SF new column announcement: E-mail privacy in the workplace

["Craig Wright" <cwright () bdosyd com au>]

Hi,
I am not stating illegality. There is no mention of contracting criminal acts as criminal acts cannot be contracted.

As an example, in NSW you can state the level of monitoring. NSW does not stop an employer from monitoring an employee; 
rather it limits what may be done without consent. Consent may be included as a term in the contract. Thus, the 
contract can allow the employer to monitor all emails of the employees.

To take the NSW "Workplace Surveillance Bill 2005", Part 2 Notification of workplace surveillance of
Employees; covers this. It states;
"Surveillance of an employee must not commence without prior notice in writing to the employee." It also includes that 
"Notice by email constitutes notice in writing for the purposes of this section."

Now it is true that there is never to be camera monitoring of rest rooms - but this is hardly an issue with email for 
instance.

As for the contractual agreement, part 2-14 states;

"Exemption for certain surveillance by agreement
Surveillance of an employee is taken to comply with the requirements of this Part if the employee (or a body 
representing a substantial number of employees at the workplace) has agreed to the carrying out of surveillance at the 
premises or place where the surveillance is taking place for a purpose other than surveillance of employees and the 
surveillance is carried out in accordance with that agreement."

This means that it is expressly accepted that an employer may contract for surveillance. The terms are thus valid if 
they state that the employer may monitor any and all Internet traffic as defined in the companies policy.

Section 17 states that the employer has to provide a policy and ensure that the employee has been made aware of it. 
This may be completed in a contract. The Parole evidence rule means that if the employee agrees to the contract that 
they cannot adduce additional evidence from non-written sources - e.g. verbal - to dispute the written contract.

So the issue is not one of covert surveillance, as anything in the contract is thus by definition not covert.

As for the EU, The European privacy Directive states that legitimate processing may include any and all monitoring when:
"It is necessary for the performance of a contract with the data subject, or for steps requested by the data subject 
prior to a contract"

Thus the rights of the employee may be contracted. This needs to be explicitly included and this means that the 
monitoring is not covert but covered in a formal and open company policy, but it does allow the inclusion of terms that 
allow the monitoring of employee internet traffic and emails.

Regards,
Craig

________________________________________
From: Andrew van der Stock [mailto:vanderaj () greebo net]
Sent: Wednesday, 2 August 2006 3:55 PM
To: Craig Wright
Cc: Webappsec Mail List
Subject: Re: SF new column announcement: E-mail privacy in the workplace

Actually, you cannot contract illegal terms. In some countries, and some states, it's illegal to abridge privacy laws. 
NSW is one of those places. In the same way you cannot contract murder, you cannot contract away such items. Lawyers 
will try, but this is the usual reason they include a "if any clause is struck down, the rest still apply" in every 
contract I've read so far. 

This has saved many illegal contracts which ask unreasonable terms. For example, in Australia, it's illegal to ask 
people to work unreasonable hours, but this is exactly what most "management" contracts require in no uncertain terms - 
and you're expected to have basically no personal life. 

So a judge has now ruled on what "reasonable" means. It's illegal to include non-competes in Australia, as it's illegal 
under the Trade Practices Act as a restraint of trade. I've seen so many contracts stating that you may not work for 
anyone else for a period of time with no recompense other than the pleasure of working for this company. I'd be happy 
with that term if I was paid to sit on my backside for that period, but that is usually not the case. As this is so 
unequal, this has been ruled on several times already, usually in contract law terms with particular reference to the 
fact that most of us are not in a position to extensively negotiate with the 800 lb gorilla who may be our next 
employer. 

In many jurisdictions (EU and NSW), there is an absolute right to privacy for employees. In others, often there is no 
case law and no laws. In these jurisdictions, I'd do what I did a while back - I have an absolute separation between my 
work and my work life. My work laptop has no personal e-mail on it, and has nothing on it which is not work related. 
It's a shame I have to do that - it certainly makes less use of me than I am capable of giving in both spheres, but I 
can't trust to the lack of laws today to protect me.

thanks,
Andrew

On 01/08/2006, at 5:24 PM, Craig Wright wrote:

Terms may be expressly agreed into a contract. ANY contract. The of a
GOOD contract will include terms state the choice of terms , choice of
venue and the subject matter jurisdiction etc.

The contract can state the place and time of any action. 


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------