solicitors law firm, London, UK
information technology solicitors

intellectual property law firm

digital media legal advice		 commercial solicitors and corporate lawyers

ecommerce legal advice, and Internet Lawyers

litigation solicitors and dispute resolution
telephone +44 (0)20 7278 1817 fax +44 (0)20 7278 1835
HOME | DIRECTORY | SEARCH
Solicitors: Technology & Internet
 
 

Technology &
Internet Law

Data Protection Principles and
Monitoring Electronic Communications –
Considerations for Acceptable Use Policies

An enforceable and sensible email and internet use policy requires that the demands of employers must be tempered with the rights granted to individuals and their personal rights to privacy granted under European Directive and brought into force in the UK.

Monitoring Employees

Employee monitoring may be considered more relevant to some businesses than others. In a highly digitised work environment information may be used and misused with onerous consequences for employers. It is important to understand the legal background to enable tailoring of particular dangers and risks for the particular business. Monitoring for the purposes of the health and safety of workers or the public, measuring efficiency of workers, monitoring addressees of emails sent by employees, conducted sensibly are legitimate goals.

Legislative Enactments and the Law

The rise of legislative influence from Brussels has resulted in the law being consolidated in three major enactments: Regulation of Investigatory Powers Act, Human Rights Act 1998 and Data Protection Act 1998.

This legislation forms the backdrop to an internet and email policy, which also needs to take account of employment law in the UK, and contract law in the case of independent consultants to businesses and play an important part in constructing a framework by which the interests of the employer is balanced with those of the employee, within a commercial context.

Monitoring Employees

Monitoring is a risky business and the headline theme to be drawn from the law is informed notice to those who may be monitored. Employees must have notice that they are or may be monitored intermittently. More specifically, the Regulation of Investigatory Powers Act and Human Rights Act 1998, both require the employer to tell the employee what they intend to track their online activity and furthermore, what they may do in tracking online activity.

There are several purposes for monitoring within the workplace; in order to see if these reasons are justified, the adverse effect of them must be taken into account. Acceptable objectives for monitoring include:

  • checking the quality and quantity of work being done to make business more efficient.
  • protecting business from potential legal action.
  • protection of employees and customers e.g. ensure that sale working practices are adopted.
  • Encouraging workers to treat customers’ personal information with respect and care.
  • Prevent illicit use of information by workers.
  • check compliance with legal requirements and company rules.
  • Avoidance of harassment within the workplace.

Instances of Monitoring include:

  • Gathering through point of sale terminals in order to check the efficiency of individuals e.g. supermarket check-out operators.
  • CCTV recording on premises to ensure that health and safety rules are being followed.
  • Checking email and voicemails to uncover any signs of malpractice.
  • Using automated checking software to check for inappropriate emails, website logs.
  • Recording phone-calls to and from call centres.
  • Monitoring telephone logs e.g. for premium numbers, excessive personal calls.

The adverse impacts of monitoring are:

  • intrusion into employee’s private lives, which may extend to the workplace.
  • undermines the relationship of mutual trust, respect and confidence between employers and employees.
  • sensitive information could be revealed; consider who is permitted to see such information e.g. disability/sickness records, racial origin/religious beliefs, trade union membership information or sexual preferences.
  • obligations of confidentiality may be compromised.
  • monitoring may be perceived as oppressive.

Alternative methods of achieving business objectives may be:

  • implementing new methods of supervision within the workplace.
  • working to achieve clearer communication between managers and staff.
  • monitor specific individuals instead of the entire workforce, i.e. are they deemed "high risk".
  • automated machine monitoring is less intrusive than an actual person doing it.
  • random spot-checks and audits might be fairer and less onerous on the workforce than constant monitoring.

Information Commissioner's Employment Practices Code

The Employment Practices Data Protection Code “Monitoring at Work” issued by the Information Commissioner, offers guidance to employers and sets out the scope of data protection issues in the workplace. The Code requires that an employer must carry out an ‘impact assessment’ before monitoring, as employees are entitled to a degree of privacy. An impact assessment involves identifying the benefits of monitoring, the potential adverse impact and the alternatives. Furthermore, the legal obligations of monitoring must be adhered to. Finally, in concluding whether such monitoring is justified, the advantages and disadvantages must be balanced, with emphasis on the need to be fair to individual employees’ right to privacy. The Code may be used as a reference point by the Commissioner in deciding whether a particular practice is contrary to the Data Protection Act.

Acknowledgement that monitoring takes place is ideally dealt with in contracts of employment.

Contents of the Policy

Absolute prohibitions in most cases will be appropriate to prevent employees inadvertently contracting over the Internet, or via email; banning of defamatory or obscene material; any illegal or criminal activity; and harassment and discrimination; and copying of third parties’ copyright material. Disclaimers with adequate coverage for the particular type of business may be appropriate, and inserted at the bottom of emails.

What To Do Now

It is important make it clear business objective and purposes for making Internet access and email available to staff. The purpose of the monitoring should be made clear, and a balance struck between the proposed measures the benefits to be obtained from the monitoring. It is usually cost effective to appoint a data protection officer to oversee and approve monitoring practises.

Employees should be informed of the nature extent and reason of the monitoring, unless secrecy of monitoring is justified in the circumstances.

There can be no blanket policy to cover all businesses; there must be consideration for everyone to do with the business, including freelance workers and consultants. Therefore, employers should refer to contracts of employment and prepare handbooks or content available over an intranet to ensure that their employees are on proper notice and reminded regularly of the monitoring practises implemented.

Back to Top

NEED TO KNOW MORE ?

For further information on data protection and implementing a compliant internet use and email policy, contact Maitland Kalton.  Should you prefer to telephone, call us on +44 (0)207 278 1817.

Kaltons Online Solicitors, 9 White Lion Street, London N1 9PD, UK. Telephone +44 (0)207 278 1817; Fax: +44 (0)207 278 1835.

© Kaltons Solicitors 2005.  All rights reserved.
uk, Solicitors London
  HomeLegal NoticesSitemapContact Us