The American Management Association reported last year that over 14 million working Americans are under continual electronic surveillance by their employers.
More startling is that 27% of US companies surveyed reported dismissing employees for misuse of the internet or email.
Employees have responded by bringing lawsuits against their employers for loss of workplace privacy. US courts have, however, generally sided with employers and allowed them to monitor their employees’ email and use of the internet.
Workplace privacy in New Zealand is a very different matter.
It might be thought that, like the US, workplace privacy here is an employment issue. However, we have a statute, the Privacy Act, 1993, that governs privacy and an investigatory agency, the Privacy Commission, that enforces privacy and sets penalties for breaches.
Usefully, the question of whether there was overlap between the employment laws and the Privacy Act was considered by the Employment Court in 1997. The chief judge of the Employment Court took the view in that the Privacy Act was not intended to be enforced in any court of law but only through the special procedures which are provided for in the act itself.
In short, if there is a workplace privacy problem, the remedy is only available by the employee filing a complaint with the Privacy Commission.
There have been a number of cases before the privacy commissioner on surveillance, which provide a further guide on specific issues relating to monitoring.
In June 2001, in case 16479, the privacy commissioner decided that covertly tape-recording an employee interview was a breach of the Privacy Act (principles 3 and 4).
That contrasted with a 1994 case, 0632, in which the commissioner decided that covert surveillance by the use of a video camera to collect information was lawful. Case 0632 tells us that employers must take steps to minimise the extent of surveillance.
Surveillance should also not amount to an “unreasonable” intrusion upon the employee’s personal affairs. Finally, there must be a legitimate need to identify the source of unlawful use of the employer’s equipment and facilities.
The apparent conflict between these two cases can be explained by the fact that case 16479 was about a disciplinary interview and admissions were sought from the employee. The employee should have been advised of the intention to record the interview so that the employee could avoid self-incrimination.
This type of surveillance material created by the employer needs also to be distinguished from the finding of incriminating material created by the employee.
Two recent decisions of the Employment Relations Authority provide some guidance on this issue.
In March in Sheerin v Jamieson Castles Barristers & Solicitors, the ERA allowed the introduction of emails that included an allegation that an affair was occurring between a secretary and a partner in the firm. The author of the emails was dismissed.
In June in Wilkinson v Recall Total Information Management, the ERA again made a decision on the basis of email evidence. The email produced was between a supervisor and another employee. The employee was described in offensive language and recorded the strategy of the employee becoming so fed up she would quit. The employee became aware of the emails and reported them to her manager. It was held that the employee was not expected to put up with such ridicule and was, on the basis of the emails, constructively dismissed.
Employers considering surveillance need to ensure that their employees’ privacy rights at work are incorporated in clear and comprehensive “acceptable use policies” (AUPs).
The issues an AUP should address are numerous. Key ones include:
- That the company is entitled to store, review, monitor, archive and produce emails as evidence without the consent of the employee.
- Defining what is, and what is not, permitted as private use.
- Defining how privacy should be preserved by the employee.
- Defining what surveillance the employee should take into account when using the company’s technology.
- What devices might collect personal information by general statements that inform the employee that digital information may be generated by a variety of systems apart from logging on to a company network.