Can employers monitor their employee’s use of company property?
In general, an employer has a right to monitor an employee’s use of company property (e.g. a work computer), but there are limits to this right. Laws that relate to monitoring and surveillance vary across Australian states and territories and can be very complex.
This article considers the case of Madzikanda v Australian Information Commissioner [2023] FCA 1445, which examines whether monitoring an employee’s use of company property breaches the Privacy Act 1988 (Cth) (Act).
The Act provides 13 legally binding principles, known as the Australian Privacy Principles (APPs), which concern the collection, use, disclosure and storage of personal information and applies to Australian government agencies and all private sector organisations.
However, the Act exempts private sector organisations from complying with the APPs when handling employee records relating to current or former employees that are directly related to the employment relationship or records concerning individual employees.
An ‘employee record’ for the purposes of the Act means a record of personal information relating to the employment of the employee. Apart from an employee’s health information, other examples include:
- the engagement, training, disciplining or resignation of the employee
- the termination of the employment of the employee
- the terms and conditions of employment of the employee
- the employee’s personal and emergency contact details
- the employee’s performance or conduct
- the employee’s hours of employment
- the employee’s salary or wages
- the employee’s membership of a professional or trade association
- the employee’s trade union membership
- the employee’s leave entitlements
- the employee’s taxation, banking or superannuation affairs.
This means that the Act and the APPs will only apply to an employee record if the information used is for a purpose that is not directly related to the employment relationship.
A recent case example
The case of Madzikanda v Australian Information Commissioner [2023] FCA 1445 relates to a judicial review of a decision of the Office of the Australian Information Commissioner (OAIC). The facts of this case serve as an important reminder that employers should ensure they have policies relating to the use, surveillance and monitoring of company property.
In Madzikanda, the applicant was suspended from his employment and was required to surrender his work laptop. The work laptop was used by the applicant for a number of years, and during that time, had stored personal information on the laptop including passwords to online accounts such as banking, private email accounts and his personal OneDrive and iCloud accounts.
The applicant received a letter of allegations on 13 June 2019 referring to a conversation contained in a private email that he was working on projects that were in competition with the employer during company time. The applicant was dismissed on 17 July 2019.
The applicant subsequently lodged a complaint with the OAIC, alleging that their employer had used personal information held on the laptop. The employer denied that this had occurred.
After considering the material provided, the OAIC determined, amongst other things, that the employer’s actions were not subject to the APPs in the Act as:
- the information on the laptop was an employee record and was subject to the exemption under the Act on the basis that the information was subject to monitoring in accordance with the employer’s policy
- the employer’s actions in dealing with the applicant’s personal information in the laptop were directly related to the employment relationship at the time and directly related to the employee records relating to the applicant
- even if the exemption did not apply, there were reasonable arguments that the employer had not breached various APPs.
More particularly, the OAIC held that:
“I consider that you were aware that the work computer was not your private property, and that any data saved to the computer may have formed part of your employee records, as it was subject to routine monitoring and review.”
The OAIC determined that an investigation was not warranted as the complaint had little prospects of further practical or satisfactory resolution. The OAIC further determined that it would be an inefficient and unproductive use of the OAIC’s resources and powers to investigate the complaint further.
Judge Wheelahan dismissed the application and found that the OAIC’s decision did not contain an error of law, as “further investigation of the complaint was not warranted having regard to all the circumstances”. The court did not consider the OAIC’s decision on the “employee records” exemption.
Review of the Act
The Australian Government is currently reviewing and considering reforms to the Act, following its response to the proposed changes released on 28 September 2023. Our previous articles outline the proposed changes: ‘Privacy law changes – now is the time to prepare’ and ‘Australia’s Privacy Act review: What you need to know’.
It is possible that the “employee records exemption” may be subject to reform as part of this review. As at the date of this article, the proposed changes remain under review and consultation.
If you have any questions regarding this article, please get in touch with a member of our team below.
Disclaimer
The information in this bulletin is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this bulletin is accurate at the date it is received or that it will continue to be accurate in the future.
Share this
Source link