How to search an employee’s computer and email (legally)

You start to notice that an employee has more meetings outside the office than normal. You don't know who these meetings are with. Are you suspicious? You then notice that the same employee always leaves the office to take calls on his mobile phone. Does this make you more suspicious? And then, whenever you approach this employee's desk, you notice that he switches screen from his web browser to Word before you draw near. Now are you suspicious?

Whilst we would all like to have explicit trust in all our employees, there are some behaviours that just arouse suspicions and the answers to these questions will often lie somewhere in your employee's hard drive.

But can you search it?

If you were staying in a hotel how would you feel if the maid came in to your room and started going through your belongings on the instruction of the hotel? Not very impressed I'm sure because even though the room belongs to the hotel, and the maid has a right of access to your room for preparing it, we nevertheless have an expectation of privacy. That expectation may not be the same if we leave something in plain view of the maid to see, but if we put it in a drawer then we expect it to remain private.

Now consider the work computer. You own the computer and the hard drive. Your employees use it for business and personal use with your permission. Does that give you the right to look through their personal information? The answer will depend on what your employees' expectation of privacy is.

What is your employee's expectation of privacy?

If you could take a random cross section of employees of the street and asked them this question, you would probably get a variety of answers. But the correct answer is actually determined by you: it depends on how you have communicated that expectation to your employees. The way you communicate it is through policies.

The way you frame your computer/internet policy is entirely up to you. For example, if you say that work computers are only to be used for business purposes, then there would be very little expectation of privacy by employees. However, most employers recognise the need to allow personal use provided it is reasonable. That's when things start to get a little grey. In these circumstances there is a modified expectation of privacy. If you stipulate that email use and browsing history may be monitored, then the employee can reasonably expect you to monitor such things for policing further breaches of policy (e.g. excessive use of the internet or use of objectionable websites) or breaches of the employment agreement (e.g. breaches of the duty of confidentiality). However, such monitoring needs to be measured and would not extend to acquiring personal details about your employees that had no relevance to any of these things (details about personal relationships, marital conflicts etc).

The consequences of getting it wrong

If you don't have well drafted policies in place, then two things could happen. First, you may struggle to justify a dismissal in the Employment Relations Authority based upon the evidence you have obtained or you may end up with an unjustified disadvantage claim if the employee finds out what you have done. Second, you may end up with a complaint to the Privacy Commission. Neither of course is palatable so it is best to spend some time making sure your policies are correct and allow you to do the searching that you need.

You should also keep your policies under review

Once you have set your policies up, make sure that you keep them under review. We are currently in an age where technology is moving very quickly and your policies need to reflect that. For example, many employers now give their employees smart phones whose location can be tracked using the inbuilt GPS - again if you monitor an employee's whereabouts make sure you have a policy to that effect.  For an audio discussion of the use of the GPS tracking software and Smartphones click here (interview courtesy of Radio NZ).

If you are looking for sample internet and computer policies, templates are available in the Secret Library.
The last thing you want is to suspect that your employee may be passing confidential information to a competitor and be hamstrung in terms of what parts of the hard drive you can search if at all.
Print this pageEmail to a friendUse this article in your newsletter/magazine