We recently had a client pose the question “Can we monitor an employee’s emails and what are the privacy concerns?” In researching the answer we came to the conclusion that the law is very confusing, with no one committing absolutely clearly what an employer’s obligations are. However, we offer a practical solution to the issue.
Background to Surveillance Laws
New South Wales and the Australian Capital Territory has specific legislation regulating email surveillance by employers. In these jurisdictions, employers must conduct email surveillance in accordance with a company policy and must comply with notification requirements.
Workplace surveillance in other jurisdictions is generally regulated by surveillance statutes that prohibit the use of listening, optical or tracking devices, but do not expressly apply to email monitoring.
National Privacy Laws
The Federal Privacy Act 1988 gives employers a number of legal obligations and may – somewhat perversely – provide limited protection for employees from email surveillance by their employers due to the limited exemption under that Act for “employee records”. That exemption applies to an act or practice of an organisation that is directly related to:
- A current or former employment relationship between the organisation and its employee; and
- An employee record held by the organisation and relating to the employee.
An email that contains an employee’s personal information but doesn’t relate to the employee’s employment, therefore, won’t meet the definition of an “employee record” and therefore may possibly be subject to protection under the Privacy Act.
If emails contain personal information and are not exempted under the Privacy Act, it means employers need to comply with the 10 National Privacy Principles’. A plain English summary of those principles can be located at the Office of the Australian Information Commissioner (OAIC).
The NPPs will be replaced by the Australian Privacy Principles (APPs) on 12 March 2014. More information on the APPs can be found on the law reform page on the OAIC website.
The OAIC website provides more information of what constitutes an Employee Record.
Employers may therefore not be able to assume that all the information they hold that relates to an individual employee would be an employee record. For example, emails that an employee has received from third parties outside the organisation may not necessarily be an employee record. Depending on the circumstances, the exemption may also not cover the content of many other employee emails.
Surveillance in the workplace
The Privacy Act 1988 does not cover the issue of workplace surveillance. State and Territory surveillance laws are more likely to be relevant to this issue, or your union may be able to provide you with more information.”
We believe the confusion for employers arises because whilst workplace surveillance may not be covered by the Privacy laws, the use of employee information discovered by it may be protected under the 10 National Privacy Principles (‘NPPs’), or the 13 Australian Privacy principles, which will soon replace the NPPs.
For example, under the APP 3, an organisation must not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the entity’s functions or activities. If the information is sensitive information, the employee must additionally consent to its collection.
What does this mean for your business?
With many employers operating nationally, they are facing a disjointed approach to the regulation of email surveillance across Australia. However, our advice is that by having a clear IT policy that identifies how and when surveillance will occur, that outlines whether surveillance is continuous or for a specific period, will help meet the minimum requirements.
Employers should also be careful to ensure that it only collects such information as is reasonably necessary and then protects that information from disclosure unless consent is given to release it.
If you are running or managing a small business it is important to be aware of your right and responsibilities under the Australian legislation. The ERS Academy is a great tool for small businesses that have plenty of detailed courses outlining many topics within Australian employment law. Take a look now and sign up for the free trial to get an idea of what you can expect.