Have you ever had the feeling that someone is looking over your shoulder? That your every move is being scrutinised? You have? If press reports of email and internet monitoring at work are anything to go by you're not alone. But is the coverage of employer monitoring of email and internet use based on fact?
There is scant evidence that employers spend a great deal of effort spying on their staff, and that employees feel that their privacy is violated in this way. If employers are keeping an unnecessarily watchful eye on employees then they are simply poor managers, who will ultimately damage relationships with staff, and consequently their business.
Despite the hype, there are very good business reasons for employers not to engage in large scale surveillance activities. The huge level of resources that would be required to do so for one. Large organisations would need teams of people to read emails and check every website visited in today's technology-driven workplace. Even if wrong-doing was detected, it would be unlikely to warrant such expense.
Employers are, however, concerned to protect employees and themselves from inappropriate emails or internet use by individual workers. Many organisations use software to scan emails and web sites visited for particular words that could indicate abuse of the company's system. And some industry sectors such as finance monitor staff more closely to protect against fraud. As customers, we would not want it any other way.
Indeed most reasonable employees would accept that some monitoring of their performance and behaviour is required. Legally, they are entitled to have their personal information treated in confidence by their employer. Employees should also generally be aware of when and how their work will be monitored. Covert surveillance of employees can only ever be justified in limited circumstances, such as the detection of criminal activity.
For their part, employers have legal obligations to employees, customers and shareholders that require them to conduct some monitoring of staff. Fraud, the downloading of illegal software and time wasting on entertainment sites are just some of the uses of the internet by employees that businesses need to prohibit.
Employers also need to protect their reputation, which may be harmed by inappropriate emails from the organisation's system. At the start of the year, Royal & SunAlliance suspended 80 employees following a complaint by a member of the public about lewd images sent by email. These have been described by the company as offensive and "of a highly graphic nature". Investigations have so far led to 11 dismissals and resignations by seven people.
Employers can also be held liable for employees' actions. Following defamatory emails sent by one of its staff, Norwich Union was obliged to pay Western Provident Association £450,000 in costs and damages. Similarly, inappro priate emails can constitute sexual harassment. If the employer did nothing to prevent the mischief, they could be held responsible.
Despite the existing legal obligations and responsibilities it is clear that there is confusion about what employers should or can do to monitor staff use of email and the internet. The situation needs clarifying. Unfortunately, the position will not be helped by recent proposals from the UK's Information Commissioner, who is responsible for promoting and monitoring good use of personal information.
The Commissioner's public consultation exercise on a draft code of practice on the use of personal data in employer/employee relationships ended earlier this year.
If issued as presently written, the code would place considerable restrictions on the monitoring of employees' emails and their use of the internet. The purpose of the code - to provide guidance to employers on how to protect employees' personal data - is welcome. However, rather than establishing basic principles that are readily understood by employers and employees, the code is overly prescriptive, with 44 'standards' proposed that organisations would have to follow.
Given the restrictions on their operations and bureaucratic burden these would impose, there is a risk that the code will encourage employers to ban workers from using email and the net for personal use, currently allowed by many organisations. As the code covers workers' personal information, employers could regard this as a way of protecting themselves from legal claims by employees. This means that employers would be unable to take as reasonable an approach as they might otherwise like.
The problem with the draft code is that it fails to take account of the array of circumstances in which it would have to be applied. What is important for the relationship between employee and employer is that monitoring of staff is conducted at a level appropriate to the business, in a way that is fair, and seen to be fair.
Good employers achieve this by developing organisational policies, with employees' input, that spell out what is reasonable for their particular organisation. In this way, everyone knows where they stand, and why. The mutual trust that this inspires is the basis for a healthy relationship between employee and employer. This would certainly not be achieved by employers engaging in Orwellian "snooping" tactics.
• Diane Sinclair is a policy adviser to the Chartered Institute of Personnel and Development
