Barrister Charles Price offers some legal advice for employers who want to know when they can monitor employee emails.
We are all aware how email has revolutionised the workplace, allowing people to work with more speed and from remote locations. Emails carry the legal force of a contract and are often used as evidence in court and tribunal proceedings.
The emergence of email brings with it huge benefits but also huge risks if not managed responsibly. The introduction of a robust email policy can stave off the potential elephant traps, as I reported in a previous article on HR Zone, but often an employer will want to monitor an employee to make sure that systems are being protected and that the employee is not guilty of misconduct. The law on this subject is complicated but there are common threads running through the various sources.
An employer might want to access employee emails because:
- Emails have the same authority as any other communication to and from the organisation and have the same legal force as paper correspondence. binding contracts may be inadvertently created.
- External emails should have disclaimers attached to guarantee privacy.
- Emails can be regarded as published information and defamation can occur.
- A copy of an e-mails is left behind on deletion – they are not confidential, and can be read by anyone given sufficient levels of expertise.
- Defamation of colleagues or other parties (deliberate or otherwise) may occur.
- Abrupt, inappropriate and unthinking use of language can lead to a bullying tone and possible offence to others. Employers can be held liable for harassment.
The law
Various sources of law protect the email user. I list a few of the sources below. One reoccurring theme amongst all of the statutes is that employees should be warned prior to having their emails monitored.
Human Rights Act 1998
This provides for the concept of privacy giving a ‘right to respect for private and family life, home and correspondence’. The provision is directly enforceable against public sector employers, and all courts must now interpret existing legislation in relation to the Human Rights Act. In the case of, Halford v UK 1997 suggests that employees have a reasonable expectation of privacy in the workplace, and employers are recommended to provide workers with some means of making personal communications which are not subject to monitoring, for instance a staff telephone line or a system of sending private emails that will not be monitored.
The code of practice, “Monitoring at work: an employer’s guide”, states that email monitoring should only be undertaken when:
- The advantage to the business outweighs the intrusion into the workers’ affairs.
- Employers carry out an impact assessment of the risk they are trying to avert.
- Workers are told they are being monitored.
- Information discovered through monitoring is only used for the purpose for which the monitoring was carried out.
- The information discovered is kept secure.
- Employers are careful when monitoring personal communications such as emails which are clearly personal.
- Employers only undertake covert monitoring in the rarest circumstances where it is used for the prevention or detection of crime.
Covert monitoring is likely to be unlawful unless undertaken for specific reasons as set out in the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (see below).
Employers should make sure workers know of any monitoring or recording of correspondence (which includes emails, use of internet, telephone calls, faxes and so on).
Regulation of Investigatory Powers Act 2000
This Act covers the extent to which organisations can monitor or record communications at the point at which they enter or are being sent within the employer’s telecommunications system, and applies to public and private communication networks. It gives the sender or recipient of a communication the right of action for damages against the employer for the unlawful interception of communications.
There are two areas where monitoring is not unlawful:
- Where the employer reasonably believes that the sender and intended recipient have consented to the interception.
- Without consent, the employer may monitor in the following circumstances, as set out in the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000.
These include:
- To ensure compliance with regulatory practices eg Financial Services Authority requirements.
- To prevent or detect crime.
- To protect the communications system this includes unauthorised use and potential viruses.
- To determine the relevance of the communication to the employer’s business, ie picking up relevant messages when someone is away from work.
to ensure standards of service are maintained, eg in call centres.
The information commissioner, responsible for enforcement of the Data Protection Act, has published a code of practice to help employers comply with the provisions of the Data Protection Act. The ‘Employment Practices Code’ clarifies the Act in relation to processing of individual data and the basis for monitoring and retention of email communications.