Ramaphosa's energy plan Webinar banner

We'd like our readers to start paying for Daily Maverick

More specifically, we'd like those who can afford to pay to start paying. What it comes down to is whether or not you value Daily Maverick. Think of us in terms of your daily cappuccino from your favourite coffee shop. It costs around R35. That’s R1,050 per month on frothy milk. Don’t get us wrong, we’re almost exclusively fuelled by coffee. BUT maybe R200 of that R1,050 could go to the journalism that’s fighting for the country?

We don’t dictate how much we’d like our readers to contribute. After all, how much you value our work is subjective (and frankly, every amount helps). At R200, you get it back in Uber Eats and ride vouchers every month, but that’s just a suggestion. A little less than a week’s worth of cappuccinos.

We can't survive on hope and our own determination. Our country is going to be considerably worse off if we don’t have a strong, sustainable news media. If you’re rejigging your budgets, and it comes to choosing between frothy milk and Daily Maverick, we hope you might reconsider that cappuccino.

We need your help. And we’re not ashamed to ask for it.

Our mission is to Defend Truth. Join Maverick Insider.

Support Daily Maverick→
Payment options

Beware of using company resources for private communica...

South Africa


Beware of using company resources for private communications in the era of Popia

(Photo: Unsplash / Brett Jordan)

In terms of the Protection of Personal Information Act, an employer may monitor and intercept communications on a company device and, if the employee is using their own device, communications sent and/or received using the employer’s telecommunication systems.

Suemeya Hanif is an executive in the employment department of law firm ENSafrica. Nicole Gabryk is an executive in the firm’s dispute resolution department.

When the Protection of Personal Information Act, 2013 (Popia) comes into effect fully from 1 July 2021, there are some areas of possible dispute that could arise between employers and employees, including the monitoring of employee emails.

In a recent constitutional court judgment in Turkey, the personal data protection rights of an employee were considered and could provide some guidance as to how a similar situation may be handled in a South African context.

In this matter, a private bank employee used his corporate email account during working hours to assist his spouse in the running of her business. This resulted in the employer terminating his employment. The employee challenged his termination on the basis that his employer had infringed his right to data protection and freedom of communication when the employer inspected his corporate email without his prior notice or consent.

The Turkish Constitutional Court held that in order to ensure that employees are conducting their work efficiently, and due to the nature of the employer’s business (the provision of financial services), the employer had a legitimate basis for inspecting employees’ corporate emails.

In addition, the employee’s signed contract of employment stipulated that the employee was required to use his corporate email for business purposes only. As such, the employer could inspect the account at any time without prior notification, and the constitutional court held that the notification and consent requirement was fulfilled.

The court also took note of the fact that the employer had only had regard to the information which supported the allegations that the employee had engaged in other business activities during working hours. Therefore, it found that the purpose of collecting the data, and the use thereof, was limited to proving the allegations of misconduct.

In the South African context, employment contracts usually contain clauses dealing with the monitoring and interception of communication on work devices and emails. These clauses usually provide that as work devices and telecommunication systems are provided to promote the business’s objectives, they must be used for bona fide business purposes only and that the employer reserves the right to intercept and/or monitor any direct or indirect communication on their work devices and/or using the employer’s telecommunication systems.

In terms of Popia, an employer who processes the personal information of an employee (“data subject”) must do so fairly and without negatively impacting on the rights of the data subject.

Ideally, personal information should be processed with the data subject’s consent. Absent consent, there are other grounds on which an employer can rely to process personal information, including where the processing is necessary for pursuing the legitimate interests of the responsible party (in this case the employer) or of a third party to whom the information is supplied.

To comply with Popia, employers should ensure that any clause in an employment contract allowing for the monitoring and interception of communications on the employer’s devices, or using the employer’s telecommunication systems, also clearly explains the purpose for such monitoring and interception. An employer may monitor and intercept communications on a company device and, if the employee is using their own device, communications sent and/or received using the employer’s telecommunication systems.

The reason for this is that these devices and/or systems are provided by the employer to enable the employee to perform their duties and to assist the employer to meet legal, business, administrative and management obligations. This would constitute a legitimate reason for processing. If such a clause was inserted into a contract of employment, an employer could use the argument raised in the Turkish Constitutional Court to justify the processing of information because the employee would have been notified of the reason and the purpose for such processing.

Cognisance must also be taken of the other processing conditions for lawful processing contained in Popia: an employer may only use personal information obtained from the employer’s devices or systems to ensure compliance with its obligations and not for any other purpose. An employee will be given an opportunity to object to the use of his/her personal information during an investigation and/or disciplinary process, thereby ensuring compliance with the openness and data-participation condition.

Employers should carefully consider their existing contracts of employment to ensure that appropriate wording is included so that informed, express and voluntary consent is obtained at the outset, which is also compliant with the processing conditions in Popia.

Including appropriate wording in any contract of employment will entitle the employer to monitor and/or intercept communications on the employer’s devices and/or sent or received using the employer’s telecommunication systems should the need arise at any stage during the employment relationship without seeking ad hoc consent on a case-by-case basis, and could prevent costly future litigation and protracted disputes with employees. DM


Comments - share your knowledge and experience

Please note you must be a Maverick Insider to comment. Sign up here or sign in if you are already an Insider.

Everybody has an opinion but not everyone has the knowledge and the experience to contribute meaningfully to a discussion. That’s what we want from our members. Help us learn with your expertise and insights on articles that we publish. We encourage different, respectful viewpoints to further our understanding of the world. View our comments policy here.

No Comments, yet

Please peer review 3 community comments before your comment can be posted