Employees should be able to carry out their work without fear that their actions are scrutinised at every turn. An effective business needs for there to be mutual trust and confidence between the employer and each employee.
Under the Human Rights Act 1998, employees have a right to privacy and perhaps a right to object to carrying out a task if privacy was not ensured.
The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (the Regulations) give businesses the right to monitor communications on their own networks. Previously such interception would have been unlawful unless consent had been given by both the sender and the recipient. Separate law, the Investigatory Powers Act, covers investigation by law enforcement.
The Regulations became effective on 24th October 2000, implementing Article 5 of the EU Telecoms Privacy Directive. Under that directive, businesses in EU member states may legally record communications on private networks that occur as part of lawful business practice, and for the certain purposes.
Interception is lawful for the purposes of monitoring or recording, if doing so:
- allows the business to comply with other regulation
- establishes the existence of facts
- acts as a means of verification that the person being monitored is performing his or her work to standards
- is in the interests of UK security
- may prevent or detect criminal activity
- ensures the communication system operates effectively
- allows the business to detect unauthorised use of the system
The Data Protection Commissioner has published an Employers' Code of Practice that sets out how employers should monitor employee activities, such as use of e-mail, telephone and Internet. Despite the permissible interceptions, the Code states that employees (but not necessarily correspondents) should be notified that communications might be intercepted.
One of the criticisms of the Regulations regards outsourcing. While certain service industries may permissibly intercept communications in order to comply with regulation, service providers to those industries who are not regulated, may not intercept the same communications. That places a regulatory burden on some providers.
The Data Protection Act 1998 is likely to govern information obtained through monitoring. There are particular rules around the use and storage of sensitive personal data, that must be followed, but which are difficult to keep private. In other words, if sensitive employee data is collected (such as relating to medical issues), the employee might have to be told that the employer knows.
Employees in the UK spend longer hours at their workplace, and mix both work and domestic tasks together during the day, for example, ordering shopping online during a lunch break. There are increasing numbers of forms of communication as well, from telephone conversations, to e-mail, to instant messaging that occur over many different types of device. Employers need to be sensitive to their employees’ need for privacy if they are to maintain levels of productivity and morale.