When it comes to creating an ideal workplace, workplace online privacy is an aspect that can’t be ignored. The online privacy of employees is the responsibility that falls on the shoulders of leaders.
2019 saw one of the biggest data leaks in history. Over 540 million records about Facebook users were publicly exposed. 146 gigabytes of Facebook user data, including account names, IDs and details about comments and reactions to posts were exposed.
Even though this case is far removed from the average workplace, it does not mean the data privacy of employees at small and medium businesses is less important and not at risk.
Technology has become more sophisticated in all employment systems. Employers that are slow to deploy proper defences by leveraging technology will fail to not protect the online privacy of individuals, and in creating a safe and healthy workplace.
In this blog, we will answer the most asked questions on workplace privacy that will help Australian businesses to save themselves from the risk of non-compliance.
What is employee online privacy?
Any employer has limitations as to how much they can store and monitor their employee’s details and actions. This includes how an employer can monitor staff actions on the internet, correspondence and personal information.
What is personal information?
Personal information means any information about an individual that will help others to identify them. This information most commonly is their email and phone number.
Personal information is labelled as Personally Identifiable Information or PII in the USA, Personal Data in the UK and Europe and Personal Information in Australia, UK and Canada.
What kind of information can an employer collect and maintain?
The interests of employers solely are in an employee’s employment. So, information like skills, performance, professional conduct, terms of employment and details related to taxation can be collected by an employer.
Do employers have the right to monitor employees’ work devices such as laptops, desktops, servers and their internet activities?
Yes, employers have the legal right to do so, but there are certain limitations.
Generally speaking, it is legal for the employer to monitor the activities of employees on company property like desktops, laptops, phones and internet.
Workplace monitoring activities are covered by the Privacy Act, according to which, employers are supposed to inform their employees that they are being monitored.
On October 7th 2005, the Workplace Surveillance Act 2005 came into effect. This Act regulates video surveillance, tracking and computer surveillance including the monitoring and accessing of emails and tracking web history. This requires employers to comply with rules for both overt and covert surveillance.
Overt surveillance is the kind of surveillance where the subject knows that they are being monitored, whereas covert surveillance the subject does not know that they are being monitored.
It is also important to know that there is a statement in the Australian jurisdiction, from 16 January 2006 which reads – “There are no Australian laws preventing or regulating employer monitoring of employees’ use of the internet.”
Can employers monitor keystrokes, email content and screens?
Employers hold the right to monitor all activities of an employee at the workplace, but the device should be a work device, an employer cannot monitor the employee’s device. The employer also needs to notify the employee that their company device is being monitored.
Legal guidelines recommend that employers should provide employees with relevant policies. These should include the following:
- Explicit information on which activities are permitted and which are not.
- Identify the information that is being logged, for instance, the content of employee emails, internet activity, etc. and the people that have access to those logs.
- Indicate in general terms, the circumstances under which the employer might have to disclose the email’s content and to whom.
- Reference to the organisation’s computer security policy.
- Articulate in an easy-to-understand way the intentions of the company to monitor or audit staff compliance with its rules relating to acceptable usage of email and web browsing.
What is the regulatory framework?
Commonwealth privacy laws control the collection of personal information through the Australian Privacy Principles (APPs) within the Privacy Act. These laws apply to all private sector businesses having an annual turnover of more than $3 million.
Different states and territories have different telecommunication and surveillance laws. Employers are required to think carefully about any personal information that they collect, it has to be in accordance with the APPs.
Personal information means any information about an individual from which the identity of an individual can be acquired.
Employers should ensure that the personal information acquired shall not be:
- misused for purposes that are not employment-related
- interfered with or modified
- given unauthorised access
- disclosed to a third party illegitimately.
When can an employer disclose personal information?
There will be times when the employer will be required to disclose the employee’s information to third parties. These include:
- A Fair Work Inspector: Employers are required to provide this information, Under the Fair Work Act.
- Other governmental agencies: Australian Tax Office, for instance, has the power to ask for the information of your employees.
- Permit holder: The Fair Work Act allows a permit holder to inspect or copy documents. However, a permit holder will not be able to inspect or copy documents if it contravenes federal law, including the Privacy Act, or any state law.
- Information can also be collected from a protected action ballot.
- Information collected for reference purposes: Providing information that directly relates to the employment relationship will not be in breach of the Privacy Act.
It is important to note that employers should generally seek the employee’s consent before disclosing personal information. Also, before providing the information to third parties they should understand the legalities of the matters thoroughly.
What is information for references?
At times employers are contacted by other possible employers regarding information related to a former or current employee. The information could be the performance of the employee, salary details, professional conduct, personal leave and sick leave is taken, etc.
An employer in this case is not supposed to disclose this information without the consent of the employee whose information is to be shared.
Privacy in the workplace is important because of the following three legal issues: unfair dismissal claims, protection against discrimination, and WHS and workers’ compensation.
Reduces Unfair dismissal claims:
Workplace online privacy policies avoid disputes with employees by ensuring they understand what kind of information is being collected about them, and what is being monitored. Policies should also disclose how the organisation handles the information which is collected.
Safety for all:
Workplace online privacy training reduces the likelihood of invasions of privacy in the workplace.
Maintaining Brand Identity:
With clear rules on what can and cannot be posted on the company’s social media page, you will also be able to safeguard your reputation from the probable damage caused by the invasion of privacy of you or your employees. You will also be able to prevent non-professional conduct of employees on the internet or social media.
Enhance workplace culture:
When proper policies and training are set in place employees are more inclined to do the right thing. This also increases engagement and trust by supporting a workplace culture that respects people’s right to privacy. And you gain competitive advantage by becoming an employer of choice.
What is the best practice for employers?
Proper workplace compliance policies ensure that employers, employees, volunteers, suppliers, contractors or anyone else related to the organisation knows their rights and responsibilities while using technology.
Employees sensitive information should be collected only when necessary, it should be discreetly kept, its access should be restricted and anyone who needs to access this information must sign a confidentiality agreement. The information should be destroyed when not needed.
Here are the five fundamental steps that every high-trust organisation should comply with to ensure an environment that has employee privacy protected effectively.
- Understand the potential risks associated with mishandling of employee’s personal information.
- Your HR and Compliance Managers should make sure that the company’s workplace privacy policies are in line with standards of practice and legal requirements.
- The most effective way of making sure your organisation is compliant is by providing all employees training with online workplace compliance courses.
- Enable tight security measures to ensure employee privacy.
- Follow-up with refresher training and ensure that policies and procedures are implemented.
It’s clear that larger Australian employers with operations across State/Territory boundaries face an array of overlapping – and at times conflicting – laws imposing obligations in relation to employees’ personal information.
Check out our online privacy workplace policy builder that can not only help you with online privacy policies for employees but also ensure that they are stored and implemented effectively.
Our online privacy course will make your employees aware of their rights and responsibilities when it comes to their online privacy.
Get a free demo of our online privacy course on 1300 040 589 or mail us on email@example.com.