Monitoring and surveillance policies

[ch 9: page 66]

The ICO Code says that any employer planning to monitor electronic communications, such as phone, fax, email, voicemail and internet access must have a written policy, communicated to workers. It must be kept under review and reflect legal developments.


The ICO Code says any monitoring and surveillance policy should:


• clearly set out the rules for use of the employer’s electronic systems, specifying what private use is allowed (including when working from home) and what standards must be complied with;


• spell out any restrictions on internet access, including viewing and copying. A simple ban on “offensive material” is not enough. It is better to include examples of what the employer considers unacceptable;


• clearly explain the purpose (for example, to check security), extent and methods of any monitoring; and


• explain how the policy is enforced and what penalties are likely if rules are broken.