1 Electronically exposed – what your employees should know January 2017 The digital world is exploding around us. Developments in electronic communications, social media, applications, internet, games, wearable technology and the like are happening so fast that workplace rules cannot keep up. Employers are nevertheless obliged to take reasonable steps to address these issues and minimise potential liability. Introduction Workplaces nowadays depend on computers, electronic communications and digital information. Most people have smartphones and access to social media. The world of Big Data has arrived, and it is beginning to affect employers and their decision-making in ways undreamed of even a few years ago. The advantages and risks of the digital world are now inextricably linked with HR issues (e.g. harassment, discrimination, diversity, privacy), operational security and reputational/financial risk exposure. The issues that can arise are brand new or develop in a context that makes the past compliance dispensation difficult to apply. Employees need to be educated about the risks to the employer as well as to themselves related to the use of electronic devices and computer systems – what some may regard as obvious, others may be oblivious to. An employer may find itself legally responsible for the actions of an unwitting employee. A workplace policy in this regard has become essential to all businesses – no matter how big or small. What should such a policy contain? It is simply not possible for employers to anticipate and regulate all potential risk contingencies or infractions by their employees. Huge corporates might come close with extensive and detailed policies, but this is not a viable option for all employers. • Employers could however clearly state the principles of use (in whatever digital form) that they expect of their employees and align these with existing policies in other areas. Relevant policies naturally draw from the established principles of maintaining proper workplace environment and establishing reasonable restrictions on employee behaviour. Examples include: employee privacy both on and off site, consent issues relating to workplace security; adherence to anti-discrimination and harassment law, protection of company trade secrets and other intellectual property tenets; prevention of defamation, company ethics, etc. • Rules around the use of company devices, systems, hardware and software should be regulated – e.g. physical security of devices, anti-virus measures, software licenses, passwords, confidentiality, system protocols. • Internet use – the danger of tracking cookies, using copyright material, inappropriate browsing and downloads, games, online gambling, etc.
2 • Electronic communications – including emails, texting, voice messages and similar. Stipulate aspects such as etiquette, confidentiality, electronic signatures, privacy of recipient lists, distribution of confidential / relevant only email strings. • Address social networking, whether business-related or private; and using either company equipment or private devices. Once something is in cyber space, it stays in cyber space – screen-grabs and re-posting can see to that. Even private and off-duty posts or messages can reflect on the employer or have an impact on working relations between employees, in which case the employer can take steps against the employee to protect its interests. This should be brought to the attention of employees. • Address the use of private devices (including wearable technology) while employees are at work – this could impact on productivity; employees could photograph confidential company information or make covert recordings. The employee’s right to privacy is not absolute and can be limited when balanced with the employer’s right to protect its interests. (See for example NUMSA and Another v Rafee N.O. and Others (JR1022/12) [2016] ZALCJHB 512) • The employer’s level of tolerance for private use of company equipment and systems. • Interception and monitoring of employee’s communications and use of company equipment and systems. • Enforcement measures and consequences of breach of the policy. Bottom line—what does an employer need to do? Employers cannot play ostrich to the dangers of the digital world to their business, and potential abuse by employees. Consequences of doing so include loss of confidential information; damage to reputation; or liability for content that is defamatory, threatening or otherwise unlawful. If your company has not developed a policy for use of electronic systems, devices and social media by your employees, do it now. A properly drafted and enforced policy is an employer’s most effective tool in protecting its interests and guiding employees on acceptable and unacceptable online behaviour. © Judith Griessel www.griesselconsulting.co.za judith@griesselconsulting.co.za