So if a supposedly tuned-in-member-of-parliament-cum-techno-buff can get it wrong how do employers find their way around the new legislation?
On 28 June staff from the Information Commissioner's Office (ICO) and a group of industry leaders will meet at a one-day conference in Manchester in an attempt to come up with a set of guidelines. One area that will be under heavy scrutiny is the legality of employers monitoring employees' email and internet use. One survey showed that 84 per cent of employers monitored the email and internet activities of staff without informing them — under the new act this may be illegal.
Iain Bourne, Strategic Policy Manager at the ICO admitted the 'law is open to interpretation'. The ICO has prepared a draft code which gives employees rights to privacy. However some employers were heavily critical of this and the office wants to use the conference to clarify its view.
Attending the conference will be Peter Skyte, a national secretary with the Manufacturing, Science and Finance union (MSF) — which represents technical and professional people, representatives from the chamber of commerce, the TUC, the ICO's Dutch equivalent, and Shell Oil.
Bourne said finished guidelines would be out by the end of the year. The issue that needs to be settled, he said, is where the level of personal privacy is set.
The Data Protection Act 1998 came into force on 1 March 2000. It establishes rights for people and sets out eight principles of 'good information handling' for those who record and use personal information. In April, the London Chamber of Commerce surveyed 300 companies and found that more than half were flouting legislation or leaving themselves unnecessarily exposed to legal action by failing to control their systems. Only 44 per cent of firms trading on the net complied with the basic requirements of the data protection act. Less than half had a staff policy for email and internet use.
To confuse the issue the Regulation of Investigatory Powers Act effectively gives employers the right to monitor — provided both the sender and the recipient consent. Monitoring can be done without consent if there are special circumstances. These include; establishing the existence of facts (such as the conditions of a contract), ascertaining compliance with business practices, ascertaining or demonstrating standards in relation to telecoms systems, preventing or detecting crime, investigating or detecting unauthorised use of the telecommunications system.
To make the issue more complex the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 and the European Convention of Human Rights 1998 also deal with the monitoring.
Another law — The Freedom of Information Act 2000 — was passed on 30 November last year, and must be in force by 30 November 2005.
One of the main arguments for monitoring is to prevent time-wasting. It's a valid point — it was estimated that the last series of Big Brother cost UK businesses £1.4m in lost working hours as office workers watched on-line.
But Ronnie Wilkie, operations director at Booz-Allen and Hamilton said time-wasting could be dealt with in the same way it always has — by good management.
Time-wasting could be dealt with in the same way it always has been — by good management
Ronnie Wilkie
The best way of checking what employees are doing is the same as ever — a manager going to a workstation every hour and seeing what they are doing, he said.
His company does have guidelines in place — 'We don't expect employees to be accessing smackme.com, we expect them to be doing work', he said.
But he added that some personal internet use is not only tolerated, but expected. Wilkie does it himself. He is a keen fly-fisher and has a fly-fishing site bookmarked. But he said, checking that is the same as making a phone call to his brother.
His view is that if an employee emails their sick mother and that puts their mind at ease, then they will be more productive for the rest of the day.
The move to open-plan offices where people can see what others are doing reduces internet surfing because of peer group pressure. 'People don't like shirkers', said Wilkie.
Skyte, who will be speaking at the conference this month, shares similar views. He said employers must establish an internet policy. But employers' concerns should be addressed by good employer practices.
'Employees are the organisation's greatest asset and should be treated that way.'
It's good practice to monitor employees' output, he said, but blanket email and internet monitoring is not needed to do this.Monitoring is needed in some circumstances, he said, when people are looking at material featuring pornography or race hate, or if they are conducting criminal activities.
But, he said, this can be stopped by other means. The Housing Corporation, for example, limits the size of attachments to around half a megabyte — 30-odd pages of A4 text.
Some employers are using software to block sites rather than monitor. In the end, said Skyte, there needs to be trust.
It’s the law — or rather the laws
Regulation of Investigatory Powers Act 2000.The Act effectively gives employers the right to monitor if both the sender and the recipient consent. Monitoring can be done without consent if there are special circumstances, such as preventing or detecting crime. Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000.
These make it unlawful to intercept a transmission in the course of its transmission by way of a public or private telecommunications system. Employers may monitor communications relevant to the employer’s business. This law appears to give employers the right to monitor — but this conflicts with other laws. Human Rights Act 1998.
Article 8 of the European Convention of Human Rights provides for a right to privacy, including correspondence. Data Protection Act 1998.
Draft guidelines suggest that the Act protects employees’ rights to privacy.
Source
The Facilities Business
