e-HR and the law

Employers
are not prepared for the legal challenges posed by the growing use of
electronic communications in the workplace – and neither is the Government,
argues employment lawyer Olga Aikin

The
use of e-HR has grown fast, and the law is only just beginning to catch up.
Employers, including government departments, are beginning to realise that
e-mail may not always be an appropriate means of communication, and that
employees making personal use of e-mail or the internet can land themselves –
and their employers – in hot water.

HR
software systems make vast quantities of information available to employers
and, traditionally, many employers have assumed that so long as they do nothing
illegal, such information is theirs to utilise. But it is not – a point which
is brought home in the Information Commissioner’s Employment Code of Practice.

The
real difficulty facing empl-oyers is that they are required to change
established practice. The use of e-mail and the internet, including personal
use, had become well established long before they grasped that some degree of
control was essential.

However,
the general belief that employers can collect and use whatever information they
wish has always been groundless. The case of Campbell v Mirror Group Newspapers,
2002, EWHC 499 (QB) is simply the latest instance of the common law of
confidentiality protecting personal information.

Under
the Data Protection Act 1984, the case against British Gas – British Gas
Trading v the Data Protection Registrar, 1998, Annual Report of the Data
Protection Registrar – made it quite clear that information obtained for one
purpose (to supply gas) could not be used for another (to transfer to another
company to sell goods and services).

When
the Data Protection Act 1998 began to take effect on 1 March 2000, far greater
restrictions were placed on the collection and use of data.

This
latest change was ignored by many employers until the full implications began
to sink in when the Information Commissioner produced the first of a four-part
Employment Practices Data Protection Code.

The
code is not proposing anything new – it simply sets out how the commissioner
believes the Act impacts on employment data. To a considerable extent, the
commissioner’s hands are tied by the Act itself.

HR
software has many plusses – but one major minus. The code reminds employers of
their duty to hold personal information in a secure manner and to limit access
to those with a need to know. This is where software comes into its own,
allowing health, disciplinary and other confidential information to be blocked
or password-protected.

It
also provides an easy way of complying with the Data Protection Act requirement
not to keep information longer than needed, as it allows for automatic deletion
of material past its ‘need’ date. Finally, it makes it easy to produce an audit
trail – another recommendation in the code.

The
downside is that the Act limits the use of personal data to the purpose for
which it was collected, yet the very availability of large amounts of
information in an easily accessible form increases the likelihood that
different uses for the data will be found. When presented with a useful
information source, neither employers nor employees are accustomed to asking
why the information was originally collected and whether it can be used for a
new purpose.

Employers
should get their act together…

This
makes it an appropriate time to review the legal problems facing the use of
e-HR, e-mail, intranets and internet which pose six key problems for HR:


Personal use. Employees do not have an automatic right to use their employer’s
equipment, but, given that use is common and reasonable, it is generally
permitted. The Employment Practices Data Protection Code recommends that
conditions for use – and the effect of breach – are set out as a policy


Monitoring. If the communication is intercepted during transmission – and the
transmission of an e-mail is complete only when it has been opened – the
interception is subject to the Telecommunications (Lawful Business Practice)
(Interception of Communications) Regulations 2000 SI 2000/2699. These give wide
powers to employers to access without consent in order to ascertain facts,
whether the communication is business or private, whether regulatory
requirements are being met, whether the system is being misused, etc. However,
employers are required to take reasonable steps to inform both parties, and the
code insists the monitoring method should not be intrusive – traffic data
software that can identify unsuitable content should be used wherever possible


After opening. When an e-mail has been opened, the narrower provisions of the
Data Protection Act apply and, with some exceptions, consent is needed. The
consent of the employee concerned is relatively easy to obtain, but the consent
of the corresponding third party is a difficult question


Recruitment. The first part of the code deals with recruitment and warns
employers to ensure security for personal information – application forms, CVs,
health information and references received via e-mail or the internet. If
encryption cannot be used, there should be some other method of ensuring
security


Liability. Employers will pick up liability for defamatory or harassing
e-mails. The downloading of inappropriate material may also amount to
harassment of colleagues. Restrictions should be included in the policy,
together with the appropriateness of the use of e-mail. Because e-mail is not
secure, the Information Commissioner recommends it should not be used to send
sensitive personal information, health details or references, unless there is
adequate security


Deletion. It is difficult to ensure the complete deletion of e-mails, as
several companies have found to their cost. Advice on the retention and
deletion of e-mails should be provided

…and
so should the Government

The
Government itself does not seem to have its act together as far as electronic
communication is concerned, for all its fine words. Whenever new legislation is
planned, one would expect consideration to be given to the use of electronic
communication. But this is not happening.

Take
the current Employment Bill, for example. Employers have to provide employees
with ‘written’ particulars of employment and may refer them to another
‘document’.

Changes
have to be notified in ‘writing’ and the penalty for failing to do any of this
can be high – if an employee brings a statutory claim against their employer
(these are listed in Schedule 3 and include unfair dismissal, redundancy,
discrimination and breach of contract) and is successful, the amount of
compensation can be increased by up to 25 per cent. The claim does not have to
relate in any way to the written particulars.

The
Bill also provides for mandatory contractual dismissal, disciplinary and
grievance procedures. These require the employer and employee to give each
other notification in ‘writing’. Again, failure to do so has a serious
financial impact. In this instance there will be an increase (or in the case of
an employee a decrease) of 10 to 50 per cent in the compensation awarded.

Yet
the Employment Bill does not provide that e-mail may be used or that the
reference to another document can include a reference to a procedure in a
handbook or on an intranet. When Lord Wedderburn sought to amend the Bill to
allow the definition of ‘writing’ to include e-mail, Lord Falconer, on behalf
of the Government, refused to accept the amendment – but said ministers might
deal with this in the regulations implementing the Bill’s provisions.

It
is essential that they do. E-mail is becoming a normal means of communication
and this should be recognised in the law. If there is no clarification in the
regulations then all will depend on the tribunals. They may treat e-mail as
‘writing’ and even an intranet handbook as a ‘document’, but which employer
will want to take the risk?

Olga
Aikin, senior partner at The Aikin Driver Partnership, will be making the
keynote speech tomorrow (26 June) at the CIPD HR Software Show on the subject
of keeping e-HR within the law.

Online
Forum

Olga
Aiken will be leading an XpertHR online forum on the subject of keeping e-HR
within the law. Send your questions to her by e-mailing editorial@xperthr.co.uk

XpertHR
is the web-based information service for HR professionals, bringing together
IRS, Butterworths Tolley and Personnel Today.

Olga
Aikin is one of its employment law reference manual authors.

To
find out more call 01483 257775 or e-mail: xperthr@butterworths.com

Comments are closed.