Company E-mail/Internet policy

S

sim

Guest
What are an employees rights regarding the use of internet and e-mail during work hours? Can they be monitored? Can the facility be removed? Also can personal files on a company computer be accessed by the company?
 
Apart from the first question the answer to your questions are all yes.

However, it is a qualified yes. Employers are not entitled to willy nilly invade the privacy of their employees.

An employer considering pursuing some sort of action against an employee would be well advised to ensure that they do everything well within the law - trying to defend a wrongful dismissal claim based on computer evidence will be pretty hard if it is not possible to prove without a doubt that this person was personally responsible.

Having said that, if the question relates to whether an employer *is able to* (as distinct from *is allowed to*) access files and content on their own machines in their own office then the plain simple answer is yes - in the same way that they are able to read documents left on desks, in filing cabinets, etc . . . whether they are legally or morally entitled to is a different thing altogether.

z
 
Most company policies would highlight the employer's intention to monitor such access. It may even include restriction on personal files on company equipment.
 
Sim

In answer to your question, yes the company can monitor all of the above. The computer, network and internet connection is a business tool that the company is paying and therefore owns and not the employees personal property.

However, under the EU Human Rights Directive you are entitled to the protection of your privacy and this extends to the workplace. As a result you have to agree to waive your right to privacy and acknowledge that your email, internet, phone usage etc. can be monitored. This is often covered in a companies policies. However many companies implement monitoring solutions withour developing the policies and having them signed off properly by staff.

So, without knowing the ins and outs of your case, if your company is monitoring your email or internet usage without you having signed a policy that includes an acknowledgement that you are aware of the monitoring, the comopany is in breach of this directive.

As a consultant in this field I have seen numerous companies get into legal difficulties because they had no policies in place or their policies were not written properly. It is important to note that when deploying a policy you should get staff to sign that they have read and understood the policy. Depending on the size of your organisation you should ensure that your legal and HR teams are involved in any policy development.

C
 
Don't forget that an employer has obligations to ALL employees. If the computer/e-mail/internet ws being used as a means of causing unreasonable offence to an employee, the employer could be brought to task (i.e. sued) for not ensuring that there were adequate systems of protection.

While most employers will respect the privacy of individuals, they will/should reserve to right to monitor usage. The means and extent to which they will do this should be clearly communicated though.
 
So, without knowing the ins and outs of your case, if your company is monitoring your email or internet usage without you having signed a policy that includes an acknowledgement that you are aware of the monitoring, the comopany is in breach of this directive.
Click to expand...
Hi Capaill - Can you please quote your source or the specific section/clause of the directive that results in this ruling?
 
Signature

There is lots of advice available on Oasis at


and more on the Data Protection Commissioners site.

If a company is not clearly communicating a policy, then you will be on strong grounds. If a policy is clearly communicated, you are on very weak grounds. A signature is helpful but not mandatory.

Regarding the "can they be monitored" - yes, pretty much everything can be monitored. Most companies have the ability to view any websites you visit and read any email you process.
Can the facility be removed? - yes. (if clear policy)
Can personal files be accessed? - yes, it is on company property. (if clear policy)

I notice sim used the phrase "during work hours". Most policies will make no differentiation between work and non-work hours, again you are using company resources so do not expect any leeway.
 
Re: Signature

Hi Rainyday

Quote:
--------------------------------------------------------------------------------
So, without knowing the ins and outs of your case, if your company is monitoring your email or Internet usage without you having signed a policy that includes an acknowledgment that you are aware of the monitoring, the company is in breach of this directive.
--------------------------------------------------------------------------------


Hi Capaill - Can you please quote your source or the specific section/clause of the directive that results in this ruling?



The European Convention on Human Rights ARTICLE 8
1. Everyone has the right to respect for his private and family life, his home and his correspondence.

This has been interpreted as including private correspondence at work, including emails. An interesting document is: EU Data Protection Working Party's document titled '[broken link removed]'.

Note that as far as I am aware there is no case law pertaining to email monitoring but the above document and others I have researched point to the case of Halford v. the United Kingdom where "the Court decided that interception of workers' phone calls at work constituted a violation of Article 8 of the Convention". This could be used by any individual as precedence is they were to take an employer to court over invasion of privacy for monitoring email or Internet usage.

So my comment should have read "the company may be in breach of this directive" instead of "the company is in breach of this directive"

However, the point I was trying to make, is that most privacy legislation focuses on the rights of the individual and not on the rights of the employer. Therefore the onus is on employers to ensure that they have protected themselves with a comprehensive policy that has been properly communicated to staff. Proof that the policy has been communicated to and understood by the employee is best done by way of an employee signing the policy. Having a policy on an Intranet or send via email does not prove the employee (a) read the policy and (b) understood the policy.

Another interesting document is This document focuses on US laws but the prinicples remain the same.

I will clarify that I am not a legal expert and that any advise outlined in these postings are based on my experience and interpretations of various privacy laws relating to developing policy documents for IT systems. Individuals should refer to their own legal advise if they seek any further clarifications

C
 
Re: Signature

Hi Capaill - I can well understand that getting the policy signed off would be best practice. However, that is quite different to stating definitively that 'if your company is monitoring your email or Internet usage without you having signed a policy that includes an acknowledgment that you are aware of the monitoring, the company is in breach of this directive'.
 
Re: Signature

Rainyday

You are right. I wrote the original response too quickly and as stated in my previous post the line should have read "may be" and not "in breach"

C
 
You must log in or register to reply here.
Back
Top