![]() It is better to have a generous system, harshly policed than a harsh system that is badly enforced If you say you collect information for one purpose, do not use it for another So far as possible, without prejudice to the business, publicise the code to your staff Put the same person in charge of compliance as deals with undertaking the monitoringįormulate an assessment, and keep it in hard copy diarise to update it in 12 months time Make notes of where you can and where you cannot apply the code Read the code and ignore areas that do not apply to your particular organisation It may be virtually impossible to monitor business messages without inadvertently monitoring private messages.įurthermore, since the mail boxes of most of us are half full each day of spam proposals, it may well be quite impractical to set out a policy that provides the complete privacy to employee messages that the code apparently requires. This puts the business managers in a difficult situation. ![]() It may not be entitled to intercept, read or copy messages, which are not business, related, even if sent to a business mailbox. ![]() The business is entitled without question to access communications sent and received in the course of business. The difficulty with email monitoring is that most employees receive private messages to their business mailbox. The bottom line is that monitoring must be reasonably necessary, and wherever possible, transparent. The only practical way to ensure compliance is to appoint a suitable person to the role of monitoring officer with responsibility for both compliance with the code and employee understanding of the monitoring being undertaken. The assessment will reveal how far the actual monitoring is necessary and what safeguards, warning to staff and records might be appropriate. The recommended approach is that the employer should make an impact assessment, which will result in a document setting out the scope and effects of the monitoring carried out. Obtaining information through credit reference agencies to check that workers are not in financial difficulties Videoing workers outside the workplace, to collect evidence that they are not in fact sick Systematically checking logs of telephone numbers called to detect use of premium-rate lines Keeping recordings of telephone calls made to or from a call centre, either to listen to as part of workers training, or to simply to have a record to refer to in the event of a customer complaint about a worker Using automated checking software to collect information about workers, for example to find out whether particular workers are sending or receiving inappropriate e-mailsĮxamining logs of websites visited to check that individual workers are not downloading pornography Randomly opening individual workers' e-mails or listening to their voice-mails to look for evidence of malpractice Some of the issues addressed may arise only rarely - particularly for small businesses.Īreas covered by the code pertinent to Internet usage and email communications include: Not every aspect of the code will be relevant to every organisation - this will vary according to size and the nature of its business. It covers such issues as the obtaining of information about workers, the retention of records, access to records and disclosure of them. The code aims to strike a balance between the legitimate expectations of workers that personal information about them will be handled properly, and the legitimate interests of employers in deciding how best, within the law, to run their own businesses. We therefore recommend that you read it and comply. In any question of legal compliance, the code is likely to be taken as the model procedure. The code is not law, but if you comply with it, you can be reasonably sure that you are following the law. The code published by the Data Protection Registrar is intended to help you to comply with the DPA and to encourage you to adopt good practice. Your contracts of employment should include provision for irrevocable consent by your employees to process their personal data. Any sort of monitoring also constitutes processing of personal data under the Data Protection Act (DPA). If email is intercepted, then monitoring is covered by the Regulation of Investigatory Powers Act 2000 (RIPA). The TICR may authorise an interception of work email. ![]() The law relating to this subject is contained in the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (TICR).Īdditionally, the Data Protection Registrar has published a code of best practice in a booklet entitled The employment practices data protection code: part 3: monitoring at work that gives practical advice on monitoring Internet and e-mail use at work.
0 Comments
Leave a Reply. |