Email monitoring: is employee privacy realistic?

Published Friday, 6 April 2001 by

Widespread use of email and the internet in the workplace is putting the conventions and expectations of employee privacy to the test. Email offers employers a technical capacity for surveillance that has not previously existed. Most employees have an expectation they will be able to maintain some privacy at work - such as private drawers and lockers in some workplaces and at others, password access to computer systems. Most employers also tolerate and approve some limited use of the telephone for necessary private calls. In the 1995 Australian Workplace Industrial Relations Survey (AWIRS) 74% of employees believed they could use the phone at work for family reasons. Although these expectations are widespread, they are not, in fact, grounded in any legal right to privacy for personal mail received at work. Email and internet usage has brought ambiguities surrounding these issues to the fore, on occasions leading to burnt fingers for both employers and employees. Use of email and the internet in the workplace is now common place - their use considered to give firms a competitive edge. Last year, large employers such as ANZ, BHP and Ford all announced large-scale incentive schemes to encourage their workers to become fluent in internet and electronic forms of communication. While the use of internet technology is expanding, and often actively encouraged by employers, the legislative framework to interpret and deal with the privacy implications of this technology has not yet been developed. Is email as private as a phone call? Workplace email and internet facilities, run through an organisation's network, can easily be monitored. The Privacy Commission guidelines broadly distinguish the new technology, from other types of communication devices, in three main ways.

• Email is insecure because it can be read during transmission (if stored on a server) and can be read by anyone who receives it.
• An email can be read without the intended recipient having any knowledge of the message being intercepted.
• Reading an email in this way is easier than steaming open a letter.
• Emails cannot be destroyed - deleted electronic documents can be traced and recovered by information technology staff.

A detailed history of all emails and web activity is usually logged. These logs usually include lists of sender and recipient addresses and times and dates of transmission. Ambiguity over monitoring of email and internet use Legal experts and practitioners have been vocal in exposing the inconsistency in the treatment of email, compared to other forms of communication, used in the workplace. As Professor Ron McCallum points out, the Commonwealth Telecommunications (Interception) Act 1979 'does give users of the telephone some privacy by forbidding telephone interceptions of external telephone calls'. There is currently no legislation making it illegal for an employer to monitor employee emails, if the employer owns and operates the email server. Other practitioners argue the assumption by employers that the monitoring of emails can occur with impunity is flawed. At the Queensland IR Society Convention held in November 2000, Minter Elllison lawyer Megan Dixon proposed that the Telecommunications (Interception) Act 1979 could apply to email traffic. Under the definitions of a 'telecommunications system' applied by the Act, the employer's network server might be considered to comply with this definition. If this is proved to be the case, storing copies of emails and intercepting and monitoring email communications could be considered illegal under the Act. A major point of contention appears to hinge on achieving or receiving the consent of the originator, before monitoring occurs. Lessons for employers There is a risk for employers in not monitoring email and internet traffic. In the case of sexual harassment and discrimination, employers may be held liable if they have not taken reasonable steps to prevent or intervene in the distribution of offensive material. There is no established case law that could be used to define 'reasonable steps' necessary, under these circumstances, to prevent sexual harassment, says Dixon. Cases heard by the Federal Court last year show employers must carefully consider the use of information acquired by monitoring email communications. In Australian Municipal, Administrative, Clerical and Services Union v Ansett Australia Ltd (2000), Ansett objected to the content of a union bulletin distributed over the internet, and consequently sacked the union delegate for using the email service to distribute union material. The Court found the dismissal to be unlawful because the employee's use of the email to distribute union material had been reasonable for two main reasons. Firstly, a joint working group had been established at the work site, so Ansett had 'impliedly permitted' the use of email communications. Secondly, the union should be entitled to provide feedback and distribute material on meeting outcomes, in the same manner as the employer. Justice Ron Merkel was keen to point out that the decision should not be interpreted as an authorisation for unions to use the employer's email service to distribute email material. The Justice stated 'whether an authorisation exists will depend upon the particular circumstances of the case'. Lessons for employees Employees need to be aware of email and internet usage responsibities at work. Firstly, they need to understand workplace policies regarding email use if they exist. Secondly, they must not assume privacy will be maintained. In December 2000, the IRC upheld a decision by Toyota to dismiss two employees for distributing pornographic images across the company's email system. Toyota dismissed the employees in September for the sending of pornographic images via email, and the storage of offensive images on PC hard drives and floppy disks. The decision to dismiss was upheld for a number of reasons. Senior Deputy President Ian Watson stated the sending of such images alone was a reasonable ground for dismissal. More importantly he added the employees should have been aware of the equal opportunity policies in place at the workplace, and must have seen electronic 'pop-up' messages that reminded employees of Toyota's policy with regard to internet and email usage. The policy warned employees internet mail messages were not private, and Toyota had the facility to retrieve deleted mail and transmissions may be monitored. With regard to offensive material, the policy also explicitly stated that 'under no circumstances shall Toyota's electronic communications systems (internet, intranet, email, telephone) be used inappropriately, including for the following purposes: to access and/or download pornographic material'. This is an article from the Centre for Professional Development's Workplace Intelligence, which provides inside information on bargaining and productivity. For more information or to find out about subscribing, visit CPD's website.