The public sector has come under pressure about the number of staff who download porn on work computers.
The Audit Commission survey of 400 public sector organisations, including NHS trusts, local authorities and police forces, found a 16% rise in cases of staff accessing pornography or other inappropriate material.
Porn now accounts for almost half (47 per cent) of all incidents of computer misuse and fraud detected in the public sector workplace. And the problem is not confined to state employers – it affects all businesses which give their workers computer access.
This is a big issue for several reasons. Once staff access such material, they may be tempted onto illegal areas, such as child pornography.
Employees who view porn at work in the same room as a colleague who finds it offensive may provide grounds for a sex discrimination complaint, and personal internet use is also a waste of employers’ money when it takes place when employees should be working.
The first essential step to control this is to make sure your company has a comprehensive policy on internet and e-mail use, which is well publicised. Staff should be required to sign a copy so that they cannot plead ignorance.
This policy should make the parameters of acceptable behaviour clear – it would not be fair to dismiss an employee for misuse of the system if it was not clear where the line would be drawn.
The disciplinary policy should reflect the provisions, stating that misuse of internet and email facilities will be a disciplinary matter and, where serious, may result in termination of employment without notice. Employers must then take care to follow the statutory dismissal procedures before dismissing on this ground.
Before monitoring what employees are doing on their computers, the company must take care to comply with the Data Protection Act. Businesses are not free simply to check on employee internet use, without first ensuring that they have complied with the Act.
The main considerations are:
- Is there a good business reason for monitoring?
- Has the company conducted an impact assessment to assess whether the proposed monitoring is an proportionate response to the problem?
- Employees must be informed of the extent of the monitoring and the purpose for it.
- Best practice indicates that companies should seek consent from employees to the monitoring.
The Information Commissioner’s Code of Practice on monitoring contains more information and can be accessed via the website at www.informationcommissioner.gov.uk
If companies do not take the basic steps to get this right, they risk complaints from staff about their handling of personal data. They could also run into difficulty when dismissing an employee for internet misuse – tribunals can penalise employers for unlawfully obtaining relevant evidence, for example, by ordering the employer to pay the employee’s legal costs.
Threre are companies which specialise in getting evidence from a computer which would be entirely outside the technical expertise of typical in-house IT departments.
And software solutions may be the best way to deal with internet misuse in practice. There are sophisticated programs designed to prevent employees accessing porn sites.
Jill Kelly is partner in the employment law team at Clarks, London & Reading