Facebook and personal email at work - how much employer snooping is too much? Lawyers weigh in
Last week, we saw an Employment Relations Authority determination directing a sacked flight attendant to hand over copies of her banking and Facebook records, for two days, to her former employer, Air New Zealand.
Beyond the ethical considerations, a number of readers saw an immediate practical problem: what if the flight attendant simply deleted any incriminating Facebook posts? (Air NZ claims she was not looking after her sick sister, and thus not entitled to the sick leave she claimed).
In such a dispute, deleting social media posts would be less of an issue of the employer was already snooping on the employee's Facebook posts and personal web mail.
Can the boss pry?
"An employer’s right to access its employees’ personal emails or non-work related internet browsing will depend on the email and internet workplace policies it has in place," Chapman Tripp senior associate Marie Wisker tells NBR ONLINE.
"If the workplace policy states that employees may use email/internet for reasonable personal use, then an employee’s right to privacy is likely to take priority over the ownership rights of the employer," Ms Wisker says.
"In those cases, an employer will probably not have the right to snoop on the employee’s use of the workplace computer for clearly private purposes such as social networking sites, bank account access, or personal emails.
"However, policies which clearly state that work systems are to be used for work purposes only, and/or that usage may be monitored and/or accessed, would give employers the right to view all employees’ internet and email traffic, including those that are personal,"
It’s also worth making the point that no employer permitting personal use of firm IT systems should do so without reserving the right to monitor that usage, the senior associate says.
Wellington barrister John Edwards sees the issue of your employer can acccess your Facebook activity as pretty black and white.
"Ever since forever, everyone's been pretty clear that you use your employer's property in full knowledge that it is only used for legitimate purposes, for limited personal purposes, and aware that what goes through the employers' servers the employer is entitled to access," he says.
"I haven't heard of any cases limiting that principle, so employees worried about it should maybe leave their Facebooking and the like until they're on their own devices."
What about snooping on a staff member doing thier personal banking at work?
Mr Edwards suggests there would be technical problems. Bank websites all have HTTP Secure (HTTPS) web pages, making it harder to pry (interestingly, Facebook is moving to adopt HTTPS, too).
One solution would be for to snoop by installing software that records every keystroke.
But Mr Edwards says, "I think an employer running key loggers would definitely be a step too far."
"Think" is the operative word here. The Privacy Act (1993) was drafted when the internet was closer to a gimmick that a mainstream office tool. An update is in train and might be put before Parliament before the end of this year. Meantime, there are a lot of shades of grey.
In the wake of the Air NZ case, Tech Liberty's Thomas Beagle pointed out there are also possible legal issues around privilege, asking "What if the person involved had been talking to their lawyer about this employment issue?"
He also said employer could also see unrelated personal information about a staff member - including sensitive information such as, for example, "Facebook chat to talk to a close friend about the sexual abuse they suffered as a child. Why should these people all be exposed to the sticky beaks who the person works for just because there is an employment dispute?"
On this point, Mr Edwards says, "Courts of all descriptions, including the ERA, need to ensure that all relevant information is available to the parties and the court in order to ensure the timely and just disposition of proceedings. They are able to deal with particular sensitivities by making appropriate orders to ensure the information is used only for the purposes of the proceedings, and only what is relevant.
"Even if the Court hadn't ordered discovery, it would have been open to any third party to disclose information without breaching the Privacy Act where the disclosure is necessary "for the conduct of proceedings before any court or tribunal".
It will be interesting to see how the pending Privacy Act update deals with these sorts of employer-employee digital privacy issues (the Employment Relations Amendment Bill also comes into play; see Chapman Tripp comments below).
Tech Liberty's Mr Beagle already has a firm position about where the boundary lies.
"Employers should not have the rights to snoop on everything we do. We wouldn't let them search our homes on demand and we shouldn't let them ransack our online lives looking for dirt," the civil liberties campaigner tells NBR.
RAW DATA: Chapman Tripp Brief Counsel
Disclosure order for Facebook, bank account - an outrage or fair play?
15 August 2013
Despite the excitable reaction from Tech Liberty, the Employment Relations Authority (ERA) was acting well within its powers when it ordered an employee to hand over her Facebook pages and bank accounts for the period in dispute1. [Read the full determination here - CK]
Rather unremarkable, really. Certainly not an unwarranted invasion of the employee’s privacy.
The employee concerned, Gina, was dismissed after she took sick leave, purportedly to look after her sister. Gina has challenged her dismissal. The genuineness of her sick leave is a central issue to the dispute.
As a defendant, Air NZ has a right to ask for disclosure of all material that could be relevant. Obviously this would include information which might shed light on Gina’s activities on the days in question.
If this suggests she was not caring for her sister, then any remedies to which she might otherwise be entitled - for any established failure by Air NZ in the manner in which it arrived at its decision to dismiss her - could be reduced. If the documents support her story, her claim for redress will be strengthened.
In considering requests for disclosure, the ERA must weigh up any competing interests to the material, including privacy interests.
That was the basis for the Employment Court’s order in Wrigley for the disclosure of interviews from other candidates in the selection process as a result of which Mr Wrigley was made redundant. The Court held that the material was relevant to the issues in dispute, and that Mr Wrigley’s interest in seeing the material outweighed the other employees’ rights to privacy.
It’s hard to see how a complainant’s own privacy interests can be said to compete with his or her obligation to disclose information. In Wrigley, the point was that an obligation to disclose may even overcome third party privacy interests.
Chapman Tripp comments
The Employment Relations Amendment Bill, now before the select committee, seeks to remedy the position in Wrigley by amending the duty of good faith in section 4 of the Employment Relations Act (ERA) to clarify that employers are not required to provide an employee with confidential personal information about another person, or evaluative material about the employee concerned, where the employer is proposing to make a decision that will, or is likely to, affect an employee’s continued employment.
This will bring the ERA largely back into line with the Privacy Act 1993 and is a welcome move. But it would do nothing to disturb the Authority’s finding in relation to Gina – and neither should it.
Employees challenging a dismissal must be taken to have waived their own privacy interests in material relevant to the dispute. This is a perfectly ordinary and reasonable rule and – indeed – one that applies to general civil disputes.
If anything, the decision serves not as a cause for concern but as a reminder for prospective litigants to think strategically of the benefits and risks of litigation.