Employers who monitor staff e-mail and internet use without their knowledge could face prosecution under new guidelines published by the UK's Information Commissioner.
The long-awaited guidelines form a code of practice that employers will be expected to follow. Firms that breach the code could see their directors being prosecuted under the terms of Data Protection Act 1998.
The code warns employers that they must take account of Article 8 of the European Human Rights Act enshrining respect for private and family life and personal correspondence.
"It is important to develop a culture in which respect for private life, data protection, security and confidentiality of personal information is seen as the norm," the code stipulates.
"Covert monitoring should not normally be considered,” It adds. “It will be rare for covert monitoring of workers to be justified. It should, therefore, only be used in exceptional circumstances. "
The code says that such surveillance would only be justified to prevent malpractice or crime and would have to be approved by senior management. Such monitoring would then need to be “strictly targeted” and set to a “limited timeframe”.
Richard Thomas, the information commissioner, stressed that employers should think long and hard before they engage in excessive intrusive monitoring.
“Covert monitoring, especially CCTV monitoring, should only take place in extreme situations,” he said. “We will be pretty hostile towards casual and ill-thought through monitoring."
While the monitoring of internet and email use is not outlawed under the guidelines, Mr Thomas said that “it must be open and transparent and with the knowledge of the employee.”
The code of practice stipulates that workers should be told what sort of monitoring is going on and why it is being done.
Other recommendations will require employers to make it clear to their staff what constitutes unacceptable use of e-mail or the internet - a blanket ban on "offensive material" is not sufficient without concrete examples.
The extent of the problem of e-mail and internet abuse at work was highlighted in a September 2002 survey by law firm KLegal and Personnel Today magazine. This found that disciplinary cases involving e-mail and internet abuse at work in 2002 exceeded those for all dishonesty, violence and health and safety breaches. The report also found that sending pornographic e-mails was one of the three most common ways of getting sacked. One in five companies said that they monitored their employees daily, with one in ten doing so covertly.
Although the guidelines address CCTV surveillance, e-mails and voicemail monitoring, checking internet usage, keeping records of telephone calls, and checking with credit reference agencies, the CBI complained that they had still not gone far enough in creating a clear definition of what constitutes monitoring.
Confederation of British Industry (CBI) director-general, John Cridland, described the code as confusing.
"This code is now shorter and less prescriptive, but it remains confusing because there is no clear definition of what monitoring is. It is crucial for business to know where monitoring ends and unwarranted intrusion begins."