In this uniquely South African Business Environment, small to medium Enterprises have more readily embraced the new frontier of Electronic Interaction, from simple computerisation of smaller tasks within in the business, e-mail and sms communication with clientele, to the development and the design of a company website.
Whilst it is an extremely exciting time in the e-commerce and m-commerce environments within South Africa, many Business Owners, Managers and Directors are often simply not aware of the Corporate Governance responsibilities and issues which may arise by the implementation of an Electronic Communications Infrastructure.
In order to understand the significance of any Electronic Communication System one needs to take a step back to appreciate the complexities of any electronic communications infrastructure and the significant impact such systems have had, not only within South Africa but internationally, in the last ten years.
Whilst there remains a significant advantage to giving your employees access to such communication systems, being e-mail communication with clientele or giving staff the ability to access Internet Banking, a clear balance between private and business use needs to be achieved.
Companies are being exposed to possible risks when employees inadvertently or unknowingly start downloading illegal or copyright protected software from the internet and then distribute such material via the company’s electronic infrastructure and all this without the knowledge of the business itself, which could lead to costly law suits against your company, an exercise which small businesses can simply not afford.
The financial outlay of businesses in this day and age reach the millions of rands to combat viruses, spam and spyware which directly leads to a reduction in processing speed across the company network and which further results in a reduction in productivity.
Employers must also be aware of the possible exposure due to sexual harassment, racism or defamatory remarks found in e-mail communications being distributed amongst its employees and the possible embarrassment caused by such communications being sent outside the corporation. Questionable content, as a result of an employee, during the course and scope of his or her employment, effectively using the company’s stationery and infrastructure to distribute such content, may cause unforeseen liability for the company itself.
Our courts have held that it is the responsibility of the employer to insure that employees are not made subject to inappropriate e-mail communications. Should the corporation failure to take the appropriate steps to protect its employee, the employer may find itself liable as a result of such a failure.
There is a practical solution to the management of most IT related business risks and that is by the implementation of the effective policies within the business. This is to ensure that employees are not only informed of the possible risks but also directed to use the Electronic Communication and e-mail infrastructures, in the best interest of the business as a whole.
By informing employees of the do’s and don’ts, will significantly reduce, if not eradicate, a business’s civil and criminal liability risks. It is vitally important to ensure that any internet and e-mail usage policies are consistently applied and in one form or another, consented to by the employee prior to its implementation. Any such policy would need to complement the company’s holistic ideology, current employment contracts and South African Labour Law, with specific reference to disciplinary action of employees who fail to adhere to such policy. For this reason the policy should be in clearly understandable language and duly explained to each and every employee.
Even monitoring an employee’s internet and e-mail usage may have consequences if not preformed within a legal framework. Every employee has the right to personal privacy and to be protected from any invasion of such privacy.
The ability of an employer to monitor and/or intercept electronic communications, including e-mails, is now regulated by the Regulation of Interception of Communications and Provision of Communication Related Information Act 70 of 2002 (hereinafter the RICA). The intention of RICA is to protect the right to privacy of all individuals and to specifically address circumstances under which this right may be lawfully restricted and/or limited.
In terms of the RICA, an employer may in specific instances and upon fulfilment of certain specific requirements, monitor employee’s e-mail communications and internet usage. It is important to take note that any internet and e-mail usage policies put in place should both be legally compliant and reasonable in nature and at all times protect both the interests of the employee and those of the employer.
The above was a brief overview of the possible business risks associated with an internal internet and e-mail communication infrastructure and as such no business decisions should be based upon the information supplied, without first consulting an appropriately specialised attorney who will be able to identify and address your company’s specific needs and requirements. If you are an RMI4 Law member you can contact the legal assistance line for more information on 0861 668 677.
Contribution by: Wesley Watson LLB (UNISA) Barnard Incorporated Attorneys