Can I monitor employee use of work computers and accounts?
First of all, you should only collect the information which is necessary for your agency to carry out its legitimate functions. You’re not allowed to collect information just because you can – you need to be able to justify why you need to collect the information in order for your agency to function.
You should also be open with your employees about what information you are collecting and what you will be using the information for – in other words, what you plan to do with the information.
While agencies generally have a proper basis to monitor how their employees are using their computers or other devices (including their emails and internet usage), you need to make it very clear exactly what they are allowed to use work equipment for and the extent to which this may be monitored.
You also need to make sure that your collection isn’t unlawful, unfair or unreasonably intrusive. For example, we are often asked if an employer can ask an employee for their social media passwords. As discussed here(external link), this could be considered unfair and unreasonably intrusive. Exactly what is unfair and unreasonably intrusive will depend on the circumstance, but, for example, would include things like misleading staff about what the information will be used for, or by unnecessarily collecting sensitive information. Covert collection is unfair unless you have a particularly strong reason for not telling people what you are doing.
You should also keep in mind that, once you collect information by recording staff, a range of other obligations under the Privacy Act will apply (including obligations about security, accuracy, retention, use and disclosure, and in terms of providing staff with their rights to access and request correction of the information).
Reviewed November 2020