This policy is designed to combat the loss of productivity and expense incurred where e-mail or the internet is potentially misused. It complies with the following:
- Data Protection Act 1998
- The Employment Practices Data Protection Code: Part 3 Monitoring at work
- Regulation of Investigatory Powers Act 2000
- Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (‘TICR’)
In clause 1.4 it is suggested that a senior member of the management team is appointed with overall responsibility for the policy and implications. This person would also authorise monitoring of individual employees.
2. THE POLICY
There are two approaches outlined in this section of the policy. The first is a complete ban on use of internet and e-mail for personal use which is preferable but may be impractical. One way of managing this in the work place is to have a designated workstation for personal use only which can be booked. This allows a greater level of control. The second approach is to allow but strictly control a degree of personal use.
It is important to link this policy with any existing policies regarding harassment and equal opportunities.
5. MONITORING OF E-MAIL AND INTERNET USAGE
A clear policy statement should avoid the need for monitoring. Monitoring of an employee’s e-mails etc is a complex area of the law and is only recommended if strictly necessary.
It is imperative to comply with the above that any monitoring of e-mail is balance against an individual’s right to privacy. In order to assess this the Code suggests an impact assessment is carried out prior to any monitoring taking place to assess whether it is appropriate. It can be formal or informal.
You will need to:
- Identify the purpose behind the monitoring
- Identify any adverse impact
- Consider and implement alternatives, where practical. This could include training and ensuring clear communication on what is or isn’t acceptable
- Any adverse impact on an employee’s right to privacy must be proportionately justified by the benefits of monitoring to the employer and others.
Covert monitoring is governed by TICR and should only be undertaken in accordance with its provisions. We have summarised those areas where covert monitoring may be permissible in the second set of bullet points at clause 5.4.
It is advised that one person in the organisation should be nominated as having overall responsibility for the policy and its implications.
Anyone carrying out monitoring needs to have read and understood a copy of the DPA and Code.
Any information gathered through monitoring should only be used for the purpose it is gathered and only for so long as strictly necessary.
Employees have the right to privacy in respect of their personal communications and where possible all personal communications should be excluded from monitoring.