Internet and email monitoring

[ch 9: pages 68-69]

The ICO Code says an employer that is considering monitoring emails and internet access should:


• conduct a privacy impact assessment to decide whether the benefits to the employer outweigh the privacy intrusion (see page 65);


• inform workers of the nature and extent of any monitoring;


• avoid opening emails, especially when clearly marked private or personal. Any email monitoring should be confined to the address/heading unless it is essential for a valid reason to read the content. Personal email accounts should only be monitored in “exceptional circumstances”, for example, suspected criminal activity;


• inform those sending and receiving emails of the monitoring and its purpose;


• pre-warn workers if their emails are to be checked in their absence, for example when off sick or on holiday; and


• make sure workers know how much information about their internet access and emails is retained in the employer’s system and for how long.


The employer must not break any of the laws on email monitoring set out on pages 67 - 68.