Employers have right to inspect your tweets

Employees should have no expectations of privacy in the office as communications on company-issued PCs, including social media, can be monitored, say experts.
Written by Vivian Yeo, Contributor

Employees who engage in personal e-mail or social media activities using a company-issued laptop should be prepared that their employers will inspect such communications, various experts have cautioned.

This is despite a recent U.S. court ruling which deemed that one employee had the right to expect some level of privacy from her employer as she had used her personal Web-based e-mail account to consult her attorney.

According to legal specialists, the case is unique and may not mean employers have no right to inspect personal communications on a corporate machine.

Gilbert Leong, partner at Rodyk & Davidson LLP, explained in a phone interview that the thrust of the New Jersey case was on attorney-client privilege, which states that all communication between a client and his lawyer is confidential. What the court had done was to uphold the privilege even though the employee had used company resources to conduct the correspondence.

The law, he noted, generally recognizes that the employer has control over the workplace and the resources given to employees to fulfill their corporate duties. Employees therefore should "have no expectation of privacy in the office".

An employer, he added, "should be able and does have [the] right to inspect" the company equipment as well as the content within, as the systems are owned by the firm.

Clear policies needed
Ken Chia, associate principal at Baker & McKenzie.Wong & Leow, told ZDNet Asia over the phone that it is a "gray area" when it comes to an employer's right to view employees' personal e-mail accounts.

For this reason, his legal firm advises clients to state very clearly in the employee handbook that the company will access and archive its staff's communications, including personal Web-based e-mail and entries on social media tools such as Facebook or Twitter.

"A good company policy should cover all these different types of communication," he said, adding that businesses can also earn some flexibility for themselves by doing so.

Such explicit user access terms, noted Chia, are meant to protect a company against employees revealing the firm's intellectual property via company-issued equipment.

Rodyk & Davidson's Leong added that an acceptable use policy (AUP), besides spelling out to employees that their communications are monitored, also serves to safeguard a company's interest when employees abuse the privilege of using corporate systems. When an employee breaches the AUP, his use of the system is then arguably unauthorized, which is an offense under laws such as Singapore's Misuse of Computer Act, he pointed out.

Andrew Milroy, industry director at Frost & Sullivan's ICT group, also urged companies, particularly those that permit staff to have access to much of the Web, to have specific policies that address usage on different platforms and whether an employee's communications on a corporate system belong to the company.

"Companies should either decide to use a tool to ensure their employees access only sites that they want them to access, or they have very clear policies around the usage of the Web at large. They've really got to do one of these two things," he said in a phone interview.

Such policies, added Milroy, would likely need to be revisited frequently and changed every "couple years" if necessary.

When queried, a Microsoft spokesperson said in an e-mail the software giant has policies around personal use of corporate equipment, blogging and social networking. However, she did not indicate if the organization monitors employees' social media communications on company-issued equipment.

"The company understands that the lines between personal and business continue to blur," noted the spokesperson. "For instance, employees often use family photos during business demos of products. They wouldn't have the photos unless they had them on their computer to use in this business demo setting.

"Generally, Microsoft feels it is fine to send and receive occasional personal [e-mail using company PCs], as is preparing and storing personal data like address lists [and] calendars."

Editorial standards