Non-consential employee email monitoring: Need legal advice

Devo-sa

Well-Known Member
Joined
May 30, 2008
Messages
260
Hi people

A friend of mine working for a big corporate in SA has been experiencing sexism, racism and all kinds of terrorise tactics from her managers for months now. She a senior manager and has blown the whistle at some corrupt dealings before, which should paint the whole picture.

The new discovery made was that someone was secretly monitoring her work email, which I'm unfortunately not clued up about. Are there any IT guys out there, and also just legals and gurus who can shed some light on the legal aspect on this, please? Are they allowed to do that? Is consent needed? Is it circumstantial etc etc..?

Thanks in advance people
 

HeftyCrab

Expert Member
Joined
Mar 26, 2009
Messages
2,274
If its on the company network on company hardware they have the right IMHO.
 

CamiKaze

Honorary Master
Joined
May 19, 2010
Messages
13,741
They can monitor her emails as Outlook is registered to the company.
 

MickeyD

RIP
Joined
Oct 4, 2010
Messages
139,117
If she is using company equipment and telecommunication channels then the company can monitor her emails. Normally companies will tell you that they reserve the right to do so. Will have to check her employment contract and any other company policies that she agreed to...
 

Moosedrool

Executive Member
Joined
May 24, 2012
Messages
5,464
A disclaimer at logon.

That text no one reads when you log onto a domain object... Yeah that normally says the owner of that device (company) has full access and legal right to view or monitor anything that happens on it.
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
31,500
working for a big corporate in SA
Unless HR at the company is totally retarded they'll have included clauses to allow monitoring in her contracts.

In general employees should expect to have everything monitored. Its just the way things work these days...

Big corporate tend to overkill the hell out of the monitoring policy (for legal purposes) and then apply exactly zero of it. e.g. The one I fall under is absolutely wild...everything up to and including GPS tracking of my location is covered. Which I'm OK with, firstly because its not enforced and second because my time & device use during office hours is for business - fair enough in my eyes. (I've literally never posted on mybb from work or logged into FB despite FB being officially approved during work hours).

This is also why I'm very wary of the whole BYOD movement...fk that I want clear separation between whats mine and whats theirs.

As for OP - this sounds like a bad match between employee & employer. She can fight this but personally I'd suggest she quietly make arrangements to find an employer more committed to ethical business. They're applying a legitimate mechanism (monitoring employees) in an unfair way (suppressing whistleblowers)...I'd run like hell.

They can monitor her emails as Outlook is registered to the company.
What does the registration of the email application have to do with anything?
 

desiganp

Senior Member
Joined
Dec 17, 2006
Messages
656
The answer to this lies in the RICA legislation (Regulation of Interception of Communication .....Act).

My understanding is that the interception of email is legal if the employee provides consent or if there is a bona fide (genuine) business reason to intercept the mail. That said, only the "system controller" (usually the CEO) or someone duly authorised by the system controller may intercept the email. Large corporates usually require approval from the HR Vice President or similar role before an employees account may be accessed.

Refer to section 6 of RICA for full list of requirements for legality of the interception.
 

Solarion

Honorary Master
Joined
Nov 14, 2012
Messages
18,750
Wait until you have an employer who has a camera in your office, a finger printer reader to get in and out of your office, and ninja Teamviewer's onto your machine at random while you are working and will sometimes keep it open for ages while you are trying to work. Try that one :erm:
 

skimread

Executive Member
Joined
Oct 18, 2010
Messages
9,090
What does it matter they monitor her. Is she sending non work e-mails during work time. First smart phones and cheap mobile data these days it makes no sense to use company's infrastructure for personal stuff. Hell you could even do a Hillary and send all your work email from your own mobile router .
 

Rocket-Boy

Executive Member
Joined
Jul 31, 2007
Messages
7,921
Wait until you have an employer who has a camera in your office, a finger printer reader to get in and out of your office, and ninja Teamviewer's onto your machine at random while you are working and will sometimes keep it open for ages while you are trying to work. Try that one :erm:
I wouldnt try it, I would leave.
 

CamiKaze

Honorary Master
Joined
May 19, 2010
Messages
13,741
What does the registration of the email application have to do with anything?
It means that the email application actually belongs to the company and the company can choose to snoop through her emails if they want.

If she used her personal email address then this would not be an issue.

Am I missing something?
 

Spliffcat

Expert Member
Joined
Jun 4, 2013
Messages
4,965
Mmmmmm.
Own communication device.
Company communication device.
Pssssst. Make your own decisions.
 

Moosedrool

Executive Member
Joined
May 24, 2012
Messages
5,464
There are laws prohibiting interception of communications except in specific circumstances (regardless of who owns the infrastructure).
That's why the disclaimer exists. The only law for company devices is that the user should be made aware that the orginasation have the right to do so.

It streatches even further. A company doing that has the freedom to intercept even private e-mails if it is used via their infastructure.

Our team rolled out the modified GPO for that specific legal notice in one of SA's leading banks.
 

MagicDude4Eva

Banned
Joined
Apr 2, 2008
Messages
6,479
Although a company is allowed to monitor staff when using company resources, if there is corruption involved, your friend will be able to get support via the "Whistleblowers Act" (it's also referred to as the Protected Disclosures Act). In most cases with big companies, SOX. I think there are also some clauses within the companies act.

I would not follow the whole "you have been monitoring"-part, but would rather raise the issue (in writing) with the compliance/risk-team and executives that staff within the company mistreat her due to her whistlelowing.
 

Celine

Executive Member
Joined
Aug 25, 2008
Messages
5,702
this is simple. company gives you computer to do company stuff during company hours - belongs to company whatever you do on that computer belongs to company. you ONLY do company stuff on that computer don't be stupid. use your personal and private home owned computer for personal use.
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
31,500
Am I missing something?
Yes. Ownership of the software has nothing to do with legal right to monitor. Its a bit like saying the company is entitled to track your location because you're walking in company issued safety boots.

Ownership of device and use of company email account is more likely to stick legally. Though even there I doubt they'd be entitled to monitor without some legal agreement (employment contract etc) backing it.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
35,865
Is nobody going to ask how the monitoring of email is relevant to the underlying whistleblower problem?

Everyone is going on about using your own personal hardware for personal stuff, but OP hasn't implied anything of a personal nature even happened.

Purely asked if they are allowed to monitor. To which the answer is yes.

Could all be corporate email related to the whistleblowing factor.
 

creeper

Executive Member
Joined
Nov 18, 2010
Messages
5,035
Is nobody going to ask how the monitoring of email is relevant to the underlying whistleblower problem?

Everyone is going on about using your own personal hardware for personal stuff, but OP hasn't implied anything of a personal nature even happened.

Purely asked if they are allowed to monitor. To which the answer is yes.

Could all be corporate email related to the whistleblowing factor.
The OP is a bit vague, but if the emails are monitored with the intent to detect if the person is a whistleblower, or attempt to discredit the person due to the whistleblowing and cover up corruption, then there is a potential liability in the company. Generally, monitoring of emails are done in companies for the purpose for reputational risk, det citing of fraud and/or abuse of corporate resources for personal use.
 
Top