Can you check an employee’s emails without their knowledge?

by Vanessa Andersen and Olivia Hillier16 Jun 2017
While email is a vital communication tool for businesses, an organisation is vulnerable to employees who misuse it. Employer monitoring of email may be necessary to identify misconduct or to prevent harm to the employer’s business.  

In a digital age where the line between personal and public is becoming increasingly blurred, the question often arises as to the rights of an employer to monitor employee email.

Australia is split on this issue. Australian private sector employers in states and territories other than NSW and the ACT can check employee’s emails without prior notice, agreement or policy. There are also special rules for public sector employers. Both NSW and the ACT have introduced legislation regulating private sector workplace computer surveillance.  

In NSW and the ACT, unless a covert surveillance authority is obtained from a magistrate, complying with the legislative requirements for overt surveillance will mean an employer can lawfully check emails when needed. These requirements are:

•    giving the employee 14 days’ written notice (or less if agreed) before commencing surveillance. Note: if surveillance has already commenced, or will commence in less than 14 days before a new employee joins, notice must be given to the new employee before they join;
•    the notice must identify how the computer surveillance will be conducted, its start date, its duration (specified period or ongoing) and whether it will be continuous or intermittent; and
•    the surveillance must be conducted in accordance with a policy notified to the employee in advance of the surveillance (it must be reasonable for the employer to assume the employee is aware of and understands the policy).

In the ACT, the policy must also meet certain content requirements, including providing information about how the computer resources are logged, who may access logged information and how compliance with the policy is monitored and audited.

Once the above requirements are met, employers in NSW and the ACT can check emails without their employee’s knowledge provided that the basis for checking is consistent with the reasons for monitoring given in the surveillance policy. As such, when preparing a computer surveillance policy, any desire to assure employees of their privacy needs to be balanced against legitimate monitoring purposes to avoid unreasonably fettering the employer’s prerogative to monitor its own IT email system.

Using the results

Employers must nonetheless take care when using surveillance results. Checking emails and relying on your findings in support of disciplinary action can be very helpful – but only when done lawfully and in accordance with communicated expectations regarding work email use.

In NSW and the ACT, covert surveillance results can only be disclosed as permitted by the surveillance authority. Overt surveillance results can be used more broadly. For example, the results can be used for a legitimate business purpose such as disciplinary action.

If the results are used to dismiss an employee and legislative requirements have not been met, or if the employer’s policy has not been complied with or is vague or contradictory, you can be certain that the employer will be staring down the barrel of a claim (unfair dismissal being the most obvious for eligible employees).  

For all employers, best practice is to have a clear policy about permitted use of work email and computer surveillance. The policy should state that work email is not private and may be monitored.

In NSW and the ACT, private sector employers need to take the further steps of notice and/or consent to that monitoring. The best way to obtain such consent is by including an appropriate clause in an offer letter or contract of employment.

This article was contributed by Vanessa Andersen (Partner) and Olivia Hillier (Special Counsel), Maddocks

Related stories:
 

COMMENTS

  • by Michael 16/06/2017 12:00:30 PM

    Surely if you provide notice in a policy that covers use of business emails about monitoring this would cover the employer and allow surveillance at any time.
    Should something be found and the employer follows a documented investigation process this would remove the need for any external permission.
    Am I correct in this line of thinking?

  • by Trent Dunn 16/06/2017 12:56:26 PM

    Hi Michael,

    I agree.

    Essentially, in my view, the actual time when the policy is promulgated is the commencement of the notice period (where relevant based on state of domicile) for current employees (new employees prior to commencement) therefore constitutes overt surveillance on an on-going basis hence no requirement for an external court order as this is only for covert surveillance.

    From experience, I generally suggest a broader "Workplace Surveillance Policy" which also covers additional surveillance measures such security cameras and broader IT matters (e.g internet usage). This is essentially aligned with the NSW Workplace Surveillance Act but a policy can be crafted in a manner the covers a National presence.

Most Read