Protecting staff privacy, or making firms more vulnerable – how will the Human Rights Act affect us?
Monitoring employees’ use of the Internet is always going to be a touchy subject and the furore surrounding the Regulation of Investigatory Powers Bill (RIP), which defines the processes by which the Government can monitor Internet activity, has brought the issue once again to the fore.
Many people feel that monitoring of any kind is an infringement of basic human rights, and after 2 October, they would be right. On that date, the Human Rights Act comes into force, and for the first time in the UK personal privacy will be enshrined in law.
For many employers this raises obvious legal implications regarding their right to continue monitoring activity – but should they be monitoring at all?
There are two basic business reasons for putting monitoring systems in place: productivity and liability. Most bosses don’t mind the occasional personal e-mail any more than they mind the occasional personal telephone call, but there are always culprits who take advantage of that trust and the resulting lost time can add up to a considerable expense.
Pornography also raises the issue of liability. Cases following the Computer Misuse Act have established that the company is responsible for any material on or leaving its systems. This means that the company is responsible for the pornography video stream that might be going around internally or even being e-mailed outside your firewall to another firm.
In the UK, companies have already been sued for six-figure sums for offensive material being e-mailed around the internal system. In order to prove that the individual who sent the material is not working on the company’s behalf the company must have a good Internet code of conduct written into employees’ contracts and a monitoring system in place to allow them to identify the culprit.
At the moment there is no legal reason why monitoring can’t take place – rather a legal responsibility that it should – but after October this will change.
Initially the Human Rights Act creates confusion because it has no grounding in case law. The spirit of the Act is that anything that is personal is private and therefore cannot be infringed upon, including personal e-mails. The problem is that existing case law still places the responsibility for employees’ activities on the employer and hence employers still have a need to monitor activities.
To maintain the right to monitor Internet activities, employers will be forced to ask employees to sign a contract stating that they will not use the company systems for any personal activity.
The problem comes in enforcing this clause. If an employer ignores the occasional innocuous personal e-mail then the “no personal use” clause appears to be invalid and any monitoring taking place is once again an infringement of personal rights.
So what is the answer? Will employees have to be fired after 2 October because they sent one e-mail to a friend or looked at Lastminute.com during a lunch break in contravention of the no personal use clause in the contract?
No cast iron answers exist, but employers and HR managers have three months to discuss their strategy – and the clock is ticking. Case law will eventually clarify the situation, but does your company want to be the case that clarifies the law?
netsiren is a data management and Internet security specialist, including Internet monitoring software