It's not only the cost to companies of the time staff spend online checking soccer World Cup results and perhaps even checking out less-than-salubrious sites (and yes, High Court judge Robert Fisher was cleared of any illegality for downloading porn on court computers). You could be invading employees' privacy or even opening yourself up to human rights claims.
The Privacy Act states an employer (being an agency under the act) cannot gather personal information without the individual’s consent. Employment lawyer Chris Patterson says because monitoring internet use is gathering personal information, it would breach the act if done covertly -- as would reading emails.
But employers should develop acceptable use policies (AUPs) that set out what is acceptable and unacceptable behaviour, to allay privacy concerns and offer some protection to employers in harassment and disciplinary cases. Many New Zealand firms have already developed AUPs.
Auckland-based Patterson advises employers insist new employees sign the AUP. If a firm wishes to introduce a privacy waiver rule for existing staff, they should regard it as issuing a lawful and reasonable instruction for which failure to comply could lead to discipline of dismissal, he says.
“It is lawful for employers to monitor employee email and internet use. In fact, it is arguable that it would be unlawful not to do so. I say this because of an employer's obligation to provide a safe workplace, including one that is free from harassment,” he says.
Tauranga District Council sets down what it calls user guidelines for staff, preferring staff to use web and email for council business only. Staff are aware the chief executive can read all emails and staff joining the council have to sign up to its policy, says IS manager Robyn Dynes.
Council managers have some discretion over the extent of monitoring but people have been disciplined for inappropriate use, she says.
ANZ monitors and controls internet access, staff having to sign the bank's code of conduct upon joining. Weekly reports are made of the sites staff have visited and the bank regularly scans for sensitive material stored on company systems. Its ISP aids the policy, blocking up to 30,000 websites deemed inappropriate, including pornographic and gambling-related sites.
Head of operating systems management Michael Wemyss says the bank’s policies are similar to those of other corporates. Transgressors are dealt with on a case-by-case basis but people can and have been dismissed for having or sending material deemed offensive, he says.
But employers could be caught by other legal traps. Last year the Human Rights Commission told this column of incidents like one man having to pay $500 to a female colleague sitting nearby because she repeatedly found his screensaver and his surfing for pornography objectionable. In another case, after a man kept sending a woman suggestive emails as part of his offensive behaviour, his employer had to pay a woman $7000 plus costs for “humiliation and loss of dignity”.
Patterson also highlights two court cases from 1997 and 1999. First, staff at the New Zealand Employment Service were dismissed after they sent objectionable emails and the need to protect staff overrode privacy principles, even though the NZES then had no AUP. The Internet Group, however, had to reinstate a staffer after it was accepted his offensive message was intended for a restricted number of people in an environment where such bad language was commonplace.
Patterson warns firms enforce their AUP rather than letting breaches go unchecked.
“I have a number of cases where employees have argued that they have been breaching the policy for a significant amount of time or that other people have breached the AUP without any concern raised by the employer. This is an issue that can and has affected employers' bottom line significantly. Too many employers have their heads in the sand over staff internet usage. It is those employers who are unlikely to see that someone is about to come and kick them in the butt."