28 Jun Privacy Law in New South Wales
The law surrounding employers accessing employee emails and data is difficult to navigate at times. Legislation at the State and Federal levels address the protection of the interests of rights and privacy for employees.
New South Wales Privacy Law
The Workplace Surveillance Act 2005 (NSW) (NSW Act) provides that an employer must not access or retain employee emails. Section 10 of the NSW Act allows an employer to conduct surveillance if the employer gives the employee written notice that they are implementing computer surveillance 14 days prior to the surveillance commencing, or an employee agrees to lesser notice. The notice is required to state:
a. the kind of surveillance that will be commencing;
b. how the surveillance will be carried out;
c. when the surveillance will start;
d. whether the surveillance will be continuous or intermittent; and
e. whether the surveillance will be for a limited period or ongoing.
Additionally, an employer can only monitor emails or computers if the monitoring is in accordance with company policy for computer surveillance “at work”, and the employee is notified in advance of this policy and it is reasonable to assume the employee is aware and understands the policy. The definition of “at work” is given a broad scope under section 5 of the NSW Act. It is defined as the workplace of the employer, whether or not it is during work hours, and any other place where the employee is performing work for the employer.
In the case of Saar Markovitch v Krav Maga Defence Institute Pty Ltd T/A KMDI  FWC 6114, the Fair Work Commission found that a failure of an employer to give an employee the required notice under the NSW Act meant that an otherwise standard dismissal for serious misconduct turned into a case of unfair dismissal. This case is currently on appeal.
Commonwealth Privacy Law
The Australian Privacy Principles under Schedule 1, of the Privacy Act 1988 (Cth) (the “Privacy Act”) s 3.2, provides that an organisation “must not collect personal information…unless the information is reasonably necessary for one or more of the entity’s functions or activities.”
Section 7B states there is an exemption for organisations where monitoring is directly related to: the current or former employment relationship between the employer and employee; or an employee record held by the organisation relating to the individual.
An employee record is defined by the Privacy Act as a record of personal information related to the employment. While this could exclude the monitoring and retention of employee emails that are not strictly about personal information related to employment, the courts have not interpreted the section this way. For example, under similar provisions in the former National Privacy Principles, Riley J found in Austin v Honeywell Ltd  FCCA 662 that the Privacy Act does not afford workplace rights of privacy to an employee. So, the Privacy Act offers little, if any, restriction to an employer monitoring and accessing employee emails at a Commonwealth level.
Employers may be free to monitor emails sent and received by employees in the workplace, as long as these employees have been notified of this surveillance. However, caution must be taken with sensitive information.
Written by Angus Macpherson.
GENERAL AND CONTACT INFORMATION
The article, the content and references made are intended to keep an audience updated with information. It is not intended that the article or part of it should be relied upon as advice. Information provided may not apply to in all circumstances or in particular situations. If you do want particular advice or you have any questions, we welcome you to contact us on (02) 9004 7404 or at firstname.lastname@example.org