Recently I've come across a sticky situation where an employer started monitoring email without the consent of the employee. In the US, this is still a fairly "grey" area; can you tell me what the rules and regulations are in Switzerland? Is an employer entitled to read employee email at will?
I've been trying to read the http://www.edoeb.admin.ch site, but my German is still weak enough that it's slow going (and not all their documents are translated to English). I'm hoping one of you with some experience here can point me to exactly the relevant document, if it exists.
I believe that they can record but they cannot read without your permission. They don't need to ask your permission to journal the emails that are being transmitted.
Same goes for internet activity IIRC - but they can get around this by reminding you that the company reserves the right to monitor your activity.
I had a short look tha site you mentionend as I was curious about the legal situation here as well: Bottom line: It has to be annonced in your contract agreements somewhere, but yes he is allowed to read your email unless it is marked "private" somewhere in the title (?!). The law for emails was simply a "portation" of the normal post regulations. If a letter is obviously private, the employer has to keep his fingers off it. Otherwise he can assume it is work related and a secetary or someone else can open it.
The rules for websurfing are a bit different as the company first has to monitor the traffic and is only allowed to monitor you in detail after they have reasons to believe that you are using the net against your agreements...
Thanks guys, especially Trev. That's more or less what I'm looking for.
On a related question, I'm assuming that an employer can be held liable for breaking the terms of the employee manual, especially if it's referenced in the employee's contract? While it may not be illegal to monitor the email, the employee handbook only allows for it in certain cases, and this is not specifically listed.
It's not a "grey" area in the USA, computers and software on said computers are owned or licensed by the employers, not the employees. Employers have every right to control what passes through their systems, the only way an employee could expect privacy is if he is using a private computer connected to an outside server and not using the network of his employer.
It may have been mentioned but it depends on your empoyment conditions and the various rules and regs in place in your company - if your terms of employment say that your email may be monitored then it will be, if there are business reasons for doing so. Random monitoring is not normally carried out but irregular 'audits' may pick up 'inappropriate' material....
As for internet usage, bit more tricky. If your company has a 'permitted usage' policy then, in effect private information cannot be examined, banking etc. Only information that is pertinent to the investigation may be produced. However, if your company does not allow private usage then all of the information contained on the system or home drive is 'company information' and will be examined during the course of an investigation.
In effect, this type of action can be classified as 'targeted' in that it is being carried out to find specific evidence of wrong doing.
To the best of my knowledge, this is also the case in Switzerland. All work produced on the computers in your workplace is actually property of your employer. This includes all incoming and outgoing emails.
For various reasons (usually legal and accounting), businesses are required to keep copies of certain documents for a certain period of time before they can be destroyed. In large companies, this simply means backing up all work to a server. This will often capture all incoming and outgoing emails. So even if you delete all of the emails from your inbox and outbox, there will already be a copy stored on your employer's server.
If your employer has a set of IT conditions or policies that need to be adhered to, they are normally included in your employment contract, or may be in the form of a separate policy that is binding.
You are best advised to pay attention to these IT policies because they form a legitimate basis for your employer to terminate your contract. Generally, employers are not too concerned about the frequency of private emails (obviously to a certain extent), but are more concerned about the content of these private emails. That is, are you defaming the company, are you passing on confidential information to unauthorised parties, are you harassing someone via email, etc. I have worked in a company where they decided to conduct a random audit of a department to see if people were applying the IT policy. They were shocked by how so many people disregarded the policy, to the extent that they fired all of those in breach of the policy during this random audit. The flow of outgoing emails significantly reduced in the aftermath of this event.
If you have not heard or seen of such IT policies in your workplace, you may have a good argument against any effort to terminate your contract on the grounds that you have sent too many, or inappropriate, emails.
Otherwise, in general, an employer is entitled to read your emails. If they decide to do so, you may want to ask questions why ...
As I understand it, it actually depends on whether the employer has an email monitoring policy in place or not (covers you for federal laws), as well as the state in which it happens (as some states have stricter laws than the feds).
This is not the case. It is an offence punishable by up to 3 years in prison to read emails sent or stored on computers in Switzerland. This is covered in StGB 321 ter. Basically in Switzerland and a number of other countries email is treated in the same way as postal mail and opening a mail without consent is a crime. It is potentially possible to monitor mail content without opening the mail and ... this is also a crime. What you can do is monitor who is sending mails to whom...
