Danger in staff e-mail checks

By CHRIS PATTERSON

In many businesses network usage policies give employers the right to monitor how staff are using the internet - what sites they're visiting and what e-mails they're sending and receiving.

If an employer provides internet access to staff for business purposes and is potentially liable for its misuse then it's reasonable for that employer to occasionally monitor staff network usage, especially e-mail. However, what may be reasonable and sensible may also be unlawful.

The Employment Court stated that the Privacy Act 1993 may restrict employers' monitoring of staff network usage. Last week Parliament sent the supplementary order paper relating to the Crimes Amendment Bill (No 6) to the law and order select committee. The bill which provides for the introduction of "anti-hacking" offences now also provides that e-mails, facsimiles and message pagers are "private communications" for the purposes of section 216B of the Crimes Act 1961.

Generally speaking that section makes it unlawful to tap a telephone conversation unless a party to the conversation ought reasonably to have expected that someone with their consent would intercept that conversation. If the bill is passed it will be unlawful to intercept e-mail. Therefore, employers who intercept staff e-mails may be in some circumstances breaching both the Privacy Act and the Crimes Act.

Giving staff unrestricted internet access has its risks. An appropriately drafted network usage policy can be an important step towards minimising the risk of liability for employers.

Employers need to appreciate the commercial and legal implications of giving their staff unrestricted access to the internet. The digital age has changed everything, especially when it comes to sending and receiving information. Large volumes of sensitive commercial information can be copied and transmitted anywhere in the world in a matter of seconds.

Computer misuse involving mainly teenage hackers who have been caught engaging in activities that range from the electronic equivalent of tagging to large scale fraud has attracted media attention. But contrary to popular belief, the greatest threat to commerce is not the bored high school student with a PC and too much curiosity. Rather, a number of studies in the United States have revealed that a significantly greater threat stems from internal sources. Disgruntled or dishonest employees are usually the ones responsible for their employers incurring financial losses through computer misuse.

The internet has made staff theft of intellectual property easier, but consider the potential for vicarious liability. Objectionable material found anywhere on a business' network could result in an employer being liable under the Films, Videos and Publications Classification Act 1993. An employer does not need to be aware of the existence of the material to be liable.

The Human Rights Act 1993 and the Employment Relations Act 2000 require employers to protect their staff from harassment and offensive e-mails could lead to harassment claims against employers. Employers can also be liable for e-mails containing defamatory statements.

A number of cases have come before the Employment Court involving employees' misusing their employer's e-mail system. In one case an employee had sent more than 600 e-mails of an objectionable nature. In another case an employee sent an e-mail to co-workers threatening them if they signed a proposed employment contract. In both cases the court referred to the importance of training staff and having an appropriate network usage policy.

* Chris Patterson is a solicitor with the Auckland law firm of Hesketh Henry: chris.patterson@heskethhenry.co.nz