Hacked Off: Lawfully Monitoring Employee Email and Telephone Usage
Even when he played a British Prime Minister in Love Actually, it was hard to envisage the actor Hugh Grant ever appearing on Question Time. Yet just last week there he was, sitting next to Baroness Shirley Williams and fielding questions from David Dimbleby regarding the telephone hacking scandal that resulted in the closure of the News of the World.
The paper was owned by Rupert Murdoch’s News International, and there have been repeated calls for the resignation of the group’s Chief Executive, Rebekah Brooks. Mrs Brooks was editor of the News of the World at the time the telephone messages of 13 year old murder victim Milly Dowler were hacked and, in some cases, deleted.
It should be noted that there is a clear distinction between the illegal interception of private messages belonging to individuals and the checking of company emails and telephone usage by staff. Yet many employers are not sure what they can and cannot do in respect of investigating how their staff have used their emails and company phones.
Issues requiring such investigation may arise in any number of circumstances. There may be concerns about an employee looking at inappropriate websites or emails, or about the disclosure of confidential information such as customer lists to a competitor; perhaps an employee has been accused of making abusive calls to a customer or colleague, or is engaged in a dodgy deal.
An itemised phone bill may be sufficient for these purposes, but often employers will need to know the content of a voice message or an email to determine whether there has been any wrongdoing. So just how far can a company delve into its own emails and telephone messages without breaching their employees’ rights?
Some employers may believe simply that because the email systems and telephones belong to them, they can monitor their use freely. This is a potentially dangerous view, as there is a raft of relevant legislation that would need to be considered before taking such action. The main piece of legislation in this regard is the Data Protection Act 1998, although the Regulation of Investigatory Powers Act 2000 and the European Convention on Human Rights (ECHR) also play a potential part in determining what can and cannot be done.
There have been a number of cases considering the right to privacy at work. Article 8 of the ECHR (the right to respect for private and family life) has been cited in most cases in which emails or calls were monitored. Where there is a reasonable expectation of privacy, employers could be caught out. However, this right must also be balanced against the rights of others, including the employer and the employee’s colleagues. Protection from harassment or preventing illegal activity may therefore be relevant.
The Information Commissioner published the Employment Practices Data Protection Code to assist employers with complying with their obligations under the Data Protection Act 1998. This advises employers wishing to monitor emails and calls to conduct an impact assessment of the monitoring and ensure that it is proportionate. Employees subject to monitoring should be informed and the number of staff with access to the information obtained through monitoring limited. Such staff should also have received appropriate training, and the information should be stored securely.
Employers should consider whether there is a less intrusive way in which to achieve their intended purpose, but if monitoring is necessary this should be notified to the employee.
Employers who regularly monitor email and telephone activity could include an express term in employees’ contracts whereby the employee would provide their consent to the employer monitoring and recording their use of electronic communication systems. Alternatively, the employer could have a non-contractual policy regarding email and telephone use that would allow the company to monitor the use of those systems.
In either case, the employee would have been made aware of the fact that their usage of the communication systems was being monitored or recorded, and that the employer may therefore have access. The employer should specify their reasons for monitoring and not abuse their position to read personal correspondence that may reasonably be expected in the workplace.
Employers need to tread carefully when investigating or monitoring their employees’ communications, but by following the Information Commissioner’s advice it is lawful to review emails relating to the business or its policies. Hopefully the resulting revelations are not so newsworthy as to hit the tabloids.
14 July 2011 - This article was first published as part of our Employment Law Updates. To subscribe, please email firstname.lastname@example.org.
- STShampstead: Disclosure & Barring Service (which replaced Criminal Records Bureau at end of last year) is launching new Update Service on 17 June 2013.