Phuoc & Partners Vietnam International Law Firm

Your Language:
+84 (28) 3744 9977
Phuoc & Partners Attorneys At Law

Personnel management – which privacy and the limitations on for employers?

The article written by Lawyer Nguyen Van Quynh – Associate and Ms. Cao Thi Hoang Oanh – Paralegal of Phuoc & Partners are published on Saigon Economic Times dated 18/9/2014.


Recently, Company X held a meeting to settle labour discipline and gave out a written reprimand decision to Ms. A. The reason given by company X was that Ms. A had repeatedly used a personal email to place an online order (online shopping), thereby doing individual work during working hours, and this violated the labour regulations of company X. Despite still being allowed to work at the Company and paid the full salary and benefits as before, she felt “humiliated” in front of her colleagues. Ms. A responded by sending a dispatch to request the local labour federation to protect the rights and interests of employees whose privacy rights have been violated by the Company even though Ms. A had no objections against employee discipline decision of the Company…

What is the right to privacy?

First of all, it must be said that the law of Vietnam currently has no private law provisions on the protection of privacy, although proposals have been included in the agenda of the National Assembly draft laws. The term “privacy rights” has not been legally defined fully in the current legislation, but are scattered throughout the laws there are some slivers of regulation that are applicable to “privacy rights”. For example, the 2013 Constitution[1] stipulated that “everyone is entitled to the inviolability of personal privacy, personal secrecy and familial secrecy” or “everyone enjoys the secrecy of correspondence, telephone, telegrams and other forms of exchange of personal information. No one is allowed to open, control, and confiscate contrast to the statute other’s correspondence, telephone, telegrams and other forms of exchange of personal information”. The Civil Code 2005[2] stipulated that, “the privacy rights of individuals are respected and protected by law” and “correspondence, telephone, telegrams, other forms of electronic information of individuals is ensured the safety and confidentiality”.

In other areas law:

  1. For information relating to accounts, deposits and customer transactions, the credit institutions must also ensure that secrets are not allowed to be given to any other organizations or individuals, unless otherwise permitted.[3]
  2. Insurance enterprises shall be responsible for maintaining the confidentiality of information provided by the insurance buyers.[4]
  3. In electronic trading, an agency, organization or individual shall not use, provide or disclose information about privacy or information of other agency, organization or individual that is accessible or controllable in electronic transactions without their consent, unless otherwise provided by law.[5]
  4. The principles of postal operations are to ensure correspondence confidentiality according to the applicable laws [6]and prohibits the disclosure of information about the use of postal services, unlawfully open or destruct of postal.[7]
  5. Users of telecommunications services are assured confidentiality of private information under the provisions of law.[8]Even more seriously, the infringement of confidentiality or safety of other people’s mail, telephone, telegram may also constitute a criminal offense and be imposed with criminal liability.[9]

Consequently, the laws of Vietnam are focusing on protecting the privacy and confidentiality of individuals, agencies and organizations. The evidence is that many specialized legal documents have terms adjusting security issue of personal and private information of subjects being adjusted. However, the terms used in the legislations are not unified and in terms of semantics, it can mean the same or different. The fact that the laws of Vietnam list some specific expressions of the forms to which are subject to “privacy”; mail, telephone calls, telegrams, personal information, family information, accounts information, bank transactions information etc. with the common characteristics of “confidentiality”; of the individual, dedicated to individual and are not obligated to publish. There are some suggestions that there should be a legal definition of privacy and so determine what is considered as an infringement of privacy.

But is it truly necessary to have a definition of “privacy”? Since its connotation is very wide and ultimately doesn’t the human individual right to respect and of personal integrity already cover “privacy”?

In the above case of Ms. A, Ms. A claimed that Company X had infringed her privacy as an employee. Although there is no legal definition of privacy or what behaviour constitutes an infringement of privacy, the reading other people‘s mail without the consent of that person as company X is doing is, from a narrow perspective, can be seen as an infringement of the employee’s confidential correspondence.

If such is the case, how can employers manage their employees with regards to employees doing personal work oncompany time, particularly when an employer cannot every hour and every minute “watch” at the desk of their employees to check if they are attending to work or personal assignments?

Is it an infringement of employee privacy?

Staying with the story of Ms. A and Company X, if one considers only the fact that Company X read Ms A’s personal email without Ms. A’s permission, it is clear that there is an infringement of the other person’s letters. However from a more complete perspective and observing the look and screening from a property perspective, the rights of property owners under the Civil Code and business management rights under the Enterprise Law, company X has the right to inspect and supervise the use of the property of the employees to ensure that employees use the property for the right purpose and maximize asset utilization. There will be controversy about the matter that Ms. A did not use the e-mail of company X but her personal email, however, to manipulate the personal email, Ms. A had to use company X’s computer or her computer but still on company X’s internet line to deal with her personal affairs during working hours.

The email address that the employers provide to their employees is an employee asset, having the domain registered by the employers. Computers used by the employees are also the property of the employers, only assigned to the employees to manage and use. The internet connection that employees are using is the property of that employer which has to be purchased from the internet service provider. A portion or all of the assets mentioned above are the property of the employers and are handed-over to the employees to use in order to perform work within the responsibility scope of the employees as agreed in the labour contract and for the interests of the employers.

