I'm concerned about email and web usage monitoring at my workplace. What should I do?
Because the Human Rights Act 1998 extends to the workplace, you have the right to a reasonable amount of personal correspondence and phone calls during work time. This does not mean that you have the legal right to use the work phone, email or internet for personal reasons, but you should be able to access some private communication system. Good employers will trust their staff to make reasonable private use of these facilities, as long as that use does not interfere with work or bring the business into disrepute.
If your employer is going to monitor your email and internet usage, you must be clearly informed of this in advance and of the reasons for such monitoring. This is normally done through a policy or the employment contract. Sometimes, a warning appears as an automatic reminder on the computer log in screen.
Covert monitoring at work without prior warning is a serious privacy intrusion and is likely to breach workers’ privacy rights.
In addition, under the General Data Protection Regulation, your employer should conduct a privacy impact assessment before introducing any intrusive policy such as covert monitoring of internet and email use.
You also have rights under the Regulation of Investigatory Powers Act 2000 which bans the intentional “interception” of emails without lawful authority. This prohibits an employer from deliberately reading the content of emails that are obviously private, even if sent using the employer’s email system, unless there is an exceptional reason, such as to investigate a suspected crime. But the Act does not usually apply to communications on the intranet – in other words, internal communications that are not connected to the public email or phone system. And employers can get around the prohibition on reading emails by obtaining workers’ written consent through a written term in the signed employment contract.
Many employers use automated systems to identify unacceptable web usage, flagging up access to websites which are either on a 'banned' list, or judged by an automatic system to be a risk.
Make sure you've read and understood your employer's policy on email and web use. Your workplace union rep, if you have one, may be able to explain the employer's policy to you.
Your employer should have a policy in place clearly setting out what is and isn’t allowed. It is not fair to discipline an employee for breaking a company rule, such as a rule about email use, if the employer has failed to explain clearly – usually through a written policy – what the rule is, and what is likely to happen if the rule is broken.
If your employer doesn't have a policy yet, always assume the worst. Act cautiously and ask your manager to clarify what personal use of email or the internet they will permit you.
If there is a union recognised where you work, speak to your rep about negotiating a suitable policy, so that everybody knows where they stand.
In practice, if you are sending anything at all sensitive, you are much better off not taking any risks, and using a private non-work email address and preferably a device such as a mobile phone that is owned by you and not the employer.
Likewise it is sensible not to use a device owned by your employer, such as your work computer, to create or store any personal documents or information that you would rather not share with your employer.
Remember that no email (not even a web-based email service such as Gmail, Hotmail or Yahoo Mail) is ever totally secure.
In practice, it’s best to assume that all your communications using work devices may be monitored.