Many employers supply their employees with smartphones to assist them to perform their role. It is only natural that an employer would want to use any data or information stored or accessed on that device, particularly when the employee leaves the business, or where the employer has reason to question an employee’s fidelity.
Smart phones are repositories of significant amounts of data about their user’s activities and location, including their emails, websites visited, and apps used (including social media). However, an employer’s right to access that information (at least in New South Wales and the ACT) is limited by workplace surveillance legislation.
In New South Wales, the legislature enacted the Workplace Surveillance Act 2005 (NSW) (the Act). That legislation prescribes the way in which employers can legitimately use camera, computer and tracking surveillance, to monitor an employee whilst they are at work. For completeness, the ACT legislation (the Workplace Privacy Act 2001 (ACT) largely covers the same ground as the NSW legislation), and the Victorian Surveillance Devices Act 1999 (VIC) prohibits the use of optical and listening devices in certain proscribed circumstances (for example, in toilets, washrooms etc).
Whilst the usage of smartphones was not at the front of mind when this legislation was enacted (the first Apple iPhone was only released in around 2007!), the ‘computer surveillance’ requirements under the Act have particular relevance for employers who wish to access information on an employee’s smartphone.
Types of the surveillance
The Act covers various methods of surveillance of employees, including cameras, computers and tracking devices. Fundamentally, workplace surveillance can only commence once employees have received proper notification or their employer has obtained Court approval to conduct covert surveillance.
Relevant to the use of smartphones, under the Act, computer surveillance means surveillance by means of software or other equipment that monitors or records the information input or output or other use of a computer and includes but is not limited to the sending and receipt of emails and the accessing of websites.
Computer surveillance can only be carried out in accordance with a policy of the employer on computer surveillance of employees at work, and employees must be notified in advance of that policy in such a way that it is reasonable to assume that the employee is aware of and understands the policy.
Under section 10(4) of the Act, a written notice must be given to employees 14 days prior to the commencement of any surveillance or prior to the commencement date of a new employee. The notice must indicate:
- The kind of surveillance to be carried out (camera, computer or tracking).
- How the surveillance will be carried out.
- When the surveillance will start.
- Whether the surveillance will be continuous or intermittent, and whether the surveillance will be for a specified limited period or ongoing.
The default position is that unless an employer has complied with the notification requirements, it is not entitled to conduct surveillance of an employee’s smartphone.
It is important to remember that the Act imposes limits on the blocking by employers of emails and internet access of employees at work. The Act also specifically prevents employers from blocking access to emails or internet sites because the content relates to industrial matters, or where an email is sent by or on behalf of an industrial organisation.
Penalties for breach
Employers need to be aware that all casual, temporary, agency workers, and volunteers need to be informed of the employer’s email and internet usage policy to avoid any penalties which may arise from conducting surveillance without effective notice.
In the event of non-compliance, employers may be exposed to civil penalties under the Act, and may also find it more difficult to use any information obtained as evidence in a court or commission (for instance, in the defence of an unfair dismissal claim).
Tips for Employers
- Ensure that employees are given the appropriate notification of the surveillance that will occur.
- Develop and maintain an appropriate policy on workplace surveillance that explains the type and nature of the workplace surveillance.
- Ensure its surveillance policy is developed in conjunction with the employer’s IT usage and Social Media policies, that deals with appropriate smartphone and social media usage.
- Provide employees with appropriate training in relation to its policies, and ensure employees understand them.
If you are in doubt as to whether your organisation’s surveillance practices comply with the relevant legislation, seek legal advice.