All it takes to get the sack is a bit of malicious gossip, an email and a manager keen to use some of the latest software for snooping on staff. Any manager can do it. And if an employee finds out and complains, the employer can draw on a raft of government endorsed excuses to support their surreptitious activities.

According to civil rights groups and trades unions, ministers last month handed employers nearly all the tools they need to spy on staff in the form of regulations attached to the regulation of investigatory powers (Rip) act.

Along with organisations like the Industrial Society, an employment think tank, they say employers already paranoid about pornography and viruses circulating on their systems might use the regulations to extend their tentacles and snoop on all electronic communications.

Industrial Society chief executive Will Hutton comments: "Employers are increasingly aware of 'cyberliability' and email abuse and are using more covert and intrusive methods of surveillance. While employers have legitimate interests to protect, over zealous monitoring can undermine employees' dignity and autonomy within the workplace."

A measure of the growth in snooping can be found on the London stock exchange where Baltimore Technologies has become one of the fastest growing companies of recent times on the back of a suit of internet security software including Minesweeper, one of the most popular snooping software products. Even Hollywood noticed the impact of email when Tom Hanks and Meg Ryan created the hit film You've got Mail.

The Rip Act seemed at first as if it may offer staff some protection from anxious employers when it appeared earlier this year. It talks about the need for privacy and stressed the need for mutual trust and confidence. The act says employers need to devise a policy that states how they intend to monitor emails, telephone calls and connections to the internet. Employers also need to tell staff about the policy, the act says.

But on October 24 a series of detailed rules that put flesh on the bones of the legislation came into force, which critics argue give employers most of the excuses they need for monitoring the electronic activities of staff when they see fit. The Interception of Communications regulations override the privacy clauses in the act, protecting the employer from complaints by staff.

But hang on a minute, the regulations don't just contradict a central plank of the Rip Act. While the DTI was busy watering down its original legislation, the government brought in the Human Rights Act, which talks about the privacy of "communication". The Data Protection Commissioner, emboldened by new data protection legislation, also issued draft guidance that recommended employers must gain the consent of employees if they want to access emails and other electronic communication.

The Rip legislation and the regulations that go with it give a clearer picture of the legal landscape, given that the recommendations of the data protection commissioner are only in draft form and the Human Rights Act is as yet untested in this field. That's why civil liberties groups and trades unions are up in arms and fear tribunals.

"The government has defined particular circumstances when employers can intercept electronic information, but it is hard to think of anything employers might do that is not covered by the regulations," says TUC spokeswoman Lucy Anderson. Snooping, says the TUC, can go on "almost without restriction and with no duty to consult or negotiate with trade unions or worker representatives". Civil rights campaign group Liberty says: "The whip hand is with the employer."

Unions point to an instance last year when a college secretary claimed she was put under surveillance by a manager who monitored her emails, internet use and the length of her telephone calls. She says the manager even contacted people she phoned to check what the call was about and who they were. The college said checking up on staff was reasonable, but failed to produce a policy that detailed when and how managers could snoop on their staff.

She lodged a grievance alleging harassment and, with the support of Liberty, her case, which pre-dates the Rip legislation, is being taken to the European Court of Human Rights. Mark Taylor of City law firm Lovell White Durrant recalls another female employee who was sacked after her boss decided she had spent too long surfing the net to book a holiday.

A spokesman for the DTI denies the new rules fail to protect employees, and says the department believes they dovetail with the data protection rules and Human Rights Act. "The regulations don't give employers carte blanche to do whatever they like. They still need to comply with the Human Rights Act, and you'll find the data protection commissioner is very supportive."

Philip Jones, an assistant data protection commissioner, agrees that an employer will have difficulty spying on staff without an agreed policy. "They still need to comply with the Data Protection Act which says that employees should know what information is being collected on them and how it will be used. They must also respect an employee's privacy under the Human Rights Act.

Employees would probably take more comfort from these statements if they believed that most employers complied with the Data Protection Act. "If you went to every company and asked if they complied with the act 90% of them would fail to satisfy all eight principles," says solicitor Kit Burdon of Barlow Lyde Gilbert."

Worse, Theo Blackwell of the Industrial Society says about half of its member organisations conceded they lacked a policy governing electronic communications at the last time of asking. And of members that have contacted the society in recent weeks, "most said their policy was inadequate to meet the changes in the law".

Mr Burdon believes the regulations are an improvement and codify an area that was previously unregulated. "During a hunt for porn by an employer, a member of staff who was quite junior was found to have stored minutes from a board committee on their system. He shouldn't have had access and it was an obvious case of gross misconduct."

But he says out that employees remain extremely vulnerable to employers keen to use the new regulations to get rid of them.

"An employer could use instances of alleged misuse of the e-mail system to build up a case of gross misconduct." An employer might decide that some messages are "harmful to the smooth running of the business that an internet user would consider inconsequential, like circulating a round robin joke".