BRR: We are joined by Tara McNeilly. She is a Senior General Counsel in the Office of General Counsel group at Australian Government Solicitor. Tara, a warm welcome to Boardroom Radio.
TM: Thanks, Kate, it is a pleasure to be here.
BRR: Certainly when an employer enters the hiring phase it may be tempting to use social media sites such as Facebook, and to gather further information about potential employees. What are the major risks, I guess, from a public sector perspective, for employees in this context?
TM: Well, Kate, the main risk is that this relates to the collection of information and it's quite personal and possibly quite sensitive information. So against that background, there [are] obviously privacy considerations that come up. In the public sector context, there are a range of information privacy principles that govern an agency's collection of information and so, against that background, it's necessary for agencies to have regards to the purposes for which they're seeking to collect information. Is the information that they are proposing to collect relevant to those purposes? Is it necessary for those purposes? Are there issues in relation to accuracy or a need for verification? And, similarly, might there be issues, as well, in relation to making sure that people are aware that the agency might be proposing to collect information in this manner? The reason I say that is because the information privacy principles require not only that collection of information be lawful, but also that it be fair and not intrude unreasonably upon a person's personal affairs.
BRR: Keeping with the use of social media, we saw the declaration of open government and the increased use of social media by government agencies. Presumably this also increases the risk of privacy breaches. What happens when an employee of an agency breaches privacy laws?
TM: Well, in most circumstances Kate, it really depends as to the basis on which the employee is acting. Under the Privacy Act there's a mechanism whereby, in circumstances where an employee is acting in the course of their employment, their acts and practices in relation to handling personal information are the acts and practices of their employing agency. So, effectively, that might mean that there's an interference with privacy for Privacy Act purposes. Another question, I suppose, that arises in that context is where perhaps a person is engaging in a frolic of their own or is doing something which is outside of their employment expectations.
BRR: So will it depend on that characterisation for whether the agency will be held liable for their actions?
TM: Yes, it really does. And I mean that's obviously a question of fact and it will depend on the particular circumstances. So in those particular instances it would be necessary for an agency to have regard to the context in which the activity was undertaken and, I guess, any rules or limitations that might apply and have been expressed to the employee in that context.
BRR: Well, looking at rules and expectations expressed to employees, I guess, both from a hiring perspective, but also from a use of social media within their employment context, how can government agencies effectively manage how social media is used within the organisation?
TM: I think probably the best way to do it is by the development of detailed policy both in relation to, I guess, managing expectations of both current and prospective employees in relation to what might be collected and when it might be used; who the information may be disclosed to. But, secondly, in relation to circumstances where employees are being encouraged to use social media tools in the workplace for work-related purposes, agencies should think about having a policy which sets the parameters about that use in an employment context. One example that has been used by agencies in the development of social media policies is to seek to make a distinction between the different capacities in which social media tools might be being used. For example, a social media policy might distinguish between, say, official use, professional use or personal use. In the official use category, an agency is encouraging employees to use information for work-related purposes and to communicate that information through social networking tools and is encouraging those employees to identify themselves as employees of a particular agency. Separate to that, there may be circumstances where a particular employee may have particular professional experience that may want to be put out on a social media site and there might need to be rules about that, where an employee is speaking in a professional capacity as a member of the particular profession, but not as an identifiable employee of an agency. And then, I suppose, the third category is personal use of social media tools within the workplace that is obviously something that will be governed by particular rules under information communications technology policy. But there might also need to be specific rules placed in social media policies which make employees aware that they are not to identify themselves as employees of an agency; they are not to, for example, use their work email address in that context.
BRR: Well, some good tips for the public sector there, Tara. Once again, thank you for speaking with us.
TM: That's okay, Kate. Thanks for your time.
BRR: That was Tara McNeilly. She is a Senior General Counsel in the Office of General Counsel group at Australian Government Solicitor.