It would be best to have an email monitoring policy regarding employees’ private and business use of emails contained in employment contracts. However, how extensive, and intrusive should the policy be?
Our Constitution respects a person’s right to privacy. The Protection of Personal Information Act, 2013 (“POPIA”) further entrenches personal data protection rights.
An employer is entitled to expect that employees will not use their emails to violate company policies, use inappropriate language, break confidentiality, or run their own business on company time.
Employment contracts usually contain clauses dealing with the monitoring and interception of emails. These clauses typically provide that employees should not expect privacy when sending, receiving, downloading, uploading, printing or otherwise transmitting emails. And that employees must use emails for bona fide business purposes only.
In terms of POPIA, an employer who processes a employees’ personal information must:
- Do so reasonably and without negatively impacting their rights as data subjects.
- Do so with the data subject’s informed, express, and voluntary consent.
- Explain the purpose of such monitoring interception, to enable the employees to perform their duties and assist the employer in meeting its legal, business, administrative and management obligations.
Ask your lawyer to help you formulate a formal workplace policy governing employees’ use of their computers and other devices or carefully review and update any policy that is already in place.