Email snooping: Avoiding a Big Brother culture

Until the Information Commission publishes its long-awaited Code of Practice on electronic surveillance in the workplace confusion will reign over what is and isn't permissible. But companies and staff need clarity right now. Here, Hannah Reed, Employment Rights Policy Officer for the Trades Union Congress (TUC), explains why employees need to be protected - and what employers should be doing to foster an environment of mutual trust, not suspicion...

Big Brother is at work - the boss is snooping on us. Or at least that is the growing worry of many employees. And people are right to be worried. Surveillance techniques at work are becoming ever more sophisticated and intrusive. US practices of monitoring of emails, installation of CCTV cameras, tracking systems and covert surveillance are rapidly crossing the Atlantic.

A 1990 survey of US telecoms staff, sponsored by the Communications Workers of America, found that 84 per cent of monitored employees complained about high tension as opposed to 67 per cent of unmonitored workers. A later study by the US Office of Technology Assessment also found workplace monitoring "contributes to stress and stress-related illness".

Of course some surveillance is justified. CCTV cameras can help stop violence against staff. Employers do have the right to prevent excessive use or abuses of email and internet systems, to protect them from libel or copyright breaches, and while some employers have over-reacted, online or email porn and in particular sexual harassment should not be allowed.

But that's no excuse for assuming everyone's guilty until proved innocent through 24/7 surveillance. We should be able to go to work and expect respect for our privacy and autonomy. And as employers increasing expect us to work long hours – the longest in Europe - the lines between work and home are increasingly blurred. Most employers rightly permit their staff to use email and the web for some personal use – it's some small compensation for all the unpaid overtime we do. But in doing so they must recognise their duty not to monitor their staff's private lives.

Mounting pressure on European governments to protect privacy at work led to the adoption of the EU Data Protection and Telecommunications Directives. These laws are designed to strike a fair balance between the interests of employers to run their businesses efficiently, and the need to protect the privacy of workers.

Both laws have now been in force in the UK for more than two years. But so far it's not clear what, if any, impact they have had. The legislation is complex and, like any law that aims to strike a balance, is full of words like 'reasonable' - which while easy to agree with, can be hard to define in practice.

That is why there is such an urgent need for clear guidance to provide both employers and their staff with a map to steer through the maze of legal rules.

Over two years ago the UK Information Commissioner's Office said it would publish a Code of Practice. A detailed consultation process was launched with employers, unions and others. Yet we are still awaiting the final product – no-one yet knows how the law will be applied.

There is no great mystery why. Employer organisations have been lobbying hard for delays, because they want to be allowed to keep on snooping. The result has been increasing confusion amongst employees and employers alike as to what is permitted. In some cases harsh knee-jerk reactions for comparatively minor infractions have only served to alienate and worry staff.

And there wasn't much wrong with the original draft of the Information Commissioner's Office Code of Practice. Guidance should be based on the basic principles in the EU legislation, not written for as much snooping as its loopholes allow.

Employers should be encouraged to adopt workplace policies which:

* Clearly identify the risks which they need to counter through monitoring, e.g. to prevent fraud, harassment or the disclosure of confidential commercial information *Insist that monitoring is only used for defined purposes and that information gathered for one purpose is not used for any other * Ensure that the form of monitoring used is targeted, with no blanket monitoring or random 'fishing trips' * Ensure the least intrusive forms of monitoring are used. Electronic surveillance should be favoured over manual methods, and monitoring of traffic rather than content * Sensitive data must be especially safeguarded, such as health-related information. Inappropriate use of such information could represent a breach of human rights * Perhaps most importantly, staff should be told in advance of what is allowed and what is off-limits, and in what circumstances monitoring should be allowed. Employers should adopt and publish clear and fair policies

Our view is that it shouldn't be very hard to agree sensible guidelines and rules in most workplaces. And if staff have a hand in agreeing them, then managers might find that people take more notice of them. That's easier perhaps in workplaces where unions and managers are used to working together but should be possible almost anywhere.

Managers sometimes need to be reminded that their staff are grown ups and respond better when they are assumed to be trustworthy.

Many good employers have already developed guidelines for their workplace, which take these principles into account, often through working in conjunction with a workplace union or staff committee.

Employers should recognise such an approach is sensible and will result in more productive workplaces. Excessive monitoring is not always in the interests of business. The TUC will continue to work with the Information Commissioner to ensure that the promised Code of Practice is published as soon as possible.

Anyone wishing to research or discuss the Code of Practice directly with the Information Commissioner's office can do so at: http://www.dataprotection.gov.uk/contactus.htm

Hannah Reed is the TUC's Employment Rights Policy Officer.