The Ketchup song: the law on e-mail monitoring

The demand from an associate at Baker & McKenzie that a £4 dry cleaning bill be settled by a secretary created a storm of negative publicity for the law firm. The e-mails were forwarded around the London office, were leaked and ended up travelling around the world.

The e-mail exchange happened on 25 May 2005. When contacted, a Baker & McKenzie spokesman stated: “We are unable to comment further due to the personal nature of the issue, and we are still dealing with it internally.”

The issue has not gone away, and for this reason has raised serious questions concerning the monitoring of e-mails in the workplace – how much and how extensive should that monitoring be?

When it comes to watching e-mail traffic, the law is clear. The Regulation of Investigatory Powers Act allows for “the monitoring or keeping a record of

  • (a) communications by means of which transactions are entered into in the course of a business; or
  • (b) other communications relating to that business or taking place in the course of its being carried on”.

These seem sensible measures, allowing the appropriate monitoring of e-mail and telephone traffic that may contain commercially sensitive data.

Personal impact

But what if the e-mail traffic in question happens to be personal, as it was in the case of the Baker & McKenzie exchange?

A personal exchange does not count as “communications relating to that business or taking place in the course of that business being carried on”, but in this case it could be argued that a personal exchange has had a deleterious effect on an organisation’s profile, is therefore commercially sensitive, and so falls within the ambit of the term “business”.

Is this reason enough for an organisation to screen all e-mails? Are we heading towards blanket surveillance of employee communications?

Ben Willmott, employee relations adviser at the Chartered Institute of Personnel and Development, thinks not. “Where employees feel that they are closely monitored they are more likely to have a negative attitude toward their employer and they are more likely to suffer from stress.

“This is a balancing act, where if employers are going to monitor employees they have to explain why. If there are restrictions, then the employees have to see the valid reason for it. Employers should also carry out an impact assessment to establish risk, and communicate that to their employees,” Willmott said.

Will there be changes in e-mail monitoring policy? None of the law firms contacted were planning immediate changes to their communications policy in light of this incident.

“I don’t think this will lead to changes,” said Willmott, “but it will emphasise that managers and staff are trained in policies on internet use and of electronic communications. This is something that the Information Commissioner advises – that line managers are aware of their data protection responsibilities.”

Comments are closed.