about support vit manager procurement consultancy
Home
News

February 2006

CAN EMPLOYER'S POLICE THEIR STAFF'S INTERNET ACTIVITIES?

David Bryce, IT Solutions Manager, at AcumenIT Consultancy Ltd warns of the dangers of policing employee's Internet activities...

Internet communication has changed dramatically in the years since e-mail was first used in 1972. From the early days of text only communication used primarily by academics and fanatics, its use has developed in recent years into a mainstream business tool and is regarded by many as more convenient than the more traditional means of communication. As technology develops users move on to bigger and better things - sending documents, voice, video and audio - in-fact anything digital.

No-longer limited to a small number of recipients, e-mail can now be sent to practically anyone including clients, colleagues, friends, family and, most disturbing for businesses, competitors. Unlike the formality usually associated with business letters, email tends to be more informal and the ability to instantly respond to a message can mean that users answer instinctively rather than with thought and consideration. The consequences of this can have potentially serious implications for companies. These can include liability for anything from breach of confidence, defamation, harassment or other offences.

Other Internet use related issues which should be addressed by all companies include preventing virus attacks, spyware infections, spam and phishing (The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information).

The major problem facing the modern business, however, is how to police their employees' internet activities thus limiting their liability without breaching any of the users' rights. Recent guidelines from the Information Commission surmise that covert monitoring of staff email and Internet use is likely to be illegal in most cases.

According to the Commission, "Covert monitoring of behaviour can only be justified in very limited circumstances, such as where being open with employees would be likely to prejudice the prevention or detection of crime or the apprehension or prosecution of offenders."

It is clear that covert monitoring is probably only legal if a specific criminal activity has been identified and then may only be used in obtaining evidence. It should also be noted that the monitoring cannot be indefinite.

Monitoring of communications is protected under the Regulation of Investigatory Powers Act, which makes it illegal for employers, and indeed law enforcement agencies, to intercept communications in the course of their transmission on a private telecommunications system unless strict conditions are met. It is allowed where all parties to the communication have consented to the interception or where it is taking place in the course of the employer's business.

So what steps can employers take to address these issue?

  • Firstly, employers should set out a clear policy for Web, telephone and Internet use, and inform staff of any monitoring, seeking legal advice where appropriate. They should not monitor the content of email messages unless it is clear the business purpose for which the monitoring is undertaken cannot be achieved by the use of a record of email traffic.
  • Wherever possible employers should restrict the monitoring of emails of specific employees to messages the employee has received and chosen to retain rather than delete. Emails that are clearly personal should not be opened.
  • Often companies negate to include the information required to be in any business communication from a company including company number, name and registered office. This should also be addressed in their usage policy.

When it comes to policies for Internet access, similar consideration should be used. According to the Commission. "Wherever possible policy should be designed to prevent rather than to detect misuse." So if monitoring is justified to protect the employer from criminal responsibility for acts such as downloading of pornography, music or movies, they will initially need some evidence that such activity is actually taking place.

The laws surrounding Internet communications can be somewhat confusing. However, employers should take the necessary precautions and put in place clear policies to minimise the risks. Please seek legal advice from the appropriate legal professional when implementing any policies and procedures.

David Bryce of AcumenIT Consultancy Ltd can be contacted on 01224 573904 or for more information visit the web site at www.acumen.info.

 
Companies in the Acumen Group include Acumen Accountants and Advisors Limited, Acumen Financial Planning Limited and Acumen IT Consultancy Limited. Acumen Financial Planning Limited are authorised and regulated by the Financial Services Authority. Acumen Accountants and Advisors Limited are registered to carry out audit work and are regulated for a range of investment business activities by the Association of Chartered Certified Accountants but are not authorised and regulated by the Financial Services Authority. Acumen Financial Planning Limited, Registered in Scotland number 215343, VAT Number 894 6221 94. Acumen Accountants and Advisors Limited, Registered in Scotland number 153885, VAT Number 894 6221 94. Acumen IT Consultancy Limited, Registered in Scotland number 284749, VAT Number 859 474862. Acumen Holdings (Aberdeen) Limited, Registered in Scotland number 215503, VAT Number 894 6221 94. Registered office, Commercial House, 2 Rubislaw Terrace, Aberdeen, AB10 1XE.