By: Sonny Zulhuda
This week I was speaking about the misuse and abuse of workplace technologies during a session of a two-day seminar/workshop on employment law in Kuala Lumpur. The workshop was attended by mostly legal executives from a range of local companies. The technologies meant here are those Internet-associated tools such as electronic mails, blogs, Internet messaging and online networking sites (e.g. facebook, myspace, hi5, and the likes).
The main concern on which this presentation is grounded was that organizations need to ensure a good return of investment (ROI) over the technologies they use at their workplace. This is because the ROI may be interrupted by range of risks of the use (and misuse/abuse) of the technologies such as wasted productivity, financial loss due to business discontinuity or system defect, and also legal liabilities.
During Q&A session, the discussion was focused on the potential liability over Internet and email surveillance in the workplace. In other words, is it legal for the employers to do such monitoring? Can it be tantamount to an infringement of privacy (under non-existing law in Malaysia at the moment) or does it fall under criminal offence of illegal interception under the Communications and Multimedia Act (CMA) 1998?
My point of view was that Malaysian employees have to be very cautious in this issue for several reasons. First, when you join an organization, you are embarking into a ‘private domain’ belongs to your employer. They can do whatever they want including technology monitoring, as long as they are not illegal/unlawful. secondly, there is no law in Malaysia -statutory or otherwise- that protects ‘the right to privacy of the employees. I commented however that this position may be improved if the long overdue Malaysia’s draft law on Personal data protection is passed as the alw of the land. The last reason was, because the provision against illegal interception under the CMA 1998 was intended for the network and Internet service operators, thus does not apply in the private workplace. In other words, you employers, may find this option useful. But it is highly advisable -as a good governance practice and to be on the safe side, legally- to include this under the employment terms, as well as internal policies, guideliens, SOP, etc. It’s in short term a risk management through contractual instruments.