1
Electronically exposed – what your employees should know
January 2017
The digital world is exploding around us. Developments in electronic
communications, social media, applications, internet, games, wearable technology
and the like are happening so fast that workplace rules cannot keep up. Employers
are nevertheless obliged to take reasonable steps to address these issues and
minimise potential liability.
Introduction
Workplaces nowadays depend on computers, electronic communications and digital
information. Most people have smartphones and access to social media. The world
of Big Data has arrived, and it is beginning to affect employers and their decision-
making in ways undreamed of even a few years ago. The advantages and risks of the
digital world are now inextricably linked with HR issues (e.g. harassment,
discrimination, diversity, privacy), operational security and reputational/financial risk
exposure. The issues that can arise are brand new or develop in a context that makes
the past compliance dispensation difficult to apply.
Employees need to be educated about the risks to the employer as well as to
themselves related to the use of electronic devices and computer systems – what
some may regard as obvious, others may be oblivious to. An employer may find itself
legally responsible for the actions of an unwitting employee. A workplace policy in
this regard has become essential to all businesses – no matter how big or small.
What should such a policy contain?
It is simply not possible for employers to anticipate and regulate all potential risk
contingencies or infractions by their employees. Huge corporates might come close
with extensive and detailed policies, but this is not a viable option for all employers.
• Employers could however clearly state the principles of use (in whatever digital
form) that they expect of their employees and align these with existing policies in
other areas. Relevant policies naturally draw from the established principles of
maintaining proper workplace environment and establishing reasonable
restrictions on employee behaviour. Examples include: employee privacy both on
and off site, consent issues relating to workplace security; adherence to anti-
discrimination and harassment law, protection of company trade secrets and
other intellectual property tenets; prevention of defamation, company ethics,
etc.
• Rules around the use of company devices, systems, hardware and software
should be regulated – e.g. physical security of devices, anti-virus measures,
software licenses, passwords, confidentiality, system protocols.
• Internet use – the danger of tracking cookies, using copyright material,
inappropriate browsing and downloads, games, online gambling, etc.
2
• Electronic communications – including emails, texting, voice messages and
similar. Stipulate aspects such as etiquette, confidentiality, electronic signatures,
privacy of recipient lists, distribution of confidential / relevant only email strings.
• Address social networking, whether business-related or private; and using either
company equipment or private devices. Once something is in cyber space, it
stays in cyber space – screen-grabs and re-posting can see to that. Even private
and off-duty posts or messages can reflect on the employer or have an impact on
working relations between employees, in which case the employer can take
steps against the employee to protect its interests. This should be brought to the
attention of employees.
• Address the use of private devices (including wearable technology) while
employees are at work – this could impact on productivity; employees could
photograph confidential company information or make covert recordings. The
employee’s right to privacy is not absolute and can be limited when balanced
with the employer’s right to protect its interests. (See for example NUMSA and
Another v Rafee N.O. and Others (JR1022/12) [2016] ZALCJHB 512)
• The employer’s level of tolerance for private use of company equipment and
systems.
• Interception and monitoring of employee’s communications and use of company
equipment and systems.
• Enforcement measures and consequences of breach of the policy.
Bottom line—what does an employer need to do?
Employers cannot play ostrich to the dangers of the digital world to their business,
and potential abuse by employees. Consequences of doing so include loss of
confidential information; damage to reputation; or liability for content that is
defamatory, threatening or otherwise unlawful.
If your company has not developed a policy for use of electronic systems, devices
and social media by your employees, do it now. A properly drafted and enforced
policy is an employer’s most effective tool in protecting its interests and guiding
employees on acceptable and unacceptable online behaviour.
© Judith Griessel
www.griesselconsulting.co.za
judith@griesselconsulting.co.za
