Advertisement
Promo

Become a member of the ZDNet UK community

Features Articles

Monitoring staff: What the latest code of practice means

Olswang ZDNet.co.uk

Published: 17 Jun 2003 15:14 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Part 3 of the Employment Practices Code entitled Monitoring at Work was issued on 11 June. Businesses need to review their communications policies and ensure their workers are reminded regularly of any restrictions on personal use of communications in the workplace. They also need to consider capability of IT systems' compliance with the Code when purchasing and implementing such systems. Failure to follow the code may lead to enforcement action by the Information Commissioner and the need for IT system changes.

What action should businesses take?
Workers must be made aware of the nature, extent and purposes of any monitoring. One of the code's seven good practice recommendations is devoted to e-communications (which includes telephone (including mobile), fax, email and voicemail communications and internet access). Key practical points to note include the following:

  • Employers should "establish, document and communicate" a policy on e-communications to ensure workers are made aware of the policy. Existing policies should be reviewed to ensure they reflect data protection requirements -- the new Code makes it clear that a simple warning that "emails may be monitored" may not be sufficient; and

  • Employees should be made aware (and reminded regularly) of the policy on monitoring and of their own role in data protection compliance, and the possible consequences of breaching the Data Protection Act 1998 ("the Act");

In addition to carrying out impact assessments for each form of monitoring, employers are encouraged to consider:

  • Limiting e-communications monitoring to that necessary to protect against security breaches, e.g. viruses (and using automated monitoring systems where possible);

  • Informing workers of retention periods for emails and Internet usage, and checking that they are aware of them;

  • Encouraging workers and their correspondents to identify personal emails as such and using recorded messages to make external callers aware of potential monitoring;

  • Confining email monitoring to traffic data (addresses and headings) except where access to the content of the email is essential; and

  • Monitoring Web activity on an aggregated (e.g. departmental ) basis where possible.

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
14 out of 32 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

1 comment

  1. I have just been threatened with losing my job - w... Anonymous

Related Links

Company/Topic Alerts

Create a new alert from the list below:







Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters