The Telecommuncations (Lawful Business Practice) (Interception of Communications) Regulations 2000 (known as the 'Lawful Business Practice' Regulations) provide the legal basis which allows organisations to monitor staff emails and other forms of digital communications, including their use of the Internet whilst at work.
Organisations may want to monitor communications for several reasons, including for training and quality assurance purposes. What the Lawful Business Practice Regulations don't allow is blanket monitoring of staff under any circumstances.
Under Section 1 of the Regulation of Investigatory Powers Act 2000 (RIPA) interception of communications is otherwise prohibited.
Lawful business practice
Under The Telcommuncations (Lawful Business Practice) Regulations 2000 (text) organisations can undertake authorised interceptions for monitoring or recording communications:
- To establish the existence of facts, to ascertain compliance with regulatory or self-regulatory practices or procedures or to ascertain or demonstrate standards which are or ought to be achieved (quality control and training);
- In the interests of national security (in which case only certain specified public officials may make the interception);
- To prevent or detect crime, to investigate or detect unauthorised use of telecommunication systems or,
- To secure, or as an inherent part of, effective system operation; monitoring received communications to determine whether they are business or personal communications; monitoring communications made to anonymous telephone help lines.
Monitoring at work
Monitoring is a recognised component of the employment relationship. Most employers will make some checks on the quantity and quality of work produced by their workers. Workers will generally expect this. Many employers carry out monitoring to safeguard workers, as well as to protect their own interests or those of their customers.
For example, monitoring may take place to ensure that those in hazardous environments are not being put at risk through the adoption of unsafe working practices. Monitoring arrangements may equally be part of the security mechanisms used to protect persona information. In other cases, for example in the context of some financial services, the employer may be under legal or regulatory obligations which it can only realistically fulfill if it undertakes some monitoring.
However where monitoring goes beyond one individual simply watching another and involves the manual recording or any automated processing of personal information, it must be done in a way that is both lawful and fair to workers.
Read Article: Monitoring @ Work
Monitoring may, to varying degrees, have an adverse impact on workers. It may intrude into their private lives, undermine respect for their correspondence or interfere with the relationship of mutual trust and confidence that should exist between them and their employer.
The extent to which it does this may not always be immediately obvious. It is not always easy to draw a distinction between work-place and private information. For example monitoring e-mail messages from a worker to an occupational health adviser, or messages between workers and their trade union representatives, can give rise to concern.
The Data Protection Act 1998 requires that any adverse impact on workers is justified by the benefits to the employer and others. The Information Commissioner's Code on Monitoring at Work is designed to help employers determine when this might be the case.
The Telcommuncations (Lawful Business Practice) Regulations 2000 (text)