Privacy at work - who's watching you?


A high-profile credit card company recently dismissed an employee on the grounds of the contents of his email inbox.

In the USA, more than half of all organisations routinely monitor their email systems, and the trend is on the increase in the UK.

Companies can now check their employees' email without their consent for reasons such as recording evidence of business transactions, monitoring standards or the catch-all 'preventing unauthorised use of the computer system'.

So where should the boundaries lie between your employer's right to know what's happening and your right to privacy? Since the Information Commission has delayed the publication of its new privacy code, employers and employees have been left in the dark.

To what extent should employers have the right to access the contents of its' employee inboxes? How can employers monitor offensive, confidential or illegal messages and material without trawling through everybody's personal email?

Older Comments

I think all employees need to briefed on what is expected by their employers, preferably when they are initially appointed. There should be a formal aggreement that outlines all procedures should the regulations be breached. This provides both parties with clear boundaries of the types of behaviour that are acceptable and unacceptable in the workplace.

James Nash London

The expectation of privacy in the workplace is often confused with a person's basic human rights. But to mention privacy and work in the same breath is a misnomer. A company must have control over the use and misuse of their computer systems. The only way to manage this is with both routine and random checks. In most cases it will involve having access to someone’s 'personal' e-mail. So be it. At work you are an employee and when you use the company's computer system for any reason it is subject to scrutiny and rightly so. My advice is to always assume that any communication made via company e-mail will be monitored

Mary-Catherine Flood London

The boundaries are constantly changing. Thirty years ago employers were able to dismiss on the grounds of pretty much anything. Since the laws guarding against unfair dismissal, the bias has shifted to (a) what most people would regard as reasonable and (b) whether or not appropriate procedures have been used. The first condition would need to apply in the case of instant dismissal for what would be deemed gross misconduct.

Such things as theft, workplace violence or passing commercial secrets to a competitor would fall under this heading. As far as the second condition is concerned employees can be dismissed for persistently doing something that might be considered trivial in isolation. However, the employer would have been expected to warn the employee concerned and then exhausted recognised procedures.

The case of downloading pornography is an interesting current example. Should the act of downloading the material per se be a dismissible offence? Of course, I will have used my employer's computer but have people been dismissed for downloading holiday brochures in their lunch hour?

In short, the action must be something that most people would find unacceptable and that warnings about the unacceptability had been given.

So, if I took a photograph of my bottom and sent it out to colleagues, I might expect a warning. If I secretly took a photograph of the Chairman's bottom and sent it to clients, I could expect instant dismissal.

Timothy St Ather

With the increasing use of the email and Internet in the workplace, there is huge potential for these facilities to be abused by employees. It is an area where employees have huge potential to cause damage to employers, for example by using email to harass other employees on the grounds of their sex or race.

A recent survey showed that in the past year there has been more disciplinary action relating to computer misuse than for dishonesty, violence and health and safety breaches combined. However, while the potential for misconduct has increased, monitoring technology has also developed so that employers now have greater chance of detecting abuse.

The law in this area comes from a number of different sources. The main source is the Data Protection Act, which applies because in monitoring an employer will be processing data regarding its employees. The general guidance from the Information Commissioner on this topic is that monitoring must have a specific purpose, and that generally speaking employees must be told that they are being monitored and why. Information obtained should only be used for the specified purpose, unless it is information that 'no reasonable employer could ignore'. In such circumstances, the employer can use the information but should ensure that the employee is given an opportunity to respond to any allegations before taking any form of disciplinary action.

Contrary to popular belief, there is no right to privacy under UK law. Article 8 of the Human Rights Act gives a right to privacy, but the only people who can benefit from this in an employment context are those who work for public bodies. The law of privacy is an area which is likely to develop over the next few years, possibly along the lines of the position in some US states where the employer's right to monitor depends on whether the employee has a 'reasonable expectation of privacy.'

The Regulation of Investigatory Powers Act 2000 (RIPA) prevents the interception of communications unless there is a lawful authority. As to when an employer will have lawful authority, the Lawful Business Practice Regulations define this. Generally speaking employers will have the right to monitor and record communications without employees' consent where the monitoring is taking place to investigate or detect unauthorised use (for example, if the employee is in breach of a clear policy).

The best advice to employers is to have a clear policy on the use of email/Internet in the workplace and remind employees of the policy regularly (such as by using popup screens). Employers should also consider amending their disciplinary procedures to include email/Internet abuse in the definitions of misconduct/gross misconduct as appropriate.

If you would like further advice on this topic, please contact me at [email protected]

Nicola Brown, Thomas Eggar solicitors