British employers may not be allowed to monitor their employees’ private e-mail or Internet use at work in the future or use hidden cameras without staff knowledge unless a criminal investigation is under way, according to a draft Code of Practice on data protection from the U.K. Information Commission published on the Financial Times (FT) newspaper’s Web site.
The full Code of Practice is due for release within six to eight weeks, an Information Commission spokesman said.
This Code is the Commission’s interpretation of the Data Protection Act 1998, he said, and so will act as guidelines for employers unsure about the rules, the spokesman said.
Employers who deviate from the Code could find themselves no longer in compliance with the Data Protection Act. However, “different industries differ so much that there can’t be hard and fast rules — these are just a general interpretation,” he said.
The draft Code says that employers should not open e-mail when there is reason to believe they are private, even if they are sent or received using a work computer during work hours, and employers should monitor the time spent on the Internet as opposed to the sites visited or contents viewed.
Video and audio monitoring should be targeted at areas of particular safety or security risk, and only when these cannot be monitored otherwise, the draft Code said. Such monitoring should be kept to areas where “expectations of privacy will be low,” such as those to which the public has access, it said. Employers should also make it clear that this is being done.
While monitoring is allowed in certain situations, for the protection of a business and its rules and standards, employees must be told, and regularly reminded of, what areas of their work are being watched in this way, the draft said.
Monitoring “should be designed to operate in such a way that it does not intrude unnecessarily on the right of workers to expect respect for their private lives and correspondence. In addition, workers have a right to expect a degree of trust from employers, and to be given reasonable freedom to determine their own actions without being constantly watched or listened to,” the draft said.
All of the above rules are flexible, the draft said. The decision on whether to carry out monitoring “may involve the striking of a balance between intrusion on one hand and risk to the business on the other … this court cannot make hard and fast rules.” The Code is intended to assist employers in making these decisions, it said.