The basic principle of the relationship between the property owners and the employees who are assigned or authorized to manage & use the property is that employees have obligation to keep, preserve and use the allocated assets with a proper purpose. Even in the case of Ms. A bringing home the computer of company X to use after working hours for personal purposes, but with the family internet connection, can still be seen as using the assets of the Company for improper purposes. One person naturally has the privacy right and their personal information is private and secret, but if they access this information on other people’ devices while being aware that property owners can read such personal information, then they initiatively have reduced the private nature of personal information significantly. In other words, through their actions they have implicitly given up their right to absolute privacy.

Many enterprises specify in their labour laws that employees using corporate assets with a personal purpose (whether in or out of working hours) will be disciplined in accordance with certain forms, depending on each enterprise. The employers need only prove that the employees violated labour rules to have reason for disciplining the employees, but to prove this, the employers must check the information system or data stored in the computer, including private personal information of employees. An actual trial in Vietnam showed that in similar disciplinary cases, the court did not support view that employers had infringed the privacy of employees when the employees extracted information from the computer to prove that the employers violated labour rules.

Supervising staff in the age of information technology

In general, there is a commitment to individual privacy in most countries, but there is also a realisation that in this rapidly changing information technology age, the privacy rights of people are hard to protect absolutely. Through management software installed in computers or by server access etc. employers are able to monitor the time employees actually work on the computer daily and specifically which jobs they do without direct manipulation on the computers which were issued to employees. If the employers do not allow employees to access social networking sites, chat tools, entertainment website etc., employers can completely block internet sites, features on USB ports and hard discs so that the employees cannot install extra programs on the computer.

Although setting the “fence” to protect the property and applying information technology to radically force employees to perform work during working hours without negligence is within the reach of employers, many employers still actually assign employees computers without limitations on the scope of its use. Besides confidence in self-discipline and awareness of employees, the employers also wants to create a comfortable and friendly working environment, without the spectre of strict tracking and monitoring. Employers often allow a “soft period” for employees to check, answer personal emails or deal with particular personal affairs using the information technology devices of the enterprise business. However, there are many employees who overuse the above freedom; wasting the working time and reducing labour productivity.

It would be not fair and reasonable if employees receives full pay for 8 hours/day but in fact only work 6 hours/day, and the remaining time is to read online newspapers, chat, accessing social networking etc. and then lodge an application that employers are infringing their privacy by controlling and accessing their account.

In this regard, between employers and the employee’s there should be a balance with respect to privacy; employees cannot be at liberty to do whatever they want and claim the privacy of every individual is inviolable, ignoring all the provisions of labour regulations on the use of the property and their responsibility as employees during working hours. But where can this balance be found? It is true that there is no legal document indicating the limits of privacy for the employees and that which the employers cannot touch. That limitation can only be built up by conscious decision and the self-discipline of each employee to prevent themselves from such behaviours affecting work performance. Once the employers prove that their employees have spent much time during working hours on personal affairs such as online trading, blogging, chatting etc. the employees hardly have the basis to claim that the employers had infringed their privacy, in both legal and personal respects.

In this legal environment, the issue of privacy is not clear. There is a distinct conflict between the privacy rights of employees and the rights of employers to manage and supervise the employee’s work, particularly the right to inspect and protect the assets of the employers. Employers should have some action to the extent permitted by law with the main purpose to protecting their legitimate interests, including:

  1. Installing surveillance equipment such as cameras in the office and let employees know that their employer is monitoring their behaviours and so the employees will be cautious and limit other activities that waste working time;
  2. Inform employees that the host system has stored information from employees’ computers and the employers will naturally test the server to determine the actual productive working time between employees in order to evaluate the ability and working attitude of employees;
  3. At the same time, the labour regulations of the company must have specific provisions on labour discipline for inappropriate behaviours in the management, preservation and use of corporate assets, and in working period at the company; and
  4. Hold regular internal trainings on the use of working time effectively.

By utilising monitoring technologies, continuous training and effectively informing all employees on the applicable labour regulations, employers have, on the one hand, established an effective control mechanism to prevent their employees from misusing company assets, and on the other hand are fairly informing and ensuring that employees are aware of, and adjust, their behaviours to avoid any corresponding labour discipline.

Of course, the application of the above management methods also needs to be selective and adapted to the work environment, the class of employee and qualifications of the employees so that the management is effective without causing “injury” to employees.

[1] Article 21 of Constitution of the Social Republic of Vietnam

[2] Article 38 of Civil Code 2005

[3] Article 14 of Law on Credit Institution 2010

[4] Article 19 of Law on Insurance Business 2000

[5] Article 46.2 of Vietnam Electronic Transaction Law 2005

[6] Article 4.2 of Law on Posts 2010

[7] Article 7.6 of Law on Posts 2010

[8] Article 16.1 of Law on Telecommunications 2009

[9] Article 125 Criminal Code 1999

View Details