Opnion: Privacy is not guaranteed in employment law

Robbie Bryant. PHOTO: ODT FILES
Robbie Bryant. PHOTO: ODT FILES
Access to private accounts and personal devices are off-limits — right?

It is not uncommon to hear people say that personal accounts (like LinkedIn, personal emails and cloud-based storage accounts) and devices are so inherently private that the viewing or inspection of them by a third party is never justifiable.

It makes sense. There’s a strong argument for a clear delineation between work and private life and a person’s private life should be jealously guarded.

The Employment Relations Authority (Authority) is the first port of call for the resolution of employment relationships problems in New Zealand.

It was established by statute and has exclusive jurisdiction to determine employment relationship problems.

It is a busy tribunal, with just under 670 determinations issued in 2022 (stats for 2023 have yet to be published).

The Authority has very broad powers, which include ‘[following] whatever procedure [it] considers appropriate’.

A party cannot challenge (or appeal) to the Employment Court an Authority’s decision regarding the process it intends to adopt, is adopting, or has adopted.

When investigating a matter, the Authority can call for evidence and information from any party.

Relevantly, the Authority can issue witness summonses, whether of its own volition or on the application of a party.

Those witness summonses can require a person to provide certain information and the delivery of specified items — like all information to enable access to personal accounts, and relevant personal devices for inspection. When, however, could this be relevant?

Perhaps it is discovered during or post-employment that an employee may have disregarded their express or implied contractual obligations — for example they’ve actively attempted to poach the employer’s clients when the agreement says they can’t.

Or perhaps they’ve nefariously downloaded commercially sensitive information to their personal devices.

Or, maybe they’ve been forwarding emails containing confidential information from their work emails to their personal emails, or saved this kind of information on to personal devices, or to a personal cloud-based storage application. Depending on the scope and nature of the activity, these behaviours could be of considerable concern to an employer.

If the above circumstances were to arise, and the employer made an application alleging breach of contract, an application for a summons could be made, requiring the employee to produce relevant devices, and all information necessary to access personal accounts.

This would likely be justified on the basis that such information is pertinent to the Authority’s investigation into allegations of a breach of contract.

Personal emails could be trawled through to see whether there is evidence of breach and the scope of such.

Devices can be searched for the same reason.

Diagnostic tests can be run to see whether other devices were connected and had files moved to them.

There’s no doubt that information of this kind would inform the Authority’s findings as to whether there has been a breach or breaches of contract and what kind of remedies would be appropriate.

Of course, not all circumstances will require such a dramatic step, and there will be several steps taken ahead of an application of this nature.

That said, access to private accounts and devices are not off limits.

If there is a reasonable argument they contain information relevant to the Authority making a decision, then they are absolutely on the table.

— Robbie Bryant, Todd & Walker Lawyers Senior Associate