Human Rights Act on RIP collision course

Experts are warning that there are areas of apparent conflict between the Human Rights Act (HRA), introduced last week, and the new Regulation of Investigatory Powers Act (RIP), which gives businesses the scope to monitor employee communications on corporate-owned networks, down to dismantling PCs if necessary.

However, under the HRA, employees have a right to privacy that their employer must respect.

The two regulations clash, experts say, when a worker uses a corporate-owned network but not its server, for example when working from home or using a web-based e-mail service at work which is run from a third party’s servers.

Matt Tomlinson, business development director at MIS Corporate Defence Solutions, told sister site ‘There is a contradiction between the two pieces of legislation for remote users and for web-based email. Legal advice suggests this is a loophole aggrieved employees could use to sue their employers.

‘I suggest firms update their polices again to state that all accounts accessed through organisation-owned equipment, whether using organisation-hosted mail servers or not, may be monitored. Whilst this improves business policy it may not give 100% protection, and may not hold water in court. ‘It will take case law, over the next two years, for a clear definition of what is required to emerge. However, whilst what I’ve suggested may not be 100% watertight, past court decisions have favoured businesses with clearly stated policies of this nature.’

Tomlinson went on to say that there is still an opportunity for the loophole to be closed.

‘There is a window during the consultation period the government is allowing to discuss the proposed codes of practice on implementing the RIP Act.

This consultation period, which ends on 17 November, is an opportunity for legal/human resource departments to make their points known and close this loophole on remote users and personal email accounts,’ he said.

Related reading