WHAT YOU SHOULD KNOW BEFORE MONITORING EMPLOYEES’ EMAILS
In today’s world, it is virtually impossible to conduct business without using some form of electronic communication. Many employers provide electronic resources such as e-mail and internet facilities to their employees to enable them to carry out their duties and functions.
The inevitable question is whether or not employees can claim a right to privacy when using their employer’s electronic resources. In answering this question, the constitutionally enshrined right to privacy must be forefront in our minds. After all, this includes a person’s right not to have the privacy of their communications infringed. Similarly, the common law provides that individuals have an objectively reasonable expectation of privacy which may not be wrongfully or intentionally interfered with. This protection extends to the collection, processing and storage of personal information as well as to the disclosure of personal information to third parties.
However, the right to privacy, like other rights contained in the Bill of Rights, is not absolute.
The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 70 of 2002 (the Act), which applies to direct oral communications and to indirect communications such as the telephone, voicemail, e-mail, the internet and an internal mail system, prohibits the interception of employees’ communications except in certain circumstances.
Essentially a communication may be intercepted by anyone who is a party to the communication, unless the purpose of the interception is to commit a criminal offence, or with the written consent of a party to the communication.
A communication may also be intercepted in the course of carrying on any business if it relates to that business; or if it takes place in the course of carrying on that business, as long as it is done with the consent of the telecommunication system controller who is usually the chief executive officer or a duly authorized officer of the employer. In addition, a communication may be intercepted if the purpose of the interception is either to establish the existence of facts; to investigate or detect unauthorized use of the telecommunication system; to secure the effective operation of the telecommunication system; or to monitor calls to confidential telephone counselling or support services. Further, in order for interception to legally occur, the telecommunication system must be provided for use wholly or partly in connection with that business; and the system controller must have either made all reasonable efforts to inform all potential users of the system in advance that communications may be intercepted, or obtained the express or implied consent (not necessarily in writing) of the user to the interception.
What this effectively means is that before an employer can justify intercepting its employees’ communications, there must be a valid business rationale to do so. However, whether or not this would permit an employer to intercept all communications is yet to be determined by our courts. Arguably, the monitoring and protection of the business from abuse of its online resources may be sufficient justification.
What employees need to understand is that evidence that has been unlawfully obtained is not necessarily inadmissible in civil proceedings. A court or arbitrator has, in certain circumstances, the discretion to admit unlawfully obtained evidence. Thus an employer may be able to use unlawfully obtained evidence to justify dismissing employees for misconduct. However, this approach is risky as, if the evidence is not permitted in any subsequent proceedings, the employer may not be able to prove that the dismissal was for a fair reason. A greater risk is that the employer may be held criminally liable for breaching the Act. A failure to comply with section 6(2) of the Act is an offence and carries a penalty of a fine not exceeding ZAR 2 million or imprisonment of up to 10 years.
In order to safeguard the business, employers should implement an acceptable usage policy which regulates the use of its electronic resources and provides, among others, that employees do not have an expectation of privacy when using company owned electronic resources. Obtaining the employees consent to intercepting communications when using these resources would go a long way to ensuring that the employer’s conduct in this regard does not fall foul of the Act.