Employee snooping

Some time ago there was a front page article on the Privacy Commissioner talking about receiving several complaints about Southland employees snooping through company information.

The action was said to be known as ‘employee browsing’ when an employee has access to a company’s database and uses the database to access information they shouldn’t.

Use password protection

What I do not understand is why companies or employers do not do what is sensible and ensure that they password protect information that is considered confidential or private. This means that if there is information that is truly confidential on computer systems people simply cannot access it.

A couple of years ago I worked for a person who was employed by a very large company in the North Island. An allegation was made that she had been ‘employee browsing’ in confidential documents. I pointed out rather forcefully that if a document was confidential then one would expect that it would not be able to be accessed on the system. I do not accept that a document can be asserted to be confidential is it is sitting unprotected and available to be accessed.

I am not saying that employees should be surfing to find information that has nothing to do with them - for example about what other employees are paid - but in my view they should not be able to find that information on the system.

Lack of information protection is a risk to the Employer

In my view if an employer holds information which an employee has the right to consider private (terms and conditions of employment, medical certificates, CV’s etc.) then if another employee is able to and does access that information then there may be a valid personal grievance against the employer for not protecting the information.

What employers need to be careful about however, is raising allegations of serious misconduct against the employee who has searched the supposed confidential information. Again, I am not suggesting that employees should go snooping through their employer’s hard drives/emails and the like.

But the question I ask myself is this. If an employee has access, through his or her office computer, to the employer’s stored information and if he or she can find the confidential information simply by looking (because the employer has not password protected any of the information), who is at fault?