Current Size: 100%
I'm concerned about email and web usage monitoring at my workplace. What should I do?
Because the Human Rights Act 1998 extends to the workplace, you have the right to a reasonable amount of personal correspondence and phone calls during work time. This does not mean that you have the legal right to use the work phone, email or internet for personal reasons, but you should be able to access some private communication system. Good employers will trust their staff to make reasonable private use of these facilities, as long as that use does not interfere with work or bring the business into disrepute.
If your employer is going to monitor your email and web use, you should be clearly informed of this and of the reasons for such monitoring. This is normally done through a policy or the employment contract.
The Regulation of Investigatory Powers Act 2000 prohibits the intentional “interception” of emails without lawful authority. It bans an employer from deliberately reading the content of emails that are obviously private, even if sent using the employer’s email system, unless there is an exceptional reason (e.g. to investigate a suspected crime).
However, the Act does not usually apply to communications on the intranet – in other words, internal communications that are not connected to the public email or phone system.
In addition, employers can get around the prohibition on reading emails by obtaining workers’ clear explicit consent through a written term in the employment contract.
In January 2016, the European Court of Human Rights said that an employer that read a worker’s Yahoo Messenger personal messages sent to his girlfriend and his brother using the employer’s IT system while he was at work did not infringe the worker’s human right to privacy. The employer had imposed a blanket ban on all personal use of the firm’s IT systems at work, and the court ruled that it was not unreasonable for the employer to check the messages on a device which it owned, to make sure the employee was working during working hours.
This harsh ruling underlines how important it is to know what rules are in place where you work, and to follow them even if they seem unreasonable.
Many employers use automated systems to identify unacceptable web usage, flagging up access to websites which are either on a 'banned' list, or judged by an automatic system to be a risk. Make sure you've read and understood your employer's policy on email and web use. Your workplace union rep, if you have one, may be able to explain the employer's policy to you.
Your employer should have a policy in place clearly setting out what is and isn’t allowed. It is not fair to discipline an employee for breaking a company rule, such as a rule about email use, if the employer has failed to explain clearly – usually through a written policy – what the rule is, and what is likely to happen if the rule is broken.
If your employer doesn't have a policy yet, always assume the worst. Act cautiously, and ask your manager to clarify what personal use of email or the web they will permit you.
If there is a union recognised where you work, speak to your rep about maybe negotiating a suitable policy, so that everybody knows where they stand.
In practice, if you are sending anything at all sensitive, you are much better off not taking any risks, and using a private non-work email address and preferably a device, such as a mobile phone, that is owned by you and not the employer.
Likewise it is sensible not to use a device owned by your employer, such as your work computer, to create or store any personal documents or information that you would rather not share with your employer.
Remember that no email (not even a web-based email service such as Gmail, Hotmail or Yahoo Mail) is ever totally secure. The only way to guarantee you are safely using email or the web at work for personal purposes is to know that you are doing it within your rights for that workplace.
In practice, it’s best to assume that all your communications using work devices may be monitored.