When it comes to creating an ideal workplace, workplace online privacy is an aspect that can’t be ignored. The online privacy of employees is a responsibility that falls on the shoulders of leaders.

2019 saw one of the biggest data leaks in history. Over 540 million records about Facebook users were publicly exposed. 146 gigabytes of Facebook user data, including account names, IDs and details about comments and reactions to posts, were exposed.

Even though this case is far removed from the average workplace, it does not mean the data privacy of employees at small and medium businesses is less important and not at risk.

Technology has become more sophisticated in all employment systems. Employers that are slow to deploy proper defences by leveraging technology will fail not to protect the online privacy of individuals and to create a safe and healthy workplace.

In this blog, we will answer the most asked questions on workplace privacy that will help Australian businesses save themselves from the risk of non-compliance.

What is employee online privacy?

Any employer has limitations as to how much they can store and monitor their employee’s details and actions. This includes how an employer can monitor staff actions on the internet, correspondence and personal information.

What is personal information?

Personal information means any information about an individual that will help others to identify them. This information most commonly is their email and phone number.

Personal information is labelled as Personally Identifiable Information or PII in the USA, Personal Data in the UK and Europe and Personal Information in Australia, UK and Canada.

What kind of information can an employer collect and maintain?

The interests of employers solely are in an employee’s employment. So, information like skills, performance, professional conduct, terms of employment and details related to taxation can be collected by an employer.

Do employers have the right to monitor employees’ work devices such as laptops, desktops, servers and their internet activities?

Yes, employers have the legal right to do so, but there are certain limitations.

Generally speaking, it is legal for the employer to monitor the activities of employees on company property, such as desktops, laptops, phones, and the Internet.

Workplace monitoring activities are covered by the Privacy Act, according to which employers are supposed to inform their employees that they are being monitored.

On October 7, 2005, the Workplace Surveillance Act 2005 came into effect. This Act regulates video surveillance, tracking and computer surveillance, including the monitoring and accessing of emails and tracking web history. This requires employers to comply with rules for both overt and covert surveillance.

Overt surveillance is the kind of surveillance where the subject knows that they are being monitored, whereas in covert surveillance the subject does not know that they are being monitored.

It is also important to know that there is a statement in the Australian jurisdiction, from 16 January 2006 which reads – No Australian laws are preventing or regulating employer monitoring of employees use of the internet.

Can employers monitor keystrokes, email content and screens?

Employers hold the right to monitor all activities of an employee at the workplace, but the device should be a work device, an employer cannot monitor the employee’s device. The employer also needs to notify the employee that their company device is being monitored.

Legal guidelines recommend that employers should provide employees with relevant policies. These should include the following:

  • Explicit information on which activities are permitted and which are not.
  • Identify the information that is being logged, for instance, the content of employee emails, internet activity, etc. and the people that have access to those logs.
  • Indicate, in general terms, the circumstances under which the employer might have to disclose the email’s content and to whom.
  • Reference to the organisation’s computer security policy.
  • Articulate in an easy-to-understand way the intentions of the company to monitor or audit staff compliance with its rules relating to acceptable usage of email and web browsing.

What is the regulatory framework?

Commonwealth privacy laws control the collection of personal information through the Australian Privacy Principles (APPs) within the Privacy Act. These laws apply to all private sector businesses having an annual turnover of more than $3 million.

Different states and territories have different telecommunication and surveillance laws. Employers are required to think carefully about any personal information that they collect, it has to be in accordance with the APPs.

Personal information means any information about an individual from which the identity of an individual can be acquired.

Employers should ensure that the personal information acquired shall not be:

  • misused for purposes that are not employment-related
  • interfered with or modified
  • given unauthorised access
  • disclosed to a third party illegitimately.

When can an employer disclose personal information?

There will be times when the employer will be required to disclose the employee’s information to third parties. These include:

  • A Fair Work Inspector: Employers are required to provide this information, Under the Fair Work Act.
  • Other governmental agencies: The Australian Tax Office, for instance, has the power to ask for your employees’ information.
  • Permit holder: The Fair Work Act allows a permit holder to inspect or copy documents. However, a permit holder will not be able to inspect or copy documents if they contravene federal law, including the Privacy Act or any state law.
  • Information can also be collected from a protected action ballot.
  • Information collected for reference purposes: Providing information that directly relates to the employment relationship will not be in breach of the Privacy Act.

It is important to note that employers should generally seek the employee’s consent before disclosing personal information. Also, before providing the information to third parties, they should understand the legalities of the matters thoroughly.

What is the information for references?

At times employers are contacted by other possible employers regarding information related to a former or current employee. The information could be the performance of the employee, salary details, professional conduct, personal leave and sick leave taken, etc.

An employer, in this case, is not supposed to disclose this information without the consent of the employee whose information is to be shared.

Why are the online workplace privacy policy and training important?

Privacy in the workplace is important because of the following three legal issues: unfair dismissal claims, protection against discrimination, and WHS and workers’ compensation.

Reduces Unfair dismissal claims:

There have been numerous cases of unfair dismissal by employees due to the improper use of social media. Employees also feel that being monitored on social media is an invasion of their privacy. Your workplace privacy policy should inform employees about their rights and responsibilities and also what the organisation is entitled to collect according to the law. This can reduce these claims.

Ensures Transparency:

Workplace online privacy policies avoid disputes with employees by ensuring they understand what kind of information is being collected about them and what is being monitored. Policies should also disclose how the organisation handles the information that is collected.

Safety for all:

Workplace online privacy training reduces the likelihood of invasions of privacy in the workplace.

Maintaining Brand Identity:

With clear rules on what can and cannot be posted on the company’s social media page, you will also be able to safeguard your reputation from the probable damage caused by the invasion of privacy of you or your employees. You will also be able to prevent employees’ non-professional conduct on the internet or social media.

Enhance workplace culture:

When proper policies and training are set in place, employees are more inclined to do the right thing. This also increases engagement and trust by supporting a workplace culture that respects people’s right to privacy. And you gain a competitive advantage by becoming an employer of choice.

What is the best practice for employers?

Proper workplace compliance policies ensure that employers, employees, volunteers, suppliers, contractors or anyone else related to the organisation know their rights and responsibilities while using technology.

Employees’ sensitive information should be collected only when necessary, it should be discreetly kept, its access should be restricted, and anyone who needs to access this information must sign a confidentiality agreement. The information should be destroyed when not needed.

Here are the five fundamental steps that every high-trust organisation should comply with to ensure an environment that has employee privacy protected effectively.

  1. Understand the potential risks associated with mishandling of employee’s personal information.
  2. Your HR and Compliance Managers should make sure that the company’s workplace privacy policies are in line with standards of practice and legal requirements.
  3. The most effective way of making sure your organisation is compliant is by providing all employees training with online workplace compliance courses.
  4. Enable tight security measures to ensure employee privacy.
  5. Follow up with refresher training and ensure that policies and procedures are implemented.

It’s clear that larger Australian employers with operations across State/Territory boundaries face an array of overlapping and, at times, conflicting laws imposing obligations in relation to employees’ personal information.

Check out our online privacy workplace policy builder, which can not only help you with online privacy policies for employees but also ensure that they are stored and implemented effectively.

Our online privacy course will make your employees aware of their rights and responsibilities when it comes to their online privacy.

Get a free demo of our online privacy course at 1300 040 589 or email us at info@sentrient.com.au.