5. Negotiating a workplace policy

Employment advice organisation Acas has produced a guide on internet and email policies, downloadable from its website at: www.acas.org.uk/CHttpHandler.ashx?id=3182&p=0.

The guide recommends that employers set out clear rules for the use of organisational equipment and any limits on that use, spelling out any monitoring that might be carried out and its justification.

The vast majority of reps in LRD’s most recent survey reported that their employer already has a policy in place, although pockets remain where reps report no policy. This might, however, reflect a failure to publicise the policy adequately or to carry out training, rather than the complete absence of a policy.

Acas recommends that policies are drawn up in consultation with trade unions if recognised, as well as management and contractor representatives to “help provide authority and legitimacy”. Reps responding to our survey reported that most policies had been drawn up with union involvement. A small number of reps reported reaching a negotiated agreement, but most union involvement was at the level of consultation only. The majority of respondents believed they had positively influenced the final outcome. Around a quarter of policies were reported to have been generated without union involvement. Several reps reported having succeeded in watering down particularly draconian aspects of a policy. Typically this resulted, for example, from employers recognising on reflection that they were never likely to use a particular technological feature in practice.

Having a policy is just the first step. More importantly, it must be effectively and regularly communicated, combined with appropriate induction and training. Our survey disclosed concerns about management failure to communicate policy. Because of the risks to their members, many reps remind members from time to time about the need to be vigilant to follow the policy, even though this is management’s responsibility.

Although most reps report being involved at some level in the initial policy creation, they are rarely consulted over day-to-day implementation. Several reps commented that policy wording, for example, the concept of “reasonable use” in connection with internet use, is vague and unhelpful. As always, lack of clear criteria can result in managerial favouritism and inconsistent treatment, and the TUC argues persuasively that it is unfair for employers to take tough action against employees unless what amounts to unacceptable use is spelled out.

Email and internet use

Even if there is an informal understanding in a workplace on employee use of email and the internet, a policy is advisable to protect workers by ensuring they are clear on what they can or cannot do. There also needs to be clear understanding of employer responsibilities, to avoid covert spying and other activities that may breach the Data Protection Act (DPA) (see Chapter 3).

Acas guidance on email policies recommends that all workers understand that:

• emails are not an informal communication tool, but have the same authority as any other communication to and from the organisation;

• external emails should have disclaimers attached;

• emails should be regarded as published information;

• emails are not confidential and can be read by anyone given sufficient levels of expertise;

• binding contracts may be inadvertently created;

• defamation of colleagues or other parties (deliberate or otherwise) may occur;

• appropriate language and etiquette should be used. Abrupt, inappropriate and unthinking use of language can lead to a bullying tone and possible offence to others, even harassment. For example, use of capital letters is often interpreted as shouting; and

• consider whether a phone call may be a better way of discussing a complex or confidential matter.

A policy should indicate:

• how much personal use of emails can be made, if any;

• confidentiality issues, for example, “trade secrets”, and access to organisational information;

• good housekeeping practices, including locking keyboards and password security; and

• that inappropriate messages should be prohibited, for instance any that might cause offence or harassment on grounds of age, gender or gender reassignment, ethnicity, disability, religion or sexual orientation.

An organisation may allow full personal use of email, or limited use (for example, lunchtimes and rest breaks only), or prohibit any personal use (although the Human Rights Act 1998 suggests that employers should provide some private communication system for workers). Reps report a range of standards, often depending on the nature of the work setting, some allowing full personal use and others more restrictive. One rep in our recent survey noted: “The policy is draconian in that everything is a gross misconduct offence. Even something as simple as emailing home needs permission”.

A 2011 research paper commissioned by Acas and produced by the Institute for Employment Studies, Workplaces and social networking: the implications for employment relations, has produced a range of useful illustrations. For example, BT has a policy of making internet access (including social networking sites) available to all staff during working time. It is limited to “acceptable use”, but this is a reference to the type of sites employees can access, rather than time spent on the internet. BT’s own research on internet use in working time found low staff usage. For some call-centre workers BT provides cyber-cafes for use during breaks, rather than allowing access to the internet for non-work purposes from the work station.

In any event, the HSE advises office-based workers to be aware of risks such as repetitive strain injury and to consider using their rest breaks to engage in non-keyboard based activity. See the HSE’s Guidance on display screen equipment. Further guidance on RSI can be found on the TUC Worksmart website at: www.worksmart.org.uk/health/RSI.

At Acas itself, internet access, including access to social networking sites, is provided to all staff and apart from gambling and porn, websites are not blocked. Personal use (including accessing social networking sites) during normal working hours must not be “excessive”. By contrast, personal use for staff at HM Revenue and Customs is limited to employees’ own time, i.e. breaks.

