An employer used key stroke information to discover a man's password which gave it access to his work computer and a personal email account.
The man complained to the Privacy Commissioner's Office which found the employer had breached Privacy Act principles, case notes published today show.
The employer collected the personal information as part of an employment investigation but this failed to comply with the law, the commission's office said.
While the unnamed employer had clearly said, in the employment agreement and employee manual, that work computers would be monitored, those policies were not explicit enough to make staff aware anything as detailed as the key stroke information was being collected.
On that basis, the commissioner found the employer had breached the Privacy Act.
Using the password to gain access to the man's personal web-based email account had helped the employer get information about a significant number of emails sent over several years. Some emails had been copied.
That also raised Privacy Act issues, the commissioner's office said, adding that alongside the inadequate policies, the information collection from the personal email account was unnecessary and disproportionate to the employer's needs.
The commissioner's office said an individual's personal email account attracted a high expectation of privacy and exceptional circumstances would be needed to justify an employer directly accessing it - something this employer did not have.
The complaint was closed after the man and his employer attended mediation and reached a settlement.
- Fairfax Media