This is not strictly true. While on a federal level, and assuming the employees are not working for the government in which case the fourth amendment "probably" prohibits the reading of mails, what you say is correct, this is not the case on a state level. Several states have very strict privacy laws that have been held to apply to if not are specifically written for email. Virginia springs to mind...
Furthermore, for it to be applicable on a federal level it assumes that the company is providing the infrastructure. If they have simply bought a service ie externally hosted and leased equipment then they are not able to monitor emails.
So I would say depending on which state you are working in America it might well be a grey area - or would that not be gray area!
The consent is given when the employee signs the contract of employment or the addendum to the contract stipulating that email may be examined during the course of an investigation................always assuming that it is included in the contract or addendum
Different for Germany or France - subject must be informed prior to examination.
Richard, are you suggesting that my company's practice is ... illegal??
I think you are looking at this issue too strictly. If you happen to steal a computer and then read the emails on that computer, then, yes, I agree that you have committed an offence.
But in the context of the workplace, if an employer is providing you with a tool to perform your work, the employer reserves the right to maintain this tool. If this tool happens to be a computer, then an employer would have the right to monitor your IT usage, including reading your incoming and outgoing email. Of course, there is the question of whether the employee has consented to this process. But in most circumstances, such consent may be implied.
For example, in my line of work, 90% of my communication is via email. Even if I was unaware of any IT policy, I could not possibly argue that all of the emails sent from my work address are private, and that my employer is precluded from reading my emails.
That's why I said that, in general, employers are able to read your emails. Most IT policies will stipulate when such monitoring can be conducted, and it is usually when a suspicious circumstance has been reported.
If you happen to work for a small company or business that does not have any IT policy, then you may have stronger arguments against having your emails read. Though, I think any argument would be fairly weak.
Here is the take on where I am working, large international bank. HR came around with a "Confidentiality Document" for me to sign pretty soon after me starting.
Key pointers were:
Limited private usage of Internet and emails were allowed but should not interfere with your work.
Not allowed to disclose anything about the company, work you are doing etc, standard enough stuff.
The company owns the right to anything and everything you generate, emails, web logs etc, private or in the pursuance of company business.
Seemed fair enough to me, so I signed after reading in detail, asked the nice chap to fetch me a coffee whilst I read it. ( I think he did this because he was shocked anyone would read it first, most people just sign apparently.)
Yes, would love an audit to take place and fire all those lazy mutts, who are surfing most of the day, whilst the few are busting are coconuts carrying them
I think in the US, companies can't just read emails for any reason. That sort of practice is described as a "Fishing Expedition" and the courts tend not to allow that sort of thing. However, if they have some reason to suspect something because of poor performance or a co-worker noticing strange things on someone's monitor, they've got probable cause and can have a look a things.
My last role was IT bloke in one of the banks and I was "the man that can "when monitoring of this type was needed.
All financial institutions have a legal obligation to store all types of electronic communication for a period of time. Where it is stored and for how long depends on who was involved in the communication. Maximum period is 15 years (in the case a US bloke was privy to the info) Yes it is absolutely legal (it's a legal requirement in banks) for your employer to monitor you email, internet usage and chat (instant messaging), this will be written into your T's and C's somewhere. It is highly unlikely they will conduct random spot checks on email etc or monitor (manually read) everything (seriously, think of the admin overhead) Normal procedure is for HR/IT Security/L&C to ask for monitoring or an investigation, there is quite strict controls on who can ask for it and how it is requested. IT would typically return data for a very fixed period and between a limited amount of recipients, without viewing the data where possible. There is close to zero % chance that your manager will be able to ever see your emails/chats/internet usage if you work in a large financial institution, if they had a specific issue with inappropriate communication they would pass it to HR/IT Sec/L&C who would follow it up. It is not that frequent that these investigations (investigating naughty employees) take place.
I mean a "US Person", in terms of storing electronic communication a "US Person"=Somebody physically located in the US, this includes a Swiss person with a Swiss work contract working in a US office for a few weeks.
Citizenship is not really important in any case IIRC, only where your contract of employment is written, e.g. a person whose contract of employment is written in the US may not see Swiss secret data (whilst in Switzerland) without signing an additional waiver.