Most companies provide their employees with technological tools (“ICTs”) such as corporate email, mobile phone, and computers in order for them to fulfill their tasks. It is common for the worker to use them for personal purposes, resulting in situations of unauthorized use of work ICTs, or the incorrect handling of information owned by the employer.
Since the employer is the owner of the ICTs, he may establish limits for the proper use of them. Article 46 of the Ecuadorian Labor Code does not establish any laws regarding the treatment of information and the consequent right of the employer to access and control it. Nevertheless, the employer must respect constitutional rights granted for the protection of data, correspondence and privacy.
The right to inviolability and secrecy protects the communications made by the worker. For this reason, the employer will not be able to access email or information contained in the company’s computer or cell phone without the worker’s consent.
Communications can also be protected by the constitutional right to personal data protection: “The right to personal data protection, which includes access to and decision on information and data of this nature, as well as their corresponding protection. The collection, archiving, processing, distribution, or transferring of this data or information will require the authorization of the holder or the mandate of the law.”
Personal data is all the data or information that makes a person identifiable. In general, corporate emails refer to names, surnames, or positions of the person to whom the email is assigned, just as the cell phone number is linked to a specific person. The definition of personal data would include both the email and the cell phone number. Therefore, since this information can be considered as personal data, the authorization of the holder is required to access and review this information.
Finally, the right to privacy also protects the use and access to ICTs. The American Convention on Human Rights recognizes this right, which provides the following: “No one can be subjected to arbitrary or abusive interference in his private life, his family, his home or his correspondence, nor of illegal attacks on his honor or reputation.”
The Inter-American Court of Human Rights has indicated, “… The scope of privacy is characterized by being exempted and immune from abusive or arbitrary invasions or attacks by third parties or the public authority.” The right to privacy would apply to personal communications made by the worker using work ICTs.
The rules that define the use and control of technological tools must be in writing in the different legal documents of each company, in order to have the necessary support to sanction their misuse:
Employment Contract: the employer must establish in the employment contract the delivery of technological tools and the use of them. The contract shall also recognize the rights of the employer to recover the ICTs and obtain a backup of the information contained therein.
Internal Work Regulations: It is essential to incorporate in this document, rules that regulate the use of technological tools. Employers may establish sanctions in their Internal Labor Regulations for their misuse or the inclusion of employee’s data and personal information. The internal regulation must establish the ownership of the information contained in these tools, as well as the periodicity for monitoring or supervision.
Internal Policy of the Company: these documents must explain the rights and obligations that the workers have regarding the ICTs. The policies shall establish the right of the employer to access and obtain copies of all the information within these technological tools. Workers must be notified and informed to the worker.
Delivery / Receipt certificate: At the time the technological tools are delivered, the employer must establish the limitations and conditions under which the tools are delivered. It is important to detail the physical state and the data content of the tools so that, at the time of their return, the worker is responsible for any deterioration not attributable to their normal use.
Training: The employer shall conduct training for workers regarding the importance and limitations of the use of technological tools.
In conclusion, technological tools facilitate the execution of the functions performed by the workers, but their use must be regulated in detail so that both the employer and the worker know the limits and the sheer work-related purpose that must be given to them. The adequate protection of the company’s ICTs and information that they contain will be possible only if there is clarity in the rights and obligations regarding the use of such tools.
Edmundo Ramos’s Bio:
Edmundo Ramos is a partner at CorralRosales. He has more than twenty-five years of expertise representing local and international clients in labor and social security matters. Edmundo leads the CorralRosales Labor Department and participates actively in the area of Dispute Resolution in the management of labor disputes.
Rafael Serrano’s Bio:
Rafael Serrano is an associate at CorralRosales. He has more than five years of expertise in the TMT industry. He leads the Data Protection Department with an emphasis on personal data protection, electronic commerce, and emerging technologies.