This blog entry analyses whether or not your employer can legally monitor your emails at work. It begins by looking at your employer's duty to inform you about monitoring. It then turns to look at which emails your employer may monitor. And finally it examines your employer's responsibilities as regards data protection.
(1) Duty to inform
If your employer intends to monitor emails or internet use, it should inform you it intends to do so. This could be done in your employment contract or employee handbook, or some other kind of workplace email policy.
The policy should:
- set out clearly the circumstances in which you may or may not use work email and internet for private communications;
- make clear the extent and type of private use that is allowed;
- explain why your employer monitors emails, the extent of the monitoring, and the means used;
- outline how the policy is enforced and the penalties you can expect if you breach the policy;
- inform you of the extent to which information about your internet access and emails is retained in the system and for how long.
Note, provided you receive adequate notice, your employer may implement a blanket ban on using the internet or email for non-work related purposes. This is quite rare, however.
(2) Emails your employer may monitor
The Regulation of Investigatory Powers Act 2000 prohibits intentional "interception" of emails without "lawful authority". As a general rule, this means employers cannot read an email without the consent of both the sender and recipient.
The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 lists a number of exceptions to this general rule, however, which include intercepting business emails to:
- ascertain regulatory compliance;
- detect unauthorised use; and
- prevent/detect criminal activity.
Note, however, these exceptions do not apply to personal emails, which means your employer should take all reasonable measures to avoid opening them - even those sent from a workplace email account.
Your employer should confine itself to looking solely at the address/heading of your business emails unless it is absolutely essential for a valid and defined reason to examine the content (e.g., to prevent a crime). Moreover, to minimise intrusion, employers should as far as practicable utilise automated systems to monitor email.
If you are allowed to access your personal email account at work, your employer may monitor such emails only in exceptional circumstances (e.g., to investigate criminal activity).
If you think that your employer has illegally monitored your emails or wants to discipline you for improper email use, you should seek expert legal advice as a matter of priority.
(3) Data protection
Under the Data Protection Act 1998, if your employer monitors your use of email and collects personal data about you, it must tell you how it intends to use the information and use only for that purpose. Section 13 of the Act allows you to claim compensation for any contravention of the statute that causes you injury of distress.