Due to be published by the government’s Information Commissioner, the guidance will outline what a company can do with data from employee phone calls and email without breaching the Data Protection Act.
But it is expected to contradict parts of the Regulation of Investigatory Powers Act, which obliges companies to check that communication networks are not used for criminal activities.
The guidelines created such hostility during consultation that they won’t now be introduced until the end of the year.
Nigel Hickson, head of e-business at the CBI, said the issue needs to be resolved or companies could be sued by employees. ‘This delay is unacceptable and places businesses in a position of legal uncertainty,’ he added.
Users and legal experts at last week?s Infosecurity show in London said they feared that confusion could lead to problems at industrial tribunals.
‘We could end up in the awful scenario where the employer quotes obligations under RIP and employees quote rights under the Data Protection guidelines at an industrial tribunal,’ said Mike Collins, from IT development services at Homebase.
Tribunals are likely to view any guidelines from the IC sympathetically, said David Marsh from law firm Wragge & Co. David Smith, assistant commissioner at the IC, said a conference is planned for June to explore the practical issues of complying with both RIP and the Data Protection Act.
RIP states companies are legally responsible for any criminal misuse of their IT networks and can monitor communications to prevent or detect crime. Meanwhile, draft IC guidelines say employers should scrutinise staff use of email, the internet and the telephone only where there is suspicion of actual criminal activity or behaviour contravening conditions of employment.
The delay in publication of the guidance has also been criticised by the Institute of Directors. Richard Baron, deputy head of its policy unit, said: ‘Employers need this code of practice because they have to comply with the Regulation of Investigatory Powers Act and the Human Rights Act, and they must handle the interaction between the two Acts.’
CBI websiteUK plc demands more e-business help www.accountancyage.co.uk/IT/1120014
New growth opportunities in Aberdeen, North East Scotland, are being invested in by Grant Thornton
If businesses do not take cyber security seriously in their business planning regulators may do it for them, the ICAEW has warned
The Financial Reporting Council has issued guidance regarding the annual reporting of 1,200 large and smaller listed companies. The letter highlighted the key issues and improvements that can be made in the 2016 reporting season
Deloitte's north-west Europe foray; BDO, Smith & Williamson investment paths; Shelley Stock Hutter; and Wilkins Kennedy discussed by editor Kevin Reed on our Friday Afternoon Live broadcast