Two recent cases highlight the risks of remote work and what you need to manage them. Both cases demonstrated management’s understanding of the importance of clear policies that reflect current risk management and thoughtful processes that are fair but stepped to manage avoidant behaviours.
Brown v South Coast Trucks and Machinery 
Ashley Brown sold trucks and machinery for SCTM from its Queanbeyan Office. His direct boss attended the site where he worked in October 2019 to give him a warning for costumer issues. Mr Brown worked alone at the site. On attending the site he found hydroponic equipment and a dehydrator probably used for the cultivation and processing of cannabis (equipment). The equipment was not in current use but was stored. His boss asked him about the equipment and he said he had permission to store it. He did not have permission to store drug equipment. Part of the way through the warning he became distressed and he had his partner collect him. He never returned to work. A police officer subsequently confirmed drug residue on the dehydrator.
His employer sent several requests to discuss the equipment. First to arrange a meeting, his GP sent a note not able to meet. Second to arrange a meeting or phone call. His psychiatrist said they couldn’t attend. Finally, to respond in writing, he responded that SCTM were bullying him. Throughout this time he was dealing with the insurer, preparing statements and other things that reflected he did have a capacity to respond.
Kovacic DP found the requirement to respond was a lawful and reasonable direction because of the stepped down process of requiring a response. – meeting, call and respond in writing and the obvious capacity demonstrated by Mr Brown’s other actions. Further, it was reasonable to require a response given the nature of the equipment.
What are the lessons?
- When people work remotely they often feel more relaxed around employer expectations, treating the workplace as their home;
- When people seek to use illness to avoid discipline the stepped down approach is the key;
- It is part of the inherent requirements of the job to be managed-you can’t run from it and
- There was a demonstrable documentary path about what could be stored-key to this case is he did not have permission to store the equipment.
Kerig v Victorian University
Mr Kerig was an employee of Victoria University and as part of his employment received an iMac. There was strict rules around the configuration, personal use of the iMac and downloading of certain types of material. In his absence the computer was checked, he had altered the configuration of the iMac as provided to him, had demonstrable, extensive personal use and some offensive material was loaded on the iMac. He was dismissed and claimed the material on the iMac was personal and sensitive material and protected by Privacy Law and that they couldn’t access it without his permission.
Once again this case should send alarm bells for all employers who have employees working on laptops from home. It is in exactly those circumstances where employees will use the laptop as their own personal equipment and misuse and set up structures to prevent their employer having access to the information that is personal.
VCAT said, following Jurecek v Director, Transport and Safety Victoria, that an employer can access information that has privacy protection, without the consent of the employee, as part of an investigation into breaches employer rules and regulation. Particularly where notification of the investigation could lead to the loss of the evidence. It followed Gloria Ng v Department of Education in finding it was necessary to investigate in this manner as it was apparent that the iMac had been reconfigured in breach of policy, which was suggestive of an improper use.
What are the lessons?
- Have clear policies around employer assets-for computers, the configuration, software, personal use, proscribed content, confidential nature of work content and entitlement of employer to access at their own discretion;
- When someone works for you and they do something that suggests they are breaching your policies and procedures or the law, you can investigate (including high personal privacy setting Facebook posts) without a person’s consent and
- Regularly check what people have on their computers.