The recent criticism of Facebook for potential privacy breaches has reinforced our collective consciousness around the importance of privacy settings and using devices and social media in a way that protects personal privacy. However what many people do not consider is who owns the device that they are using, and how this affects who has access to the information on it.
This is becoming an increasingly important issue in an employment context, where employees use work devices to send personal emails and texts or to engage with social media. In this situation employees often assume that their personal communications are private, but this is not necessarily the case.
Many employers have policies that make it clear that any information stored on work devices or sent from work devices can be accessed by the employer. This is perfectly legal where the employer has provided a work device for business purposes, and to this extent the employee should be aware that any personal communications might be viewed by their employer if there is reason to do so.
Employers may have a number of reasons to want to access data or information stored on a work device used by an employee. This includes where an employer has become aware of possible wrong doing by an employee and seeks to review their emails and/or texts to see if there is any information supporting this.
Device use can also be reviewed to determine an employee’s working habits, for example, when they are in the office, and how much time they might be spending on non-work related activities.
It is often astounding what employees send or receive using work devices, possibly under the misapprehension that if they delete it, the information will disappear. This, of course, is not the case, and forensic experts can retrieve almost anything on a device.
There have been numerous cases in which an employee has used a work device to view inappropriate even unlawful material, and has been disciplined or dismissed as a result. In other cases employees have been dismissed for sending or receiving inappropriate messages.
One such case is Toleafoa v Vodafone New Zealand Limited where the Authority upheld Vodafone’s decision to dismiss Toleafoa after she made disparaging remarks about her colleagues and managers to friends and family using her work email. The employee argued that the messages were personal, and not related to her employment.
Vodafone’s policy allowed employees to send personal emails, but stated that all messages generated on their system were the property of Vodafone and that inappropriate and coarse language was forbidden.
In another case, a teacher Raymond Lowther resigned from his job at Glen Eden Intermediate in 2016 after two students discovered explicit material on his work computer. After initially denying it he then tried to blame the use on his son. A forensic investigator was called in to search the laptop, and found that a number of inappropriate images and adult websites had been accessed on the work device.
The teacher eventually admitted to this conduct, but only after it was discovered that a minute after viewing this material, someone had accessed the New Zealand Home Loans website and transferred funds in relation to the teacher’s Home Loan. This ruled out the possibility that the teacher’s son had accessed the material.
The New Zealand Teacher’s Disciplinary Tribunal found that the use of the work computer to access pornography amounted to serious misconduct, and this was aggravated by the teacher’s failure to take responsibility for his actions.
In 2004, a distinguished Auckland Cardiologist was dismissed after taking pictures of his genitals on his work cell phone which was owned by his employer, the Auckland District Health Board. The cardiologist was granted name suppression and so was referred to in the judgment as X.
X had downloaded the images from his work cell phone to his work computer and then attempted to send them (unsuccessfully) to a friend using the DHB’s electronic mail system. He then attempted to delete the pictures, but they remained on the DHB computer system.
Although the doctor challenged his dismissal, and was ultimately reinstated, the Employment Court refused to award him compensation due to his significant contributory conduct.
Advances in technology mean that phones and computers can hold huge amounts of data and reveal a lot about a user’s personal habits. To the extent that any employee is concerned about what their employer may learn about them, the simplest solution is not to use their work devices for anything other than work.
Of course this is easier said than done, and most of us flick off the odd personal email whilst at work using a work device, as a matter of convenience. Whilst most employers have policies in place which allow for reasonable personal use, employees should assume that anything that they send or receive using a work device, could be viewed by their employer at any point. The bottom line is that employees should use work devices with caution.