Labour law expert Judith Griessel says employees must be educated about the risks related to the use of electronic devices and computer systems.
The digital world around us has exploded. Developments in electronic communications, social media, applications, internet, games, wearable technology and the like are happening so fast that workplace rules cannot keep up. Employers are nevertheless obliged to take reasonable steps to address these issues and minimise potential liability.
Workplaces nowadays depend on computers, electronic communications and digital information. Most people have smartphones and access to social media. The world of big data has arrived, and it is beginning to affect employers and their decision-making in ways unthought of even a few years ago. The advantages and risks of the digital world are now inextricably linked with HR issues (e.g. harassment, discrimination, diversity, privacy), operational security and reputational/financial risk exposure. The issues that can arise are brand new or develop in a context that makes the past compliance dispensation difficult to apply.
Employees need to be educated about the risks to the employer as well as to themselves related to the use of electronic devices and computer systems – what some may regard as obvious, others may be oblivious to. An employer may find itself legally responsible for the actions of an unwitting employee. A workplace policy in this regard has become essential to all businesses – no matter how big or small.
What should such a policy contain?
It is simply not possible for employers to anticipate and regulate all potential risk contingencies or infractions by their employees. Huge corporates might come close with extensive and detailed policies, but this is not a viable option for all employers. Here are seven things should be covered in any policy.
1 State principles of use (in whatever digital form) that they expect of their employees and align these with existing policies in other areas. Relevant policies naturally draw from the established principles of maintaining a proper work environment and establishing reasonable restrictions on employee behaviour. Examples include employee privacy both on and off-site, consent issues relating to workplace security; adherence to anti-discrimination and harassment law, protection of company trade secrets and other intellectual property tenets; prevention of defamation, company ethics, etc.
2 Rules around the use of company devices, systems, hardware and software should be regulated – e.g. physical security of devices, anti-virus measures, software licenses, passwords, confidentiality, system protocols.
3 Internet use – the danger of tracking cookies, using copyright material, inappropriate browsing and downloads, games, online gambling, etc.
4 Electronic communications – including emails, texting, voice messages and similar. Stipulate aspects such as etiquette, confidentiality, electronic signatures, the privacy of recipient lists, distribution of confidential/relevant only email strings.
5 Address social networking – whether business-related or private; and using either company equipment or private devices. Once something is in cyberspace, it stays in cyberspace; screen-grabs and re-posting can see to that. Even private and off-duty posts or messages can reflect on the employer or have an impact on working relations between employees, in which case the employer can take steps against the employee to protect its interests. This should be brought to the attention of employees.
6 Address the use of private devices (including wearable technology) while employees are at work – this could impact on productivity; employees could photograph confidential company information or make covert recordings. The employee’s right to privacy is not absolute and can be limited when balanced with the employer’s right to protect its interests. (See for example NUMSA and Another v Rafee N.O. and Others (JR1022/12) [2016] ZALCJHB 512)
- The employer’s level of tolerance for private use of company equipment and systems.
- Interception and monitoring of employee’s communications and use of company equipment and systems.
- Enforcement measures and consequences of a breach of the policy.
The bottom line is that employers cannot play ostrich to the dangers of the digital world to their business, and potential abuse by employees. Consequences of doing so include loss of confidential information; damage to reputation; or liability for content that is defamatory, threatening or otherwise unlawful.
If your company has not developed a policy for use of electronic systems, devices and social media by your employees, do it now – or contact us for assistance. A properly drafted and enforced policy is an employer’s most effective tool in protecting its interests and guiding employees on acceptable and unacceptable online behaviour.
Judith Griessel is a labour law consultant and director at Griessel Consulting