Every office generates so much e-mail, instant messages and Internet traffic it’s all but impossible for management to keep track of exactly what’s being said, seen and done online.

But how can execs be confident that all these digital conversations are necessary and not just time-wasting? Or worse: the cover for data leaks, inappropriate content-sharing or other nefarious or even criminal activities.

Why monitor staff e-mail?
Some of the reasons an organisation might want to monitor staff use of e-mail and Internet sound obvious–assessing skills or performance or keeping tabs on time spent on non-work activities, for instance, or preventing the distribution of inappropriate or illegal content.

Another possible use for monitoring could be to help prevent damage to computer systems by identifying careless Internet and e-mail users who are downloading malware or accessing potentially risky websites. It could also help to ensure compliance with health and safety regulations and, more broadly, to reduce the risk to the business from liability for the actions of its employees.

Other reasons to embark on a period of monitoring might include gathering evidence on an untrustworthy employee where there are serious and credible grounds for suspicion.

Issues to consider when monitoring staff

Monitor staff only if you think it is justified because of a present and serious risk to your business.

Remember that monitoring in itself can present a risk to your business if employees feel you don’t trust them. Consider the issues below when monitoring staff.

Management issues

Ensure that your reasons for, policies about, and methods of monitoring are:

  • well thought out to meet your business’ needs
  • justified and proportionate
  • applied consistently and fairly

To avoid damaging employment relations as a result of monitoring:

  • consult staff, employee representatives or trade unions about procedures and policies
  • communicate policies to staff
  • include monitoring policies in your workers’ contractual terms and alert them to these when they start work
  • control access to information collected through monitoring, in line with data protection law
  • consider alternatives to monitoring
  • inform staff of how you will deal with misconduct discovered through monitoring

Internet issues

To avoid inappropriate use of the internet and email:

  • Set out workers’ rights, responsibilities and limitations for use of the internet and email at work, but don’t be too restrictive.
  • Allocate personal internet usage time, eg outside normal working hours.
  • Detail monitoring methods for internet and email usage.
  • Educate staff on the potential legal risks and liabilities/security problems that misuse may create.
  • Make clear to staff that you are complying with legal guidelines on interception.
  • If you outsource computer support, provide in the maintenance contract for someone at your supplier to brief you on security issues. To comply with the Data Protection Act 1998, you will need a contract with the support company requiring them to act under instruction from you only and which ensures that they take equivalent security measures to you regarding the handling of personal information.
  • It’s less intrusive to block access to sites than to monitor the sites someone visits.

Legal issues

  • Ensure that your monitoring of staff complies with the Data Protection Act 1998 and the Regulation of Investigatory Powers Act 2000. If in doubt consult a solicitor.
  • Put up notices reminding employees of your monitoring policies.
  • UK passports are subject to Crown copyright protection and copies can only be made in certain circumstances, eg where an employer has to prove that it has checked the passport holder’s entitlement to work in the UK.