Companies can monitor every keystroke a staff member makes made on their computer. Photo / Thinkstock
Workers can be watched as long as it is within the law, writes Diana Clement
Is your boss watching you? Employers have an arsenal of technology at their fingertips to monitor employees in New Zealand.
They can, for example:
* Read staff members' emails and instant messages
* Record websites visited, searches made and bandwidth used
* Monitor time spent on the phone, the numbers called and listen to recordings of conversations
* Track mobile phones and company cars using GPS software
* Video staff at work - covertly in some instances
* Monitor every keystroke made
* Measure typing speed, to see how efficient employees are.
That's enough to make even well-rounded employees paranoid and there is no doubt there is a clash of priorities between workplace privacy and employee monitoring.
It sounds very Big Brotherish. But there are plenty of reasons for employers to monitor staff. Just look at the internet. Productivity suffers when employees spend too much time surfing the net, posting on social networking sites, or instant messaging.
Other reasons to monitor employees include:
* legal liability issues
* potential security breaches
* preventing cyberstalking and/or harassment of employees
* avoiding copyright infringement by employees who use work servers for illegal downloads
* maintaining a company's professional reputation and image.
The internet is a really powerful tool for improving business efficiency. But it is also a great way for employees to waste time. Around 25 per cent of people believe work time is the time to organise their social lives and employers might quite rightly be miffed about the lack of productivity.
The good news is that no employer can do this willy nilly. There are laws to comply with.
"Before carrying out workplace monitoring or surveillance, employers need to take into account their obligations under legislation such as the Employment Relations Act and the Privacy Act," says Jennifer Mills, partner at Minter Ellison Rudd Watts Lawyers.
"In addition, the Privacy Act requires personal information to be collected only where this is necessary for a lawful purpose connected with the function of an organisation."
In most cases employees need to be told that they're being monitored.
"For example, it is common to monitor use of work email and internet, and the fact that this will occur should be covered by company policy and made clear to employees," says Mills. "The same considerations can apply to monitoring of, for example, telephone conversations [particularly in call centres] and GPS tracking of vehicles."
Business.govt.nz manager Katie Wellington recommends that all employers have an internet policy that states what acceptable use of the internet is.
"Your policy should make it clear that the web should be used mainly or solely for business purposes and define what 'limited personal use' of the internet means.
"Make sure your employees are aware of legal concerns, including copyright and intellectual property issues and the posting of defamatory comments on social networking sites, which you could be liable for.
"When developing a policy, consider any financial and security risks. Don't allow your staff to change computer settings and a set a rule that software may only be installed by authorised employees. Set limits on the size of downloaded files and ban employees from downloading inappropriate files to ensure any data caps are used efficiently."
Covert monitoring or surveillance is acceptable under the law in certain circumstances. Employers' use of covert video surveillance has been accepted as reasonable to investigate suspected theft, Mills adds.
There have been surprisingly few complaints to the ERA or the Privacy Commissioner about monitoring of employee email.
"Employees don't challenge it because it's expected these days." None-the-less, employers should have an internet policy pointing out that they own the equipment and there will be monitoring from time to time, says Mills.
There is an awful lot of software and tracking systems that an employer might use.
John Martin, senior security expert at IBM New Zealand, says when creating a system for an organisation IBM might use a number of protections including:
* IBM Guardian software, which can manage and report on access to a database, which can be useful for preventing unauthorised access and identifying data leaks
* Network and website intrusion prevention systems
* A proxy to prevent employees accessing certain material on the internet
Tivoli Endpoint Manager, which helps identify security breaches anywhere in the system from server to laptops.
While some companies lock down every aspect of their systems and block access to social networking sites, IBM itself has an open policy on the subject. Employees doing anything untoward are likely to get a shoulder tap, says Martin.
Despite the paucity of complaints about monitoring in New Zealand, employers should still be wary of certain types of unlawful staff monitoring, says Mills. They include monitoring staff vehicle use out of hours and setting up covert surveillance of changing rooms.
In one old, but still relevant case, says Mills, the Privacy Commissioner was asked to investigate the use of a hidden camera for surveillance of employees in a work locker room after stock started disappearing from the warehouse. One worker complained that the surveillance amounted to an invasion of his own and other workers' privacy.
The commissioner concluded that the video camera was pointed at one employee's locker, was not able to move and had no sound. The information collected could only be viewed by designated people and the videotape was to be destroyed once the matter had been resolved.
She said it was not reasonably practicable to draw the fact of filming to the complainant's attention as the surveillance was intended to film covert and unlawful behaviour. What's more, the locker room was not a private space intended for the removal of clothing.
Another case considered but not upheld by the Privacy Commissioner was that of a manufacturing company that proposed the use of a fingerscanning unit for clocking in and clocking out. There had been allegations of employees using the old time sheets and clock cards dishonestly, which led to the proposed introduction of the new technology.
The Engineering Printing and Manufacturing Union complained to the Privacy Commissioner that the unit would interfere with members' privacy.
However, the Privacy Commission's investigation found otherwise. Because the scanner checked for a pattern and did not keep an image of the fingerprint it could not be reverse-engineered to reconstruct a fingerprint.
Bruce Slane, the Privacy Commissioner at the time said: "I was not persuaded in the circumstances that there was sufficient evidence that the fingerscanning would be unfair or intrude to an unreasonable extent on the personal affairs of the employees."
'This is just so sad, just before Christmas' - liquidator Pritesh Patel on ProLink NZ.