The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 which came into force on 24 October specify the circumstances in which it is lawful for an employer to monitor and record staff emails and telephone calls. One of the reasons behind their introduction was a desire to provide a degree of certainty for businesses in what is a controversial area of public policy.
The regulations specify a variety of circumstances where a business can lawfully intercept communications without specific consent including:
- To ascertain compliance with regulatory or self-regulatory practices or procedures relevant to the business.
- To investigate or detect the unauthorised use of the telecommunication system.
- To ensure the effective operation of the system.
An employer intercepting communications MUST have made all reasonable efforts to inform any person who may use the system that such interception may take place.
Whilst the regulations appear to give employers wide powers to intercept communications considerable care should be taken to ensure that the level of interception is no more than is necessary for the purpose to be achieved.
These provisions have excited considerable controversy and are currently subject to an investigation by the European Commission as to whether they are compatible with EC obligations.
Before publication of the regulations the Data Protection Commissioner had issued a draft code of practice concerning the same topic. Whilst the draft code will be revised to take account of the new regulations it is significant that the draft code adopted a significantly more restrictive approach to the issue of monitoring and recording. Emphasis was placed on the proportionality of any steps taken – for instance it suggested that telephone calls should not be monitored where a simple analysis of numbers called would serve the same purpose.
The draft code also stressed that if a written policy is not adhered to it will be the practice rather than the written policy that is relevant. For example, if an employer has turned a blind eye to a limited number of private calls being made then it is that reality rather than the written policy that will determine the reasonableness of any monitoring.
In the light of the possible review of the regulations and possible restrictions to be imposed by the Data Protection Commissioner regulating the processing of data arising from, or inherent in, the monitoring process it would be sensible for employers to approach monitoring in a cautious fashion. All employers who think they may need to intercept staff telecommunications must have a clear written policy in that regard, take positive steps to ensure that all employees are fully aware of the policy and ensure that the policy is adhered to in practice.