Employers should have an Acceptable use Policy (ASAP) in place that is made known to all their employees and they should be made aware that their computers and Internet activity are being monitored. Basically the law States that you can do whatever you want because the computers and the work done on them is your property. The following article appeared in the journal “Computer Law & Security Report”, Volt 19 No 5. The Information Commissioner published the final code of practice for the use of personal data obtained by employers as a result of monitoring at work the “Code”) on 1 1 June 2003.
This article reviews the Code and compares it to the earlier drafts published by the Data Protection Commissioner in October 2000 (the “EDP Draft Code”) and the Information Commissioner in July 2002 (the “ICC Draft Code”). The comparison will examine how in the field of data protection public policy resolves the corona tensions between upholding private rights and supporting commercial interests. The proportionality and lawfulness of any monitoring is therefore determined by the employer’s judgment of the benefits of any monitoring against the adverse impact of that monitoring.
The Code sets out factors that should be considered when assessing adverse impacts, which include consideration of the level Of intrusion into the private lives of the employees via interference with their private e-mails, telephone calls or other correspondence. In considering alternatives to monitoring the Code recommends use of targeted or automated monitoring to reduce intrusion to employees in the workplace. The Code calls for employers to come to “a conscious decision as to whether the current or proposed method of monitoring is justified”.
This can only be achieved after a proper examination of the adverse impact of any monitoring and consideration of all alternatives to it. If employers wish to monitor their workers, they should be clear about the purpose and satisfied that the particular monitoring arrangement is justified by real benefits that will be delivered. Workers should be aware of the nature, extent and reasons for any monitoring, unless (exceptionally) covert monitoring is justified. In any event, workers’ awareness will influence their expectations. The area of most controversy has been the monitoring of electronic communications of employees.
The Code recognizes this by setting out a number of data protection issues and points that should be incorporated into employers’ policies on the use of electronic communications. The Information Commissioner also includes under each guidance note in the Guidance a helpful list of key points and possible actions for employers to consider. The Guidance includes an explanation of the regulations made under the Regulation of Investigatory Powers Act 2000 that permit businesses in most cases to be able to intercept electronic communications (the “Lawful Business practice Regulations”).