Can an employer access personal information on an employee’s work laptop?

12 March, 2025

More News

Key points from this Federal Court decision:

  • The employer was not breaching the Privacy Act by accessing an employee’s personal passwords and therefore their associated internet accounts stored in a work related laptop computer.
  • This case largely rests on a number of policies the employer had in place. Although not addressed in the Decision, it is quite possible that without those policies the outcome may have been quite different.
  • The wording of any policies is important and must specifically allow for monitoring of any and all information store on the laptop computer.
  • The employee's employment contract should prohibit competition with the employer

 

Australian Information Commissioner

The Federal Court recently affirmed the decision of the Australian Information Commissioner that an employer can access the personal information on an employee’s work laptop.

The Privacy Act (1988) provides for 13 Australia Privacy Principles (APPs). Organisations and businesses must not engage in any act that breaches the APPs.

In this case the employee was suspended pending an investigation into alleged contravention of his employment contract – namely acting in competition with his employer by conducting his own similar business during working time for his employer. He did this using the employer provided laptop setting up several personal email accounts and cloud-based storage. When the employee was suspended the employer checked the contents of his laptop which he was required to surrender.


The employer forwarded correspondence to the employee…

The evidence we have to hand shows you have used a substantial amount of work time in sending [sic] receiving emails and phone calls referred to in emails during company time. The other companies you own/work in are in direct competition with Mecrus [the employer], in particular water, mining and agriculture and you seeking work through your company is regarded as competition to our companies

The employee was later terminated for the above reason and reached a settlement in Fair Work Commission unfair dismissal conference proceedings.

In this situation the Privacy Act does not provide for a direct course of legal action against an employer but allows the employee to lodge a complaint with the Australian Information Commissioner. The Commissioner than has the power to investigate, make certain determinations (including dismissing a complaint) and impose fines for a breach. Such fines are enforceable through the Court.

In this matter the former employee made a complaint that the employer had used personal information that he had stored on his work laptop, namely passwords, to access his personal email, iCloud and OneDrive accounts. The employee stated the above paragraph (employer letter extract) provided proof the employer had accessed these internet-based accounts.

During the investigation the employee stated he had no knowledge that the employer had a Privacy Policy or an IT Policy relating to the use of work laptops. He claimed the employer had fraudulently fabricated these policies to defend itself in these investigations.

In response the employer provided a copy of the company’s Computing and Communication Policy from 2013. They also provided the Employee Induction Handbook, which contained a section on privacy, and the Employee Privacy Policy.

Following initial investigations, the Commissioner stated that the employer had not interfered with the former employee’s privacy. The Commissioner referred to the exemptions in the Act relating to ‘employee record’ stating:

An employee record means a record of personal information relating to the employment of the employee. Examples include records about the employee’s personal contact details and records about the employee’s performance or conduct. To the extent that the personal information involves records of sites or accounts that you visited, using the work computer, I am satisfied that this amounts to a record of personal information relating to your conduct during your employment.

 

Employer Policies Employer Policies 

The Information Commissioner drew attention to the following employer policies:

  • The employer’s Computing and Communication Policy included a reference to the employer “being able to “view, access, retrieve, print, copy/and or distribute any material or data that is accessed or stored or transmitted on IT systems” 
  • The Employee Induction Handbook stating that all data created, stored or transmitted upon the IT system was considered to be ‘work product’
  • The IT and Computer Policy allowing for “monitoring and review of any and all data on its systems, including usage and history on an intermittent basis without notice to the employee”. 

The Commissioner accepted the validity of these policies and confirmed the data the employee had saved on to the laptop were indeed an employee record under the Privacy Act. The employer’s handling of that information was “directly related to your employment relationship with the respondent (the employer) at the time”

Therefore, the employer accessing the employee’s personal internet based accounts related to the employee records “held by the respondent” was legitimate. (“Held by the respondent“ - referred to being on the work provided laptop.)

The employer’s actions in handling the applicant’s personal information on the work laptop was directly related to the employment relationship at the time.

In summary this excluded the employer from the Australian Privacy Principles in the Privacy Act. Therefore, there was no interference with the employee’s privacy.
On that basis the Information Commission made a determination to cease further investigations.

Federal Court - Judicial Review

The applicant lodged a Judicial Review (essentially an Appeal) application in the Federal Court challenging the Information Commissioner’s decision to cease further investigations into this matter. He sought Orders from the Court declaring the decision to cease further investigations were unjust and improper and to require the Commission to launch further investigations.

The request for a Judicial Review was based on 6 grounds. This included a breach of natural justice and fraud stating the various employer policies had been developed in response to the investigation by the Information Commissioner.

In a detailed decision, which can be located here, the Federal Court reviewed the investigation by the Australian Information Commissioner and the exercise of the Privacy Act in relation to these proceedings and rejected the applicant’s application for a Judicial Review.

 

The above case deals with two key legal aspects: 

  • a breach of the employee's employment contract prohibiting competition with the employer
  • having the correct employment contract or policy in place to allow the employer to initiate the internal review and not breach the Privacy Act.

Employers requiring assistance with either of the above are requested to contact Hunter Employee Relations. 

 

Kind Regards
Michael Schmidt
M 0438 129 728
[email protected]
www.hunteremployeerelations.com.au

Industrial Relations - Employment Law - Workplace Performance

 

Sign up here to receive Hunter Employee Relations Update directly to your email inbox

Want to know more about Hunter Employee Relations?

Want to know more about our client services?

 

 

1 ER Update button 2 ER Service button 3 Monthly Update button
4 Emt Contract button 5 Code of Conduct button 6 ER Key Policies button
7 Bully Harass Guide button 8 Casual Emt Guide button 9 Work Investigations button
Previous

Hearsay, assertions, anonymous surveys and ‘feelings’ are not evidence in a termination decision
Next

How can a termination be justified and then found to be unjust? Employers beware

Keep up to date

Hunter Employee Relations regularly sends out updates on important Fair Work and Court decisions as well as Government initiatives.

Subscribers will receive a complimentary copy of Hunter Employee Relations Employer Guide to Workplace Bullying, Harassment & Discrimination.

Essential reading for all senior management, this user-friendly guide deals with:

  • Identifying bullying, harassment (including sexual harassment) and discrimination
  • Understanding an employer’s legal obligations and liability
  • How to respond appropriately
  • The new positive prevention duty on all employers.