If personal use is allowed, staff should be warned of the possibility of importing viruses into the system and what action to take if, for instance, an email has a suspect attachment, or they are sent a “chain” letter. The organisation should have a nominated person, usually in computer support or personnel/human resources, who can advise on security issues.

Breaches of the policy should be dealt with as any other breach of the rules, possibly leading to disciplinary action as set out in the organisation’s disciplinary and grievance procedures. Some of the relevant recent case law is examined in Chapter 4.

In its own guidance, Acas highlights the following common features in internet policies:

• prohibition of deliberate accessing of offensive, obscene or indecent material from the internet, such as pornography, racist or sexist material, violent images, incitement to criminal behaviour and so on;

• informing staff that copyright, licensing and other legal restrictions might apply to downloaded and forwarded material, whether internet or email, unauthorised software, games, magazine disc items and so on. Viruses are often spread through downloading files and programmes from external sources;

• spelling out what monitoring, if any, will be carried out by the organisation and for what purpose; and

• explaining what might happen if a breach of the policy occurs. One rep told LRD how the policy at their workplace allows for counselling to be offered in the first instance for employees making excessive use of the internet.

Monitoring

The Acas guidance recommends that the first step, when developing any workplace privacy policy, should be to decide in consultation with workers, whether to monitor and if so, what should be monitored. All organisations are likely to install anti-virus software to protect their systems, but there are many other forms of software available which can be used for automatic blocking and monitoring of flow and content of communications, such as:

• blocking access to specific internet sites, particularly those that might contain offensive sexual, racist or violent images;

• monitoring emails, by content, size of attachments or graphic/animation files; and

• monitoring large scale circulation of emails which might impair system effectiveness.

Acas warns that any monitoring of email message content must be considered carefully, as it is intrusive and may be interpreted as a lack of trust in staff. There must be proper procedures in place for monitoring and maintaining confidentiality by those carrying out any monitoring.

The TUC recommends that the following should be included in an electronic communications policy, as a minimum, to satisfy data protection requirements (see Chapter 3):

• set out clearly the circumstances in which workers may or may not make private use of work phone systems (including mobile phones), email and the internet;

• spell out the extent and type of private use that is allowed, for example any restrictions on overseas phone calls, or limits on the size or type of email attachments;

• specify clearly any restrictions on web material that can be viewed or copied. A simple ban on “offensive material” is unlikely to be sufficiently clear for workers to know what is and is not allowed. Employers should at least give examples of the sort of material that is considered offensive, such as material containing racist language or images of nudity;

• lay down clear rules regarding personal use of communication equipment when accessed from home, for example, facilities that enable external dialling into a company network;

• explain the purposes of any monitoring, its extent and the means used; and

• outline how the policy is enforced and the penalties for breaching it.

The existence and content of the policy must be communicated clearly to staff, who should be able to access it easily.

Unions should ensure employers clarify their policy on telephone and email use, specifying if communications are monitored when employees are absent and if so, who will have access to them and how personal communications will be treated.

The policy should also state whether employees are entitled to use the internet to access personal email accounts and whether they should use a land line or mobile for personal calls. They should be able to receive emergency calls on one of the two.

Reps can request that employees are provided with “personal email” templates that will identify any personal emails being sent or received. An employer should respect personal communication and endeavour not to read or monitor these (see relevant law in Chapter 3).

Clarify who has access to data logs produced as a result of monitoring. Note the requirements of the DPA Code of Practice. Several reps recommended a policy that prevents line managers having the right to fish generally for information about internet usage but instead requires a specific request grounded in reasonable suspicion. Another reported how “if the clocking in or headcount computer has to be accessed, a rep must be asked first”.

Social networking and blogging

The TUC recommends employers negotiate a reasonable conduct policy with reps, making it clear what is expected of employees in their private lives, both on and offline.

“[Employers]…wouldn’t follow a worker down the pub to check on what they said to their friends about their day at work. Just because they can now do something akin to this online, certainly doesn’t mean they should…Everyone has a bad day at work from time to time for example, and employers should not be over-concerned if someone occasionally shares that with their friends”.

The 2011 research paper commissioned by Acas, Workplaces and social networking, produces some helpful guidance and recommendations, endorsing the TUC’s suggestion that what is needed is a dose of common sense. The TUC recommends that employers work in partnership with staff to develop workable conduct policies and ensure these are well communicated to everyone working for them. In addition, members should “ensure that they know what the employer’s policy is and be aware that managers and colleagues may see the information they post on these sites.”