LEGAL CLINIC: Big Brother CAN watch!

You fire up your Web browser at work to check out some holiday plans. Your boss might be on the other side of the building, but they can still be watching which sites you surf and how much time you spend doing it. Is that legal?Consider the other side of the coin. You run a small business that requires your employees to use e-mail on a daily basis. You don't monitor staff e-mail.

One day, you are served with legal papers naming your business, as well as your employee, as co-defendants in a breach of copyright action. Could you be liable? What action can you take against your employee?Most employers realise that direct employee access to e-mail, and to the World Wide Web, is a crucial part of doing business today.

On the other hand, many employees, particularly those who work in an office environment, think they are entitled to use e-mail for personal business, and tend to presume that their e-mail is private. Employers, however, want to be able to find out if offensive material is coming in, or trade secrets are going out. Where is the line to be drawn?The answer is that it is up to the employer to decide what level of access will be provided and what the permitted uses of e-mail and Internet access are. The computer network belongs to the employer, and the employer is entitled to place conditions on its use, just as they are for any other asset.

Employers can be liable for the actions of their employees in relation to matters as diverse as breaches of copyright, defamation and discrimination (including sexual harassment.) These matters are worthy of serious attention on the part of the employer. The best solution is to develop an effective Internet and e-mail policy, which is capable of being enforced and is actually enforced.

Every employer should have a clear policy relating to employee use of e-mail and the Internet. That policy should be made known to all employees, and be readily accessible to employees for reference purposes. If your staff has access to e-mail, and you don't have a staff policy in place, you are sitting on a time bomb.

As an employee, you shouldn't assume that your e-mail is private, even if it is protected by a password. At present there is no private sector privacy legislation in Australia that renders it unlawful for employers to monitor employee e-mail, and there is commercially available software which makes the monitoring process simple. Deleting the e-mail from your mailbox also doesn't guarantee that there is no back-up elsewhere on the network.

Cases involving employees who have been fired because of misuse of e-mail or Internet access are now starting to come before the courts. One recent case in the Australian Industrial Relations Commission involved an employee who had actually been responsible for setting up his employer's monitoring system, and then breached the policy which he himself had drafted. The Commission found that, because the employee occupied a trusted position, the termination of his employment was not unfair. However, the Commission held that counselling may well have been appropriate in the case of a more junior employee.

It is also important to ensure that an appropriate investigation is carried out before action is taken against an employee, whether in the workplace or elsewhere. An employee might innocently follow a link to an unauthorised site and leave that site as soon as its true nature is discovered. It would almost always be unreasonable to dismiss that employee, although a warning to be more careful in future would be warranted. Equally, it would be unreasonable to terminate an employee because they had received an "off-colour" e-mail from a friend outside the company. The position would be different if that e-mail was then forwarded to all staff.

As a general guide, employees should only put in an e-mail what they would be happy to put in an open letter. If not, they shouldn't send it.

There's no doubt that the growth of Internet use in the workplace is currently outpacing the ability of the law to keep up. But with common sense and clear guidelines from the employer as to what is permitted, the intervention of the law hopefully won't be required.

(With thanks to Angus MacInnis, solicitor, Barker Gosling.) The material contained in this article is no more than general comment. Readers should not act on the basis of the material without professional advice relating to their particular circumstances.

Mark Addison is IT partner at legal firm Barker Gosling. Contact him at