WebApp Sec mailing list archives
SF new column announcement: E-mail privacy in the workplace
From: "Craig Wright" <cwright () bdosyd com au>
Date: Tue, 8 Aug 2006 08:43:53 +1000
Hi, I am not stating illegality. There is no mention of contracting criminal acts as criminal acts cannot be contracted. As an example, in NSW you can state the level of monitoring. NSW does not stop an employer from monitoring an employee; rather it limits what may be done without consent. Consent may be included as a term in the contract. Thus, the contract can allow the employer to monitor all emails of the employees. To take the NSW "Workplace Surveillance Bill 2005", Part 2 Notification of workplace surveillance of Employees; covers this. It states; "Surveillance of an employee must not commence without prior notice in writing to the employee." It also includes that "Notice by email constitutes notice in writing for the purposes of this section." Now it is true that there is never to be camera monitoring of rest rooms - but this is hardly an issue with email for instance. As for the contractual agreement, part 2-14 states; "Exemption for certain surveillance by agreement Surveillance of an employee is taken to comply with the requirements of this Part if the employee (or a body representing a substantial number of employees at the workplace) has agreed to the carrying out of surveillance at the premises or place where the surveillance is taking place for a purpose other than surveillance of employees and the surveillance is carried out in accordance with that agreement." This means that it is expressly accepted that an employer may contract for surveillance. The terms are thus valid if they state that the employer may monitor any and all Internet traffic as defined in the companies policy. Section 17 states that the employer has to provide a policy and ensure that the employee has been made aware of it. This may be completed in a contract. The Parole evidence rule means that if the employee agrees to the contract that they cannot adduce additional evidence from non-written sources - e.g. verbal - to dispute the written contract. So the issue is not one of covert surveillance, as anything in the contract is thus by definition not covert. As for the EU, The European privacy Directive states that legitimate processing may include any and all monitoring when: "It is necessary for the performance of a contract with the data subject, or for steps requested by the data subject prior to a contract" Thus the rights of the employee may be contracted. This needs to be explicitly included and this means that the monitoring is not covert but covered in a formal and open company policy, but it does allow the inclusion of terms that allow the monitoring of employee internet traffic and emails. Regards, Craig ________________________________________ From: Andrew van der Stock [mailto:vanderaj () greebo net] Sent: Wednesday, 2 August 2006 3:55 PM To: Craig Wright Cc: Webappsec Mail List Subject: Re: SF new column announcement: E-mail privacy in the workplace Actually, you cannot contract illegal terms. In some countries, and some states, it's illegal to abridge privacy laws. NSW is one of those places. In the same way you cannot contract murder, you cannot contract away such items. Lawyers will try, but this is the usual reason they include a "if any clause is struck down, the rest still apply" in every contract I've read so far. This has saved many illegal contracts which ask unreasonable terms. For example, in Australia, it's illegal to ask people to work unreasonable hours, but this is exactly what most "management" contracts require in no uncertain terms - and you're expected to have basically no personal life. So a judge has now ruled on what "reasonable" means. It's illegal to include non-competes in Australia, as it's illegal under the Trade Practices Act as a restraint of trade. I've seen so many contracts stating that you may not work for anyone else for a period of time with no recompense other than the pleasure of working for this company. I'd be happy with that term if I was paid to sit on my backside for that period, but that is usually not the case. As this is so unequal, this has been ruled on several times already, usually in contract law terms with particular reference to the fact that most of us are not in a position to extensively negotiate with the 800 lb gorilla who may be our next employer. In many jurisdictions (EU and NSW), there is an absolute right to privacy for employees. In others, often there is no case law and no laws. In these jurisdictions, I'd do what I did a while back - I have an absolute separation between my work and my work life. My work laptop has no personal e-mail on it, and has nothing on it which is not work related. It's a shame I have to do that - it certainly makes less use of me than I am capable of giving in both spheres, but I can't trust to the lack of laws today to protect me. thanks, Andrew On 01/08/2006, at 5:24 PM, Craig Wright wrote: Terms may be expressly agreed into a contract. ANY contract. The of a GOOD contract will include terms state the choice of terms , choice of venue and the subject matter jurisdiction etc. The contract can state the place and time of any action. Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB --------------------------------------------------------------------------
Current thread:
- Fwd: SF new column announcement: E-mail privacy in the workplace Andrew van der Stock (Aug 01)
- <Possible follow-ups>
- RE: SF new column announcement: E-mail privacy in the workplace Craig Wright (Aug 01)
- SF new column announcement: E-mail privacy in the workplace Craig Wright (Aug 07)