The Information Commission ignored representations to make code simpler and
more concise for all to understand
The Information Commissioner has just completed a closed consultation
exercise on the draft code of practice on monitoring at work. The code includes
provisions for when employers can or cannot monitor employees’ phone calls,
e-mails and use of the internet.
The tone of the guidance is set by the examples of activities covered by the
code listed in its introduction. These are all concerned with monitoring staff
to detect negative behaviour, such as harassment, excessive private phone calls
and downloading of pornography.
The code does not refer to the need to monitor for good performance. It will
frustrate people management specialists unless it is significantly changed. It
is designed to give employers and staff guidance on the Data Protection Act
1998, but it fails to make clear what organisations have to do to comply with
the law and what is simply good practice.
The draft contains a long list of ‘benchmarks’, with accompanying notes
explaining how should they be followed. Assistant Information Commissioner
David Smith has explained that organisations will be required to abide by the
benchmarks to varying degrees.
So an organisation would have to adhere to one benchmark completely, while
only 20 per cent of another might be required. Clearly, this offers little help
to HR professionals struggling to ensure that their organisations are compliant
with the law.
One of the proposed benchmarks has caused particular consternation among
some practitioners. This states that employers should "inform the police
and seek their involvement should the seriousness of the situation warrant the
use of covert monitoring". It says covert monitoring should only take
place if criminal activity has been identified and the need for this has been
It is not a legal requirement to inform the police before covertly
monitoring staff, however. This is simply regarded as good practice.
Even as a good practice guideline, this seems unnecessarily bureaucratic.
The need to call the police will vary according to the individual
circumstances, and it would be wise for the Information Commissioner to redraft
this measure to be less prescriptive.
When it comes to staff use of the internet at work, the draft code states
that employers should specify clearly what material can be viewed by employees.
"A simple ban on ‘offensive material’ is unlikely to be sufficiently
clear," it claims.
But it then provides no guidance on what will suffice. Employers are facing
increasing problems with employees accessing inappropriate websites and they
need to be able to protect their staff from harassment. It is unfortunate the
code gives them no assistance in this area.
The CIPD has attended all the closed consultation meetings held by the
commissioner and consistently expressed the view – along with other
organisations – that the code would have been more influential if it was
simpler and more concise.
It is disappointing that the commissioner has not adhered to the laudable
principles for good regulation laid down by the Better Regulation Task Force.
These include a recommendation that new law should be a proportionate
response to the issue that it is designed to address, which is arguably not
true for the code.
The draft code on monitoring, which will be published in the next few
months, misses the opportunity to promote workable policies and practices on
the use of employee data. These should follow the principle that employers must
make clear to staff where they can have a reasonable expectation of privacy,
and this may not be violated unless justified by the risks posed to the
organisation or others.
By Diane Sinclair, lead adviser
on public policy at the CIPD