Monitoring staff: What the latest code of practice means

Monitoring staff: What the latest code of practice means

Summary: The Information Commissioner has published a code of practice laying out guidelines for companies who monitor employees at work. What action should you take?

SHARE:
TOPICS: Tech Industry
1
Part 3 of the Employment Practices Code entitled Monitoring at Work was issued on 11 June. Businesses need to review their communications policies and ensure their workers are reminded regularly of any restrictions on personal use of communications in the workplace. They also need to consider capability of IT systems' compliance with the Code when purchasing and implementing such systems. Failure to follow the code may lead to enforcement action by the Information Commissioner and the need for IT system changes. What action should businesses take?
Workers must be made aware of the nature, extent and purposes of any monitoring. One of the code's seven good practice recommendations is devoted to e-communications (which includes telephone (including mobile), fax, email and voicemail communications and internet access). Key practical points to note include the following:
  • Employers should "establish, document and communicate" a policy on e-communications to ensure workers are made aware of the policy. Existing policies should be reviewed to ensure they reflect data protection requirements -- the new Code makes it clear that a simple warning that "emails may be monitored" may not be sufficient; and
  • Employees should be made aware (and reminded regularly) of the policy on monitoring and of their own role in data protection compliance, and the possible consequences of breaching the Data Protection Act 1998 ("the Act");
In addition to carrying out impact assessments for each form of monitoring, employers are encouraged to consider:
  • Limiting e-communications monitoring to that necessary to protect against security breaches, e.g. viruses (and using automated monitoring systems where possible);
  • Informing workers of retention periods for emails and Internet usage, and checking that they are aware of them;
  • Encouraging workers and their correspondents to identify personal emails as such and using recorded messages to make external callers aware of potential monitoring;
  • Confining email monitoring to traffic data (addresses and headings) except where access to the content of the email is essential; and
  • Monitoring Web activity on an aggregated (e.g. departmental ) basis where possible.

Topic: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • I have just been threatened with losing my job - when one my bosses started reading my email and found an email from a client suggesting I might join their company and read my response saying I would consider it for the future. We have no disclaimers and I was not told my email was being monitored. Do I have any come back or rights, as I am now in fear of my job - I have one month to prove my loyalty before I loose my job
    anonymous