Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

Australia's Commissioner publishes web guidance [2000] PLBIRp 28; (2000) 54 Privacy Laws and Business International Report 14

Australia's Commissioner publishes web guidance

AUSTRALIA'S PRIVACY COMMISSIONER'S Office has published guidelines on how to deal with e-mail, web browsing and privacy at the workplace. The main advice for organisations is to adopt a policy on staff use of computer networks.

The guidelines, published at the end of March, aim to clarify the situation with regard to private use of the Internet and e-mail at the workplace. The Commissioner's office has received many enquiries about these issues, and it was clear that some guidance was needed.

"If people know from the outset what the rules are, then problems should be minimised," the Federal Privacy Commissioner, Malcolm Crompton said. "I strongly urge public and private sector organisations to look at and implement the e-mail use and web browsing guidelines issued by my office."

The Privacy Commissioner recommends that organisations draft and circulate among all staff a policy on email use. The policy should be adopted in consultation with the staff, and should be regularly reviewed. The policy could either be developed as part of the general IT policy, or as a separate document.

E-MAIL POLICY TO INCLUDE VARIOUS ELEMENTS

A link to the e-mail/Internet policy should be visible on employees' computer screens when they log on. The policy should refer to any existing privacy legislation, and clearly set the limits for private e-mail / Internet use. This means explicit guidelines on what are the permitted and forbidden uses, what type of user data is collected and who looks at it. For example, it may be possible to see which websites the employee has visited. Clear rules are required so that employees know whether their computers may be inspected.

Another issue is personal e-mail boxes and receiving personal as well as work-related e-mails. The Australian guidelines recommend that the policy outlines the circumstances in which the IT staff can legitimately access staff e-mails and browsing logs.

The policy should also mention the organisation's computer security policy, and how the organisation intends to monitor or audit staff compliance with the policy. The policy should also outline whether the organisation will be prepared to disclose the contents of logs or e-mails in circumstances other than under a legal obligation.

THE SITUATION FOR AUSTRALIAN ORGANISATIONS

The current Privacy Act of 1988, which applies to Commonwealth and Government agencies, require transparency and openness when processing personal data. The personal information in staff e-mails can be seen to fall under the scope of the law. Private sector organisations are, so far, not regulated. There is the intention, however, to legislate for the private sector (PL&B Feb '99 p. 12-13). It is expected that the legislation will apply to some staff e-mails and may also apply to logs of web browsing.

DEVELOPMENTS ELSEWHERE

Other countries are also looking into privacy issues at the workplace. In Finland, the Data Protection Ombudsman has issued a decision on an enquiry about whether an employer has a right to read employees' e-mail, or whether it is protected in the same way as telephone conversations. The Ombudsman, Reijo Aarnio, stressed that organisations must specify the circumstances in which e-mail can be used for personal purposes. Therefore, employers should find a solution where they do not have to invade employees' privacy by reading their e-mail. Finland's new Telecommunications Act which implements the EU Telecommunications Data Protection Directive also supports this view, as it defines telecommunications as confidential, unless intended to be received publicly.

The Office of the UK Data Protection Commissioner is preparing a Human Resources Code of Practice (PL&B Oct '99 p.9), a draft of which is expected in the autumn and will be discussed at a PL&B consultation meeting on 17th October in London.

The Guidelines on Workplace e-mail, Web browsing and privacy can be found on Australia's Privacy Commissioner's website at http://www.privacy.gov.au.