Big brother needs to watch his back. It is now
Page 45
If you've noticed an error in this article please click here to report it so we can fix it.
a criminal offence for an individual or company to intercept any communication unless it's specifically exempted. CMlooks at the implications.
Since the introduction of the Data Protection Act 1984,
businesses have been subject to statutory controls over the way they deal with information in the workplace. Both that Act and its 1998 successor were concerned specifically to ensure that the collection and use of 'personal data' was properly regulated.
Parliament has just passed a new law, the Regulation of Investigatory Powers Act, which places further restrictions on information use by businesses. It is now a criminal offence for any individual or company to deliberately intercept any communication on a public or private telecomm system unless a specific exclusion applies under the legislation. The government has now issued regulations that spell out the range of circumstances in which business-related activity can remain outside the basic prohibition.
The regulations, the Lawful Business Practice Regulations, came into effect on 24 October. They provide that interception by a business is allowed as long as it falls within one of the following three parameters.
First, it is legal to monitor and/or record communications: • to establish facts, to check whether the business is in compliance with any relevant law or code of practice, or to establish current and/or desired standards of work on the part of persons using the system; • for the purpose of preventing or detecting crime; • for the purpose of investigating or detecting unauthorised use of the telecomm system; or • to ensure the effective operation of the system.
Second, monitoring (but not recording) of communications may take place to determine whether or not they are relevant to the business.
Third, a business may monitor (but not record) communications made to a confidential, telephonebased support service which is free and which enables callers to remain anonymous if they so choose.
So, under the first of the above three parameters, a company may intercept for purposes of, for example, quality control, fraud prevention and discouraging non-business use by staff of the company's telecomms system. Under the second parameter, a company could conceivably check messages received during an employee's absence in order to establish whether or not they need to be attended to before his or her return.
It is the implications of these regulations which cover employers' rights to access workers' telephone calls and e-mail accounts that has generated most interest and comment. Trade unions and others have already speculated that the right of employers to do this conflicts directly with individuals' right to privacy of correspondence under the Human Rights Act. Even where interception activity appears to be justified under the above three parameters, a company must still be careful to ensure that any such activity is undertaken solely for purposes which are relevant to its business.
Although it need not acquire the consent of affected parties before carrying out any interception, it must make "all reasonable efforts" to tell every person who uses the telecomm system concerned that communications over it may be intercepted. It will be up to individual employers to decide how they wish to do this, though it could be done through a revision to the employment contract, a notice on the staff room wall or a direct message circulated to all staff If a business intercepts munications when it is not tied to, the DPP may brinl ceedings, which could le imprisonment for its prop or directors. The sender a intended recipient will ali able to seek an injunction they can show that they sul loss as a result of an intercej sue for damages.
A business may still deci intercept messages in cir stances that are not coven the exemptions described a but if it wishes to do so, its a will not be legal unless ex consent is received.
Employers therefore IN clear choice. If they condu monitoring of calls made from their e-mail or telep system, the new regulatiot not affect them. If empl wish, for whatever reaso carry out interception ac then they must satisfy them! in advance that the purpose which they wish to do thi allowed under the rules. implications for non-comp] are such that professional a should be considered whei interception activity contemplated.
• by John Davies
John Dames FCIS is head of ness law at the ACCA.