than does the Victorian model: Semphill, above n 60, 144.
[63] Victorian Law Reform Commission, above n 27, [4.32].
[64] NSW Law Reform Commission, above n 15, [7.26].
[65] Workplace Relations Act 1996 (Cth), s 170LI.
[66] Victorian Law Reform Commission, above n 27, [4.105].
[67] Ibid [4.35].
[68] Ibid [4.36] – [4.37].
[69] Semphill, above n 60, at 116-125.
[70] Burazin v Blackstown City Guardian [1996] IRCA 371; (1996) 142 ALR 144.
[72] See Creighton and Fenwick, above n16, 13 and the sources cited there.
[73] Semphill, above n 60, 131.
[74] Joellen Riley, ‘Mutual Trust and Good Faith: Can Private Contract Law Guarantee Fair Dealing in the Workplace?’ (2003) Australian Journal of Labour Law 28; Victorian Law Reform Commission, above n 27, [4.26].
[75] See eg Rose v Telstra Corporation, Print Q9292, AIRC, 4 December 1998, where the Commission said the right of employers to control the out-of-work behaviour of employees must be carefully circumscribed.
[76] See eg the unfair dismissal cases cited above, n 13, and David Kenny and Epic Energy, above n 36.
[77] NSW Law Reform Commission, above n 15, [2.43] and the sources cited there.
[78] [2001] NSWIRCComm 333.
[79] Ibid, [15].
[80] Ibid, [87].
[81] Print T4675, 18 December 2000, [24].
[82] [2001] NSWIRCComm 333. The Burrows and Giardini appeals were heard together.
[83] Ibid, [210]-[211]. The dismissal of both officers was held to be harsh, unjust and unreasonable on procedural grounds, including the fact that these officers appeared to have been unfairly ‘singled out’. The NSW Commission admitted to being disconcerted by the fact that 471 members of the NSW Police Service had been detected receiving and/or disseminating pornographic material over the Police Memo System, in breach of policy.
[84] Eaton v Overland [2001] FCA 1834.
[85] Semphill, above n 60, 113.
[86] Ibid, 115.
[87] Victorian Law Reform Commission, above n 27, ch 5.
[88] Above n 44.
[89] www.efa.org.au.
[90] Schulman, above n 17, 9.
[91] Isajiw, above n 3, at 104.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/JlLawInfoSci/2002/4.html