Data chief responds to concerns on privacy at work guidance
Revised code will clarify confusion on RIP regulations
The Information Commission has promised to clarify contradictions between
regulations on e-mail monitoring and the draft Data Protection Code in the
final version of the code.
Assistant data protection commissioner David Smith told delegates that the code
would include "seamless guidance" on e-mail monitoring, linking the
Data Protection Act to regulations launched last October.
At the same time, the Information Commission and legal experts said the
scope of the Regulation of Investigatory Powers Act was likely to be limited as
it only covers communications that have been intercepted before the receiver
has access to the contents and so does not include stored e-mails.
Employers greeted the RIP regulations as a green light to monitor staff
e-mails when brought in last October.
However, Smith said the regulations do not simply authorise employers to
monitor staff e-mails where there is a business case for doing so, and that
companies should follow the guidelines in the draft code.
Employers are disappointed that the draft Data Protection Code’s bias
against business on staff monitoring will not be changed when it is released
later this year.
Information Commissioner Elizabeth France told a special conference last
week that she would simplify the code and make it more understandable to
business.
But France argued that she could not dilute the guidance. "What we’re
trying to do is to tell you what we think the law requires. The law is already
there," she told delegates.
Employers will still have to prove a strong business case for monitoring
employee’s e-mail and Internet use, despite the outcry from employers when the
draft code was published last October.
Vivian Bowern, chairman of the CBI’s data protection working group, said,
"This was the first opportunity to hear how the commission had reacted to
the consultation exercise, and there was not a great deal of evidence of an
acknowledgement of the key point of a lack of balance (between employers and
employees)."
Senior business figures heard that HR managers in large organisations would
have the chief responsibility for implementing the code.
"If the code does not make sense and is not understandable by HR
managers then it has not done its job," said David Smith, Assistant
Information Commissioner.
The CIPD will be among a select group of bodies that will be consulted
before the code is released in five parts this year.
The first, dealing with recruitment, will be released in the autumn, and the
final section, monitoring at work, will be out at the end of this year.
By Paul Nelson
Feedback from the profession
Does the code go far enough?
Timothy Baker
Director, London Investment Banking Association
"Look at the employer’s obligations to the workforce. Monitoring can
help the process of trust and mutual confidence between employers and employees."
Debbie Vick
Employee relations officer, CIS
"We’re pretty much doing what we’re required to do. Because we’ve got
compliance issues and our organisation is looking at data protection, a lot of
issues have been addressed."
Steven Holosi
Compensation and policies manager, Argos
"I am encouraged by the commitment to give guidance in a simpler format
and delighted that the code will be drafted with HR managers in mind as that is
where the legislation burden stops."
Norman Green
Chair, Data Protection Committee of the British Computer Society
"I am happier after hearing Smith’s speech, as the draft code lacked
explanation. The separation of good practice and law is a good move."
Vivian Bowern
Chairman, CBI’s data protection working group
"The collection of e-mails is part of the record of the business and it
is necessary to other employees to have access to conduct the business."