Since email first entered the workplace, employers have questioned the extent to which they should allow employees to send personal emails. It is similarly questionable whether employers have the right to monitor and, if necessary, use information contained in their employees’ personal emails.
Most employees send occasional personal messages from work. This is accepted by a number of employers and, with increased working hours, the debate regarding employee privacy surfaces more frequently.
Unfortunately for employers, the issue is not clear-cut. The employee’s expectations and rights to privacy must always be weighed against the employer’s right to monitor its own systems.
The European Court of Human Rights recently handed down a decision on employee rights to privacy in this context, ruling that the employer was entitled to scrutinise personal messages.
As part of a European employer’s investigation, it accessed personal messages sent by an employee to friends and family. Despite the employee’s objections, these messages were used in the disciplinary proceedings as well as in the subsequent court cases.
Ultimately, the court held that the monitoring and use of the personal messages was a proportionate interference in the employee’s right to privacy and that the employer was entitled to access and use the communications.
The decision has been widely reported and, while it looks like good news for European employers, the outcome of the case was particular to its facts. Monitoring an employee’s emails can still be risky in Hong Kong.
In most jurisdictions in Asia, %an employee’s right to privacy and correspondence will likely be considered, even in the context of workplace communications. Unregulated and disproportionate monitoring of employee communications could therefore land employers in hot water.
The Best Practice
The key to mitigating risk when accessing and monitoring employees’ personal emails is to manage employee expectations. Employers should ensure that they have internal policies to deal with this issue and that those policies are made available to new employees.
The policies should be clear about any restrictions that apply to the use of electronic systems. They should state whether the employer may access and read all employee communications (and the circumstances in which they might do so) and that disciplinary action may be taken against employees who do not comply with the policy.
Documentation matters a great deal in these situations. If the employer intends to review an employee’s emails or communications, it should generally prepare a detailed note (i.e. an impact assessment) in advance, setting out the basis for, and limitations to, the review. This is useful evidence in an event where the employee challenges the employer’s actions from a data privacy perspective.
Policies should be complied with by all – including employers. If employers fail to comply with their own internal policies on data protection and surveillance, employees may not only have a data privacy claim, but this may also give rise to some form of breach of contract claim.
While employers need to draw a clear line in the sand – and avoid stepping over it – employees need to stay inside the bounds of their professional obligations.
Employees should review and understand their employer’s policy on the use of electronic systems and monitoring, and can take steps to keep their personal messages private.
They can also use their own device when sending private messages or using social media, for instance. As Wi-fi is part of a company’s internal systems, over which they may have control, employees can use 3G or 4G connections on their device to keep their communications private. They can also mark personal emails or communications as private.
The spotlight continues to fall on data privacy standards. Employers need to ensure that they put equal work into both internal data policies and external data security.
This article appeared in the Classified Post print edition as Can an employer monitor personal emails?