Technology – CBI slates email confusion.

The Confederation of British Industry has claimed that the delay to new guidelines on monitoring email is placing UK businesses in a ‘totally unacceptable’ position of legal uncertainty.

Due to be published by the government’s Information Commissioner, the guidance will outline what a company can do with data from employee phone calls and email without breaching the Data Protection Act.

But it is expected to contradict parts of the Regulation of Investigatory Powers Act, which obliges companies to check that communication networks are not used for criminal activities.

The guidelines created such hostility during consultation that they won’t now be introduced until the end of the year.

Nigel Hickson, head of e-business at the CBI, said the issue needs to be resolved or companies could be sued by employees. ‘This delay is unacceptable and places businesses in a position of legal uncertainty,’ he added.

Users and legal experts at last week’s Infosecurity show in London said they feared that confusion could lead to problems at industrial tribunals.

‘We could end up in the awful scenario where the employer quotes obligations under RIP and employees quote rights under the Data Protection guidelines at an industrial tribunal,’ said Mike Collins, from IT development services at Homebase.

Tribunals are likely to view any guidelines from the IC sympathetically, said David Marsh from law firm Wragge & Co. David Smith, assistant commissioner at the IC, said a conference is planned for June to explore the practical issues of complying with both RIP and the Data Protection Act.

RIP states companies are legally responsible for any criminal misuse of their IT networks and can monitor communications to prevent or detect crime.

Meanwhile, draft IC guidelines say employers should scrutinise staff use of email, the internet and the telephone only where there is suspicion of actual criminal activity or behaviour contravening conditions of employment.

The delay in publication of the guidance has also been criticised by the Institute of Directors. Richard Baron, deputy head of its policy unit, said: ‘Employers need this code of practice because they have to comply with the Regulation of Investigatory Powers Act and the Human Rights Act, and they must handle the interaction between the two Acts.

Visit the CBI website at

UK plc demands more e-business help

Related reading