The monitoring of e-mails and telephone calls at work is a hot topic. The bringing into UK law on 2 October 2000 of The Human Rights Act 1998 and the Regulation of Investigatory Powers Act 2000 has, among other things, greatly boosted individuals’ rights to privacy.
For this reason, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, which came into effect on 24 October 2000, have been introduced, allowing employers lawfully to intercept e-mail and telephone communications of their workers without consent. All employers should be looking carefully at these regulations and taking action on them – see below.
The new regulations
The new regulations set out the circumstances whereby employers may intercept communications without the consent of their workers – and, indeed, even if they have specifically objected (provided that the data protection principles are upheld).
The monitoring and/or recording of communications without consent by employers can be done in the following circumstances:
- To establish the existence of facts relevant to the business
- To ensure compliance with regulatory or self-regulatory practices or procedures relevant to the business
- To ensure certain standards which ought to be achieved by workers are being met
- To prevent or detect crime, fraud or corruption
- To investigate or detect the unauthorised use of the telephone or e-mail system (eg, in breach of company rules or policies) and
- To ensure the effective operation of systems, including monitoring for viruses and other threats.
Monitoring, but not recording, is also allowed without the workers’ consent if they are for either of two further purposes – to ensure that communications are relevant to the business and to monitor communications to confidential anonymous counselling or support help lines.
Such monitoring and/or recording will, however, only be lawful if the employer has made all reasonable efforts to inform every person who may use the system that such interception may take place. All employers should now consider how this warning should be given. Technically, both internal and external users should be informed.
While a general hard copy or e-mail message to all users, coupled with a statement attached to all outgoing e-mails, might be enough for most e-mail users, it is more difficult to see how external people initiating e-mail correspondence can be informed. Similarly, while all internal users of the phone system can be informed of the potential monitoring or recording of phone calls, external users of the telephone system will be difficult to inform.
It is perhaps best to follow industry practice as it develops to be able to show that all reasonable efforts to inform have been made.
