E-mail monitoring: Are your systems legal?

Nearly half of UK big businesses could be breaking the law by “snooping” on e-mails, new research has revealed.

Nearly half of UK big businesses could be breaking the law by “snooping” on e-mails, new research has revealed.

More than 60% of businesses regularly audit their staff’s outbound e-mail, with 38% employing a “corporate snoop” to read e-mails, the survey of 112 e-mail managers found.

But many did not have adequate e-mail policies or policies were not effectively communicated to staff, the survey by messaging security firm Proofpoint discovered.

More than 80% of companies surveyed said they had either a simple or a detailed written policy covering the acceptable use of e-mail, with 56% providing formal training in e-mail security policies, and a third offering training about external regulations applying to e-mail use.

Mark Hughes, Proofpoint's EMEA managing director said this meant many firms were falling short in the information provided to staff. “It is legitimate for a company to monitor outbound e-mail but clandestine ‘Big Brother’ voyeurism is illegal,” he warned.

E-mail monitoring is covered by legislation including the Human Rights Act 1998, the Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000 and the Telecommunications Regulations 2000.

“If you don't make your staff fully aware of how and why you monitor their messages, you are snooping on them. About 44% of UK companies may be at risk because they are simply not doing a good enough job of telling their employees about their e-mail policies,” Hughes said.

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Read more on IT risk management