Companies that read their employees` e-mail or monitor their telephone conversations face fines of up to R2 million if they fail to get employee consent to do so.
Such fines, or an alternative prison term of up to 10 years, can be imposed on anyone who monitors or intercepts any form of electronic communication in SA, in terms of the new Regulation of Interception of Communications and Provision of Communication-related Information Act.
The Act, which became law in late December but is not yet in force, is primarily aimed at allowing law enforcement officials to intercept communication when investigating serious crimes. It had a controversial passage through Parliament and is likely to cause further controversy with a requirement that all cellphone users register their identities and the obligations it places on "encryption key-holders".
In terms of the Act, interception of data or voice communication is allowed only under certain exemptions, one of which is to have the written consent of one of the parties involved in the communication. This, lawyers say, means companies that want to monitor communication must ensure they have bullet-proof policies signed by every employee or face the music.
Even if employees do not go as far as a criminal complaint against Big Brother employers, evidence of misbehaviour gained from illicit interception would not be admissible in court.
"What you need is a phrase in the employment contract which says the employer reserves the right to intercept, monitor, read, filter, block and act upon any electronic communications and stored files of the employee," says lawyer Reinhardt Buys of Buys Inc. "That consent must be given."
Even employers that have valid e-mail or phone usage policies in place have to ensure they have written consent, he says. The previous norm of simply bringing the existence of such a policy to the employee`s notice will no longer pass muster.
John Giles of Harty Rushmere McPherson says: "We advise clients that if they want to monitor employee e-mail or use of the network they must have a policy in place that deals with it and each employee should be required to sign it as part of the contract of employment."
Specialist Internet and labour lawyers have been consistent in such advice for some time but say they have been paid little heed.
Buys says 99% of companies do not even have a policy to regulate electronic communications.
He also warns that companies should consider not only the possibility of a fine or jail time, but the potential damage to their reputation if an employee should go public with a claim of privacy infringement.
Related stories:
Cryptic quandary for encrypters
New law states cellphone users must register
Share