| d Internet Usage - Downloading and Surfing
Studies have estimated that 70% of all pornographic traffic on the Internet takes place during working hours. Indeed, in one U.S. study, nearly 10% of surveyed employees admitted to recreational Internet surfing at pornographic sites on company time. The downloading of inappropriate content consumes
Internet bandwidth at the expense of the business.
Some content is illegal. Under the Child Trafficking and Pornography Act 1998, anyone who knowingly possesses child pornography is guilty of an offence. Receiving an email attachment which, when opened, contains child pornography is not an offence, provided that the recipient did not receive such
pornography "knowingly".
Most individuals who are prosecuted under the Act will have downloaded or even ordered the child pornography online. As nearly all data traffic can be traced at some point on the Internet , there will be evidence of their having taken an active part in the procurement process. Sometimes an individual can be positively identified from information on the face of the transmission. In other cases, an individual or
organisation (and therefore ultimately the individual) can be inferred from the Internet address they are using.
More worrying for employers is the implication in the Act that a failure on their part to put in place procedures to guard against the distribution of such material in the workplace could leave them open to prosecution. It is wise, therefore, to put in place a strict policy absolutely prohibiting accessing or
downloading such material in the workplace.
In addition, employers should note that if a workplace Internet policy does not specifically state that downloading or distributing adult pornography constitutes gross misconduct, then summarily dismissing an employee who is shown to have engaged in such activity may leave the employer open to an action for unfair dismissal. Again, the workplace internet policy should cover this issue clearly.
e Data Protection
When it comes to data protection issues in the workplace, one
of the most active issues is whether an employer can access and
read staff emails. The Data Protection Commissioner has issued
the following guidance notes on the subject:
"The Data Protection Commissioner accepts that
organisations have a legitimate interest to protect their
business, reputation, resources and equipment. To achieve
this, organisations may wish to monitor staff's use of email,
the Internet, and the telephone. However, it should be
noted that the collection, use or storage of information
about workers, the monitoring of their email or Internet
access or their surveillance by video cameras (which
process images) involves the processing of personal data
and, as such, data protection law applies to such
processing. The processing of sound and image data in the
employment context falls within the scope of the Data
Protection Laws".
The Commissioner's guidelines go on to set out a number of
issues that must be addressed by employers. These include:
- The legitimate interests of the employer - to process
personal data that is necessary for the normal development
of the employment relationship and the business operation - justify certain limitations to the privacy of individuals at the
workplace. However, these interests cannot take
precedence over the principles of data protection,
including the requirement for transparency, fair and lawful
processing of data and the need to ensure that any
encroachment on an employee's privacy is fair and
proportionate. Monitoring, including employees' email or
Internet usage, must comply with the transparency
requirements of data protection law. Staff must be
informed of the existence of the surveillance, and also the
purposes for which personal data are to be processed.
Only in exceptional circumstances associated with a
criminal investigation, and in consultation with the Garda,
should resort be made to covert surveillance
- Monitoring and surveillance is subject to data protection
requirements. Any monitoring must be a proportionate
response by an employer to the risk he or she faces, taking
into account the legitimate privacy and other interests of
workers
- At a very minimum, staff should be aware of what personal
data the employer is collecting about them (directly or from
other sources). Staff have a right of access to their data
under section 4 of the Data Protection Acts
- Any personal data processed in the course of monitoring
must be adequate, relevant and not excessive and not retained
for longer than necessary for the purpose for which the
monitoring is justified.
In short, the answer to the question of whether or not an
employer can read an employee's emails will depend on the
individual case, the culture and contract of employment, and the
reasons for reading the email. It is likely, however, that in a
business where an employee has the agreement - stated or
implied - of his employer to send personal emails, then
accessing these emails would constitute a breach of the Data
Protection Act.
In addition, if you intend to monitor web access by employees,
you should inform employees both of this policy, and the basis on
which their web access records will be accessed and by whom.
A separate issue, but one which causes difficulty for many
businesses, arises when personal data relating to an employee is
disclosed to others. This may happen inadvertently, such as when
files relating to one staff member are attached in error to an
email going out to other staff. However, employers can also find
themselves in difficulty for what might, on their face, appear to
be innocuous messages.
For example, even a congratulatory email to an employee on
her 60th birthday which has been copied to all other employees
would probably constitute a breach of the provisions of the Data
Protection Act, in the event that the employee did not consent to
the release of personal data such as this to his or her colleagues.
Related Links
Read the Enterprise Ireland guide to IT security policies and procedures
|
