Privacy

Recent advances in communications technology mean that information has never been easier to gather and share. This has brought many advantages, but information can be abused. It has never been as easy to compromise privacy, and the issue is becoming increasingly important on a global scale.

Read further for background on:

• The issues

• Privacy and legislation
• Different forms of information
• Staff monitoring

The Issues

The question of privacy affects everyone who runs a business. For example, just as an employee can use e-mail and Internet browsing as a means to do their work, they can also spend time on unrelated personal matters. Many employers therefore think that monitoring staff e-mail is a reasonable means of ensuring they don't waste company resources. But to do so without preparing properly would leave organisations open to accusations of abuse of privacy, and possible legal action.

Privacy must be considered on a much wider scale than e-mail and Internet browsing. There is a growing school of thought that personal privacy is being eroded globally. The European Directive on Data Protection means that it will soon become more difficult to do business with countries that do not have equivalent reciprocal arrangements for privacy. The whole area is rapidly becoming contentious.

Privacy and Legislation

A wide range of legislation affects this issue, including:

• Data Protection Act 1998
• Telecommunication (Lawful Business Practice) (Interception of Communications) Regulations 2000
• Human Rights Act 1998
• Regulation of Investigatory Powers Act 2000 (RIPA)
  

Different Forms of Information

There are many forms of information that need to be considered with privacy in mind, including:

• Confidentiality (non-disclosure) agreements
• Contracts and payroll
• Medical records
• Consent forms
• HR records
• Video camera records
• Union and works council records
  

Staff Monitoring

Monitoring staff use of office facilities, especially e-mail and Internet browsing, is a highly contentious issue. Use of e-mail is particularly susceptible, considering:

• E-mail is often thought of as a temporary message, when in reality it is legally part of a company's permanent record
• E-mail can be posted, re-posted, forwarded and altered globally. The sender has no control over this once the message is sent
• E-mail can potentially transmit confidential information accidentally or through deliberate action

To meet the conflicting requirements of employee privacy and a company's need to manage information systems effectively, the best approach is to develop a clear, published policy on e-mail and Internet usage. Make sure that everyone knows about the policy.

Fundamentals include:

• E-mail and Internet browsing capability are business tools to be used primarily for business communications
• Employees (including temporary staff and contractors) have a duty of care toward company information with regard to confidentiality
• When using e-mail or Internet newsgroups, employees should communicate as they would in a public meeting
  

Employees should also be informed of:

• Any use of monitoring controls within the organisation
• Expected behaviour
  

This is an increasingly complex area, and professional advice should be sought rapidly should circumstances suggest litigation is pending.

There are no easy answers when dealing with this issue but a structured approach to data protection  will deal with many of the problems. Remember that this is an emotive subject, and requires a measured response.

In some cases it may be prudent to have a published privacy policy. The OECD (The Organisation for Economic Co-operation and Development) has developed a web-based tool to help organisations create their own policy.