On eight days in late May and mid June 2009, a senior Commonwealth public servant, John Griffiths, viewed pornography on weekends or late in the evening. He did so from home, using his own internet connection. There was no suggestion that anyone else ever saw the material in question, or that the material was unlawful. He deleted his browser history so that, he said, the material might not accidentally re-appear during a Powerpoint presentation at work.Last week, however, the Federal Court of Australia (Griffiths v Rose [2011] FCA 30) found that the termination of Mr Griffiths' employment, as a sanction for his viewing of that pornography at home, was defensible.
Of course, other factors were at play.
The key to the Court's determination was that Mr Griffiths had viewed pornography on a work laptop in circumstances where the IT policy of the Department of Energy, Resources and Tourism clearly prohibited the viewing of pornography on its IT facilities, and made it clear that the use of those IT facilities would be monitored. This was unfortunately inescapable for Mr Griffiths: he had previously signed a document acknowledging that he had read and understood the policy. The Court observed that there was an 'element of irony' in relation to the circumstances, given that Mr Griffiths was a member of the Department's IT sub-committee.
When confronted by his employer regarding his conduct, Mr Griffiths claimed that his viewing of the material in question was accidental, and then sought to create what the Court said was an 'elaborate, but ultimately unbelievable, explanation for his actions based around notions of research and inquiry'. As a result, the Department formed an 'adverse view' about Mr Griffiths' integrity. It appears the Department considered that this compounded Mr Griffiths' initial error of judgement.
Substantially because of his response to the investigation, the Department determined to terminate Mr Griffiths' employment for what was held to be a breach of the Australian Public Service Code of Conduct (notwithstanding that Mr Griffiths had had a 25 year career in the APS).
Privacy
Unfortunately for Mr Griffiths, a surreptitious desktop logging system called Spector360, installed on his computer without his knowledge by his employer, had covertly recorded particular keywords and precise snapshots of his computer's desktop every 30 seconds. It recorded Mr Griffiths' pornography usage, which was detected after he typed a flagged keyword, 'knockers', into a search engine.
The Court also found that this monitoring by the Department did not breach Mr Griffiths' privacy, an explicit warning of monitoring having been given.
Mr Griffiths had sought to argue that the direction given to him by his employer not to view pornography (being the IT policy) in the circumstances in which that viewing occurred, was not lawful and reasonable (as it had to be). Relevantly, Mr Griffiths argued this on the basis that his privacy had been infringed contrary to Principle 1 of the Information Privacy Principles in the Privacy Act 1988 (Cth). Mr Griffiths also claimed that the direction was not reasonable because the Department had no legitimate interest in what he did with his own internet connection in his own time.
Principle 1 of the IPPs provides that:
1. Personal information shall not be collected … unless:
(a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
(b) the collection of the information is necessary for or directly related to that purpose.
2. Personal information shall not be collected … by unlawful or unfair means. [emphasis added]Mr Griffiths claimed that 'spying' on his private internet use in his own time, using his own internet connection, was not the collection of information for a purpose that was directly related to a function or activity of the Department. He also argued that the manner of its collection was unfair.
The Department argued that the information gathered was obtained and used for the purpose of monitoring compliance with the Code of Conduct. The Department also said that it had a legitimate interest in ensuring that its equipment did not come into contact with pornography, that being the risk that the material might accidentally reappear or be displayed in the workplace. These submissions were readily accepted by the Court.
Hearing the matter, Justice Perram found that, given that the Department's policies expressly provided for the monitoring of IT facilities, the use of Spector360 was not unfair. His Honour noted that it may have been unfair had the program collected personal banking information or credit card details during periods of personal use (which, he said, may very well involve a breach of privacy), but that what it did collect from Mr Griffith:
… was the very thing it was intended to collect, namely, evidence of breaches of the Code of Conduct. It was also the very thing the Department had warned Mr Griffiths that it was going to monitor his use to detect.The Court held that it is not unfair to warn a person that their computer use will be monitored in order to detect any accessing of pornography, and then to do so. Therefore, the use of Spector360, in the circumstances it was used in relation to Mr Griffiths, did not infringe the Privacy Act.
Mr Griffiths also contended the circumstances infringed a general law right to privacy he held. However, his Honour said:
It is not necessary in [these] circumstances to determine whether the general law right asserted exists. Because of the explicit warning that monitoring would occur, this case does not provide an appropriate vehicle to explore how the action in equity to prevent misuse of confidential information extends to the personal affairs and private life of a plaintiff.If nothing else, this case is a timely reminder for employers to ensure that they have clear and comprehensive policies regarding technology usage and how such usage might be monitored, and to ensure that employees understand them. This is especially so in today's business world, where access to companies' IT facilities is often remote, out-of-hours and via laptops, smart phones and other mobile devices.
Partner: Michael Tehan
0 comments:
Post a Comment