Monitoring and surveillance policies
[ch 9: page 66]The ICO Code says that any employer planning to monitor electronic communications, such as phone, fax, email, voicemail and internet access must have a written policy, communicated to workers. It must be kept under review and reflect legal developments.
The ICO Code says any monitoring and surveillance policy should:
• clearly set out the rules for use of the employer’s electronic systems, specifying what private use is allowed (including when working from home) and what standards must be complied with;
• spell out any restrictions on internet access, including viewing and copying. A simple ban on “offensive material” is not enough. It is better to include examples of what the employer considers unacceptable;
• clearly explain the purpose (for example, to check security), extent and methods of any monitoring; and
• explain how the policy is enforced and what penalties are likely if rules are broken.
ICO, The Employment Practices Code (https://ico.org.uk/media/for-organisations/documents/1064/the_employment_practices_code.pdf)