Even when he played a British Prime Minister in Love Actually, it was hard to envisage the actor Hugh Grant ever appearing on Question Time. Yet just last week there he was, sitting next to Baroness Shirley Williams and fielding questions from David Dimbleby regarding the telephone hacking scandal that resulted in the closure of the News of the World.

The paper was owned by Rupert Murdoch’s News International, and there have been repeated calls for the resignation of the group’s Chief Executive, Rebekah Brooks. Mrs Brooks was editor of the News of the World at the time the telephone messages of 13 year old murder victim Milly Dowler were hacked and, in some cases, deleted.

It should be noted that there is a clear distinction between the illegal interception of private messages belonging to individuals and the checking of company emails and telephone usage by staff. Yet many employers are not sure what they can and cannot do in respect of investigating how their staff have used their emails and company phones.

Issues requiring such investigation may arise in any number of circumstances. There may be concerns about an employee looking at inappropriate websites or emails, or about the disclosure of confidential information such as customer lists to a competitor; perhaps an employee has been accused of making abusive calls to a customer or colleague, or is engaged in a dodgy deal.

An itemised phone bill may be sufficient for these purposes, but often employers will need to know the content of a voice message or an email to determine whether there has been any wrongdoing. So just how far can a company delve into its own emails and telephone messages without breaching their employees’ rights?

Some employers may believe simply that because the email systems and telephones belong to them, they can monitor their use freely. This is a potentially dangerous view, as there is a raft of relevant legislation that would need to be considered before taking such action. The main piece of legislation in this regard is the Data Protection Act 1998, although the Regulation of Investigatory Powers Act 2000 and the European Convention on Human Rights (ECHR) also play a potential part in determining what can and cannot be done.

There have been a number of cases considering the right to privacy at work. Article 8 of the ECHR (the right to respect for private and family life) has been cited in most cases in which emails or calls were monitored. Where there is a reasonable expectation of privacy, employers could be caught out. However, this right must also be balanced against the rights of others, including the employer and the employee’s colleagues. Protection from harassment or preventing illegal activity may therefore be relevant.

The Information Commissioner published the Employment Practices Data Protection Code to assist employers with complying with their obligations under the Data Protection Act 1998. This advises employers wishing to monitor emails and calls to conduct an impact assessment of the monitoring and ensure that it is proportionate. Employees subject to monitoring should be informed and the number of staff with access to the information obtained through monitoring limited. Such staff should also have received appropriate training, and the information should be stored securely.