Tell staff about e-mail snooping or face court, new code warns

Employers could face legal action if they snoop on workers' e-mails and web browsing activities without warning them beforehand...

Employers could face legal action if they snoop on workers' e-mails and web browsing activities without warning them beforehand or explaining how the information collected will be used, under a code of practice on workplace monitoring published last week.

The code, issued by the information commissioner Richard Thomas after months of delays, requires employers to respect the privacy of staff at work and to ensure that any monitoring carried out is both legal and fair.

The guidelines have gone through several rewrites following objections from employers that previous versions were difficult to understand and placed too much emphasis on the rights of employees to keep their communications private.

"The new code gives a great deal more leeway. It is really helping employers by giving them guidance, but it is much less prescriptive than the previous approach. At the same time, it makes it absolutely clear you have to safeguard your employees' privacy," said Thomas.

The code effectively bans employers from secretly monitoring staff in all but the most exceptional circumstances, such as where there are strong grounds to believe that a crime has occurred.

Employers must also explain what monitoring is taking place, how it is being done and how the information gathered will be used, before any monitoring occurs, if they are to avoid the risk of being taken to employment tribunals by staff.

Companies must issue clear guidelines on what their staff can and cannot do at work, and they should specify, for example, what sort of web and e-mail contents would be seen as offensive when viewed at work.

The Confederation of British Industry welcomed the 42-page code, but said it did not go far enough to end the confusion faced by employers, who will also have to take steps to ensure they comply with separate Home Office regulations on communication interception.

David Roberts, chairman of the Corporate IT Forum, Tif, said it is essential for employers to monitor staff activities to ensure they remain within the law.

"It starts with something simple like booking a holiday and buying car insurance. Unfortunately, people get carried away and the job that was going to take a few minutes takes two hours. I don't think we have any choice but to do monitoring," he said.

The new snooping code at a glance

  • Carry out impact assessments before monitoring employees' use of the internet, e-mail, or telephone
  • Identify who in the organisation can authorise monitoring. Monitoring authorised by others, such as line managers, may breach the Data Protection Act
  • Inform staff that monitoring is taking place and explain the nature of the monitoring, its extent and the reasons for it
  • Avoid opening e-mails wherever possible, especially ones that are clearly private
  • Covert monitoring should only be used in exceptional circumstances, for example, where there is evidence that a crime has been committed.

Read more on IT risk management