Employers snoop rights in doubt

Employers' so-called snooping rights are being called into question. Regulations published by the Government last week under the...

Employers' so-called snooping rights are being called into question. Regulations published by the Government last week under the Regulation of Investigatory Powers (RIP) Act, appear to give the all-clear to employers who want to monitor e-mails and telephone calls.

However, these regulations, which came into force on 24 October, represent a significant concession by the Government, which originally wanted employee consent to be a legal requirement for any employer surveillance. There is now no need for employers to seek the consent of employees before carrying out monitoring. Now, all that is required is for employers to make all reasonable efforts to inform staff that these communications may be intercepted.

Although other provisions of the Act now place strong restrictions on other types of monitoring - such as surveillance of staff by CCTV, these regulations appear to mean that the vast majority of employers can continue with current monitoring techniques.

But for the employer there are two flies in the ointment.

Draft code concerns

The first is the draft code on the use of personal data in the workplace issued by the Data Protection Commissioner on 9 October.

The code, which is subject to a consultation exercise until January 2001, would ban such blanket snooping and is at odds with the RIP Act regulations that propose to allow employers "routine access" to staff e-mail and Internet communications.

The draft code raises concerns about the unnecessary monitoring of staff e-mail and casts doubt on whether a personal e-mail should ever be opened by an employer. In theory, employers who comply with the RIP regulations may still be in breach of this draft code and risk enforcement action.

Human Rights Act

The other uncertainty for employers is how any monitoring activity will be interpreted under the Human Rights Act, which enshrines a new right to privacy. This right can be qualified and employers may be able to justify interference where they can show that their activity is necessary to prevent disorder or to protect the rights of others.

For instance, an employer could attempt to argue that monitoring e-mails or Internet activities is necessary. This is to prevent the distribution of offensive material that has been downloaded from the Internet.

However, it remains unclear how this new right will be interpreted. Previous cases, such as the Halford case, which dealt with a gross abuse of personal privacy through phone tapping, do not give an accurate guide as to how "privacy" will be interpreted. This is in a workplace where employees are fully informed of monitoring activity.

Informing staff

What is clear from both the RIP regulations and the draft code is that employers are likely to fall foul of all this legislation.

If they do not act quickly to ensure that they have policies in place to govern monitoring of telephone and e-mail communication, they will fall foul of regulations. They must take steps to ensure staff are aware of the policy or, even better, obtain the express and implied consent of staff by including policies in contracts of employment.

Key points to cover:

  • Inform employees that use of e-mail, Internet, fax and telephone will be monitored and recorded by the employer for business purposes

  • Inform employees clearly under what circumstances private use of the telephone, e-mail and Internet is permitted and when it is not

  • Place relevant restrictions on downloading certain material from the Internet

  • Provide clear statements on the sanctions that will be imposed following any breach of policy

  • Make it clear that any monitoring is for business purposes only and that examination of personal e-mails will be kept to a minimum.

  • Susan.Fanning@DLAQ.com

  • Read more on IT risk management

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchCIO

    SearchSecurity

    SearchNetworking

    SearchDataCenter

    SearchDataManagement

    Close