Background

Management is under an obligation to provide a safe working environment. Employees are not to be harassed on the basis of sexual, racial, or other disturbing conduct. McCullagh has noted that management is responsible for the use of the corporation s assets and that this extends to information security (Krebs, 2002; McCullagh, 2002). He has further noted that employers may be held liable for the actions of their employees in hacking or attacking another computer if they use the corporation s network (Gamertsfelder, McMillan, Handelsmann & Hourigan, 2002). Consequently, employers have an interest in monitoring the activities of their employees so as to remove the likelihood of harm both to the business, other employees, and third parties. Appropriate safeguards need to be put in place. Brien and Brien in Netlaw (forthcoming 2004) provide a general discussion of privacy, including its origins and relevant legislation within the context of controlling behaviour across the Internet.

George Orwell in his book 1984 considered a society where technology would increase the ability of government to monitor the activities of its citizens (Orwell, 1949). He used the expression BIG BROTHER IS WATCHING YOU to convey the message that technology would lead to tyranny . Business has embraced Internet technologies, and many employees must use the Internet to carry out their activities. The actions of employees using Internet technologies can be quickly and easily monitored . The High Court of Australia in Victoria Park Racing Co v. Taylor (1937) declared that no general right of privacy exists, though some protection is provided by legislation ( Australian Broadcasting Corporation v. Lenah Game Meats Pty Ltd [2001]). The Commonwealth Privacy Act 1988 established the Federal Privacy Commissioner and identified eleven Information Privacy Principles (IPP) which include:

• Manner and purpose of collection

• Solicitation of personal information from the individual concerned

• Solicitation of personal information generally

• Storage and security of the information collected

• Information relating to the records kept by the record keeper

• Access to the records

• Alteration of the records

• Measures to check the accuracy of the information collected

• Limitations on the use of the information

• Limitations on the disclosure of personal information

  (Office of the Federal Privacy Commissioner, 2003)

Victoria ( Information Privacy Act 2000) and New South Wales ( Privacy and Personal Information Act 1998) have also enacted similar legislation with respect to the protection of privacy in the public sector. The Commonwealth Privacy Amendment (Private Sector) Act 2000 extended privacy protection to the private sector. There are several exemptions, including small businesses with an annual turnover of $3 million or less and employee records. It is not clear whether the employee records exemption may include data collected through workplace monitoring.

Privacy as a concept in Australia is largely contained in haphazard legislation. Furthermore, these laws were only enacted in the last few years . Greenleaf has noted:

There are a series of deficiencies in our privacy legislation and in the practices of the Federal Privacy Commissioner. We need changes to our laws so complainants can more readily take questions of interpretation and application of privacy laws to courts and tribunals. We need Privacy Commissioners who make the communication of the details of complaints resolution and the law underlying them a high priority. We need lawyers who find new ways to obtain interpretations and remedies. (Greenleaf, 2001, paragraphs 25-26)

In other words, we need more law with respect to privacy (Greenleaf, 2001, paragraph 25). In 2003 the District Court of Queensland provided civil damages for a breach of privacy. The matter in Grosse v. Purvis (2003) concerned the stalking of a woman by a man. Senior Judge Skoien determined that in the circumstances, the tort for an invasion of privacy had been established. Four essential elements that need to be satisfied include an intention to do an act, the act disturbs the seclusion of another, the action can be considered highly offensive to a reasonable person, and the harm caused prevents the victim from carrying out activities that he or she is lawfully entitled to undertake. Whilst this decision clearly outlines a particular cause of action for breach of privacy, it needs to be remembered that this was only a decision of the District Court and not a superior court. Furthermore, the matter itself did not relate to workplace privacy. Grosse v. Purvis (2003) is useful since it is a decision of an Australian court exploring privacy. It is only by such activities that the boundaries protecting privacy can be clearly identified.