LRD guides and handbook November 2015

Monitoring and surveillance at work - a practical guide for trade union reps

Chapter 6

6. Monitoring electronic communications


[ch 6: pages 49-50]

Employers are under no legal obligation to allow workers to use work phones, email or internet for personal reasons. 


However, because the Human Rights Act 1998 extends to the workplace, workers have the right to a “reasonable” amount of personal correspondence and calls during work time (relating to the right to respect for your private and family life, home and correspondence). This does not mean workers have the legal right to use the work phone, email or internet for personal reasons, but there must be access to some private communication system. Further discussion of the law relating to email and telephone usage can be found in Chapter 7.


Employers also have the right to monitor internet and email use, though in order to comply with data protection law, they need to tell their employees that they are doing so, and explain the reasons. 


The ICO Employment Practices Code states that employers should set out clearly to employees “the circumstances in which they may or may not use the employer’s telephone systems (including mobile phones), the email system and internet access for private communications,” making clear any restrictions, and for internet use, what type of material is out of bounds. 


The Code states that a simple ban on “offensive material” being accessed online is “unlikely to be sufficiently clear for people to know what is and is not allowed”, so examples should be given. 


Employees should be made aware of the extent of any monitoring. The Code suggests that the employer should consider, preferably using a privacy impact assessment (PIA) (see page 83), “whether any monitoring of electronic communications can be limited to that necessary to ensure the security of the system and whether it can be automated.” Automated systems that look out for viruses and so on “may be less intrusive than monitoring of communications to or from workers.”


Similarly, if telephone calls or voicemails are to be monitored, the employer should consider, preferably using a PIA, whether the benefits justify the adverse impact. 


In addition, the Code recommends that email monitoring be “confined to addresses/heading unless it is essential for a valid and defined reason to examine content.” If emails need to be checked by the employer when the employee is away from work, the employer should make sure the employee knows this will happen and take care not to access communications that are clearly not work-related.


Clear rules should also be set down for private use of the employers’ communications equipment when used away from the workplace. 


TUC guidance


The TUC guide Privacy at work states, “good employers trust staff with some private use of the phone, internet and email as long as this does not interfere with their work.” 


It states that the employer should make clear to staff any plans to monitor email or internet use, and the reasons for doing so, in compliance with the Data Protection Act 1998. Unions should be consulted on these plans. A workplace policy should also do the following:


• set out clearly the circumstances in which workers may or may not make private use of work phone systems (including mobile phones), email and the internet, and the extent and type of private use allowed; 


• specify clearly any restrictions on web material that can be viewed or copied. A simple ban on “offensive material” is unlikely to be sufficiently clear for workers to know what is and is not allowed. Employers should at least give examples of the sort of material that is considered offensive, such as material containing racist language or images of nudity;


• lay down clear rules regarding personal use of communication equipment when accessed from home, for example, facilities that enable external dialling into a company network; 


• explain the purposes of any monitoring, its extent and the means used; and 


• outline how the policy is enforced and the penalties for breaching it.


TUC, Worksmart, Privacy at work, www.tuc.org.uk/sites/default/files/tuc/privacyatwork.pdf