Strict rules to control staff email monitoring

The eagerly awaited Code will be published later this month, but a draft of the employer’s guide to work place monitoring has been released to VNU Net News.

Covert monitoring ‘should not be used to obtain information about workers, and that where it is to be used the police should be involved,’ it says.

Employers should only use covert monitoring ‘if specific criminal activity has been identified and a documented assessment has been made concluding that notifying workers of monitoring would prejudice an investigation,’ it continues.

The Information Commissioner says the aim of the Code is to ‘strike a balance between a worker’s legitimate right to respect for his or her private life and an employer’s legitimate need to run its business.’

The Commissioner’s guidelines advise that workers should be made aware of any monitoring and the purpose behind it.

When monitoring email, employers should ‘display a set of conditions concerning email and internet access which workers must accept before being allowed online,’ says the guide.

The Code also says that workers who have their email inboxes checked while absent should be made aware of the fact. Furthermore workers should be informed of the extent to which information about their internet access and emails is retained in the system and for how long the information is retained.

Many employers fear the Code effectively bans them from monitoring emails and internet use in the office, but Iain Bourne, strategic policy manager from the Office of the Information Commissioner, said this is not the case.

‘It is an over-simplification to say the Code bans the interception of email, but there are certain hoops an employer must go through before they can do so legally. For example, it must be a proportionate response to any threat posed.’

Roderick Armitage, head of company affairs at the Confederation of British Industry, said there is a danger that many businesses will ban personal usage of email at work in response to the Code’s stringent conditions.

‘In a lot of industries such as financial services, security requirements of employers mean they have a legitimate need to know what is going on in business communications. The end result may be workers can’t use the business network for personal use.’

Related reading

HMRC banknotes