any comments ?
--
BBC Online News : Monday, 18 November, 2002, 08:44 GMT
Tighter rules on workplace snooping
By Mark Ward
BBC News Online technology correspondent
Workers look set to regain some of their right to privacy at work as rules governing the monitoring of e-mail messages and web use are tightened up.
The UK's privacy watchdog is producing stringent codes of practice governing how much scrutiny companies can carry out on private communications.
The Information Commissioner warns that companies that do not follow the letter of these rules risk prosecution under the Data Protection Act.
Legal experts say that companies flouting the regulations could find themselves in trouble if sackings for e-mail or web abuse end up in a tribunal.
Conflict of duty
E-mail and net access are now key to day-to- day running of many businesses.
Many companies are monitoring what staff do with them to filter out viruses, spam and to monitor customer service.
Financial service companies tend to monitor staff communication to help them comply with industry regulations.
But the Information Commissioner is warning that companies cannot trample over rights to privacy or ignore data protection rules when monitoring e-mail and net use.
The Commissioner is revising the codes of practice covering monitoring to keep companies in line and to ensure they do not abuse the access they have to e-mail messages.
"It's an attempt to give employers an idea how they can comply with the data protection act," said a spokesman for the Information Commissioner.
"There are companies that have not done much with regard to their legal requirements," said the spokesman, "Under the Data Protection Act they may have a lot of work to do."
Legal protection
The monitoring of employee communications is covered by two laws.
The Regulation of Investigatory Powers Act gives basic guidelines on when monitoring can be carried out, but the Data Protection Act details the tests that must be passed for monitoring to be lawful.
Data protection laws are being redrafted in light of European laws and this significantly changes when monitoring can be carried out and what can be done with any information gathered.
A draft code of practice being drawn up by the Information Commissioner will tell companies exactly what they must do to comply with data protection laws.
The spokesman said that companies can no longer get away with pinning a policy document on a notice board and hoping staff read it.
"The data protection act is quite comprehensive," he said. "Companies need to target monitoring and tell people they are doing it."
"It should be a living policy that people are regularly reminded of," he said.
Camera shy
The draft code of practice on monitoring at work warns that the tests, checklists and benchmarks within it will be used to determine it companies are complying with data protection laws.
Bosses cannot open every internal message
Already in France a case has established that employers do not have the right to open any of their employees' messages.
In early October the French Supreme Court ruled in a case between Nikon and a former employee that the company had no automatic right to search through an e- mail inbox.
The court made its decision under the European Convention on Human Rights which guarantee a right to privacy in communication.
Adam Edwards, a partner at law firm Cumberland Ellis Piers, said the tightened up laws on monitoring could trip up many companies.
"We are bound to see this coming up in tribunals," said Mr Edwards.
"The vast majority of tribunal chairmen are probably not particularly well equipped to deal with these arguments," he said.
"Companies are going to have to demonstrate that they have a working policy."
> Richard Talbot
> QinetiQ Ltd. Data Protection Adviser
> Bldg 59 Room 1
> QinetiQ Ltd Bincleaves
> 806-4663
> +44 1305 764663
>
The Information contained in this E-Mail and any subsequent correspondence
is private and is intended solely for the intended recipient(s).
For those other than the recipient any disclosure, copying, distribution,
or any action taken or omitted to be taken in reliance on such information
is prohibited and may be unlawful.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|