YOUR RIGHTS AT WORK: just what are they?
YOUR RIGHTS AT WORK: just what are they?
May/June Edition, 2008: What can Australian employers do with electronic workplace documents?
Employers are often confused about what they can and cannot do with regard to accessing and disclosing electronic data created by employees in the workplace.
This is not surprising given the jumble of laws touching on the subject. These range from state laws covering the use of surveillance devices, to federal legislation regulating telecommunications, to broadly applying laws on information privacy.
This article looks at what?employers are able to do in monitoring use of electronic communications and suggests good practices to establish in?the workplace.
There has been a recent trend towards enhancing the litigation process by making greater use of technology. The Federal Court has produced Guidelines for the use of electronic data in the discovery process. This raises the question of what information may be disclosed in court and what information employers should be capturing for completeness, in case the data is required for litigation purposes.
Given the current climate of change in this area and in light of the Australian Attorney-General’s plans, detailed in a recent press release, for reform to protect the nation’s critical infrastructure from a possible cyber attack, this article will also discuss where the law is heading and what employers should be doing in relation to document management, archiving and monitoring of electronic communications in the workplace.
What employers can do
The Telecommunications (Interception and Access) Act 1979 (Cth) prohibits the interception of ‘a communication passing over a telecommunication system’. Whilst it is unlawful for an employer to ‘eavesdrop’ on employees’ telephone conversations?or intercept incoming or outgoing?emails, it is lawful to access stored?data that is not ‘passing over’ a telecommunication system.
In Victoria (and in similar legislation in most other states), provisions in the Surveillance Devices Act 1999 (Vic) prohibit a person from knowingly communicating or publishing a record or report of a private activity resulting from the use of a listening device, an optical surveillance device or a tracking device. However, these have no bearing on access to information from electronic data stored on an employer’s IT systems.
The New South Wales Workplace Surveillance Act 2005 (NSW) does provide the further requirement that where computer surveillance is used, it must be carried out in accordance with a policy of which employees are aware in advance.
The Privacy Act 1988 (Cth) (Privacy Act) requires compliance with National Privacy Principles. These restrict the ways in which data may be used – in particular in relation to ‘personal information’ from which a person’s identity is apparent.
However, employers are exempt from adhering to the National Privacy Principles where they are dealing with ‘employee records’. The Privacy Act provides that the collection and use of employee records and data that is directly related to a current or former employment relationship are exempt.
Whilst not all documents an employee creates in the workplace will be employee records, most electronic communication probably falls within categories in the definition of ‘employee record’. These include information relating to the termination of the employee’s employment, and information relating to the employee’s performance or conduct.
There is likely to be no legal obligation to adhere to the National Privacy Principles in relation to much of this employee information. However, it is advisable to follow the principles to maintain the company’s reputation as a good employer and to demonstrate that the employer acted fairly in potential unfair dismissal claims by employees who breach policies relating to the company’s information and communication systems.
Further guidelines as to best practice can be found in the Office of the Privacy Commissioner’s ‘Guidelines on Workplace E-mail, Web Browsing and Privacy’.
Likely changes to the legal regime
The Telecommunications (Interception and Access) Amendment Bill 2008?is currently before Parliament. The proposed amendments have little impact on employers.
In his second-reading speech, Attorney-General, Robert McClelland also referred to the need for more effective protection of private corporate networks. Whilst any increased powers with reference to private corporate networks do not appear on the face of the Bill, the second-reading speech indicates an intention to implement greater powers for employers to collect information in order to protect their communications networks.
McClelland referred to The Blunn Report, which highlights areas of technological change that need to be addressed by our privacy laws. These include wireless technology, mobile phone locational data, encryption, and spy ware and cookies.
The Australian Law Reform Commission is also conducting a review of the privacy laws in Australia, due to be completed in May 2008. This inquiry will address the impact of rapid advances in technology affecting the way in which information is gathered, stored and communicated; changes in community views about privacy; and changes to State and Territory laws affecting privacy.
Under the rules of civil procedure, parties are required, on request, to make discovery of all documents which are or have been in their possession relating to any question raised by the pleadings. ‘Documents’ is broadly defined and includes emails, videos and audio tapes.
The Federal Court has recently issued a Practice Note on electronic discovery in litigation. In its Practice Note, the Federal Court recommends that electronic documents should have document numbers, include relevant dates, have a known author and addressee and include relevant attachments.
Employers should keep these recommendations in mind when?collecting data that may be discoverable in court proceedings.
Document retention is another area in which employers are often unsure of their obligations. The general rule is that employers are able to do with the documents as they see fit. However, there are circumstances in which statute prescribes that documents be retained. These include the need to retain employee records for 7 years, and to retain documents where they may be relevant to litigation that has commenced or is anticipated.
In order to avoid falling foul of these statutory requirements and facing possible contempt charges or charges for breach of the Crimes Act 1914 (Cth), employers should consider implementing a clear policy in relation to document retention. This might include routine cleaning up of the database every 7 years and the nomination of a senior employee to monitor the application of the policy to ensure that information is not destroyed in an ad hoc manner. Employers should also be careful that possibly relevant documents are not destroyed where litigation is anticipated or on foot.
What employers should do
Only the Workplace Surveillance Act 2005 (NSW) requires the employer to inform employees of their policy regarding computer surveillance. In addition, under this Act, employers are required to give employees notice detailing the kind of surveillance to be carried out; how it will be carried out; when it will start; whether it will be continuous or intermittent and whether it will be ongoing or for a limited period.
Even where the employer is outside of NSW, the Office of the Privacy Commissioner’s ‘Guidelines on Workplace E-mail, Web Browsing and Privacy’ recommend that employers develop a policy in consultation with staff. Such a policy should be clear as to what the employer considers to be appropriate use of the system, what information is collected and how it may be disclosed, and employees’ rights of access.
Given the move towards greater use of electronic data in litigation, employers should implement a practice of collecting related information such as document numbers, dates, authors, addressees, and attachments with regard to each document produced and stored.
Finally, organisations should have a clear document retention policy that is appropriately managed to ensure that documents are not destroyed in an ad?hoc manner.