THE TELECOMMUNICATIONS (LAWFUL BUSINESS PRACTICE) (INTERCEPTION OF COMMUNICATIONS) REGULATIONS 2000

1. Introduction

The Regulation of Investigatory Powers Act 2000 establishes a new legal framework to govern the interception of communications. It sets the rules regarding activities such as recording, monitoring or diverting communications in the course of their transmission over a public or private telecoms system.

The Act brings the interception activities of private businesses on their telecoms systems within the scope of regulation. If a business intercepts a communication on its system without legal authority, the sender or the recipient of the communication will be able to obtain an injunction or, if they can show that they suffered a loss as a result of the interception, sue for damages.

The Act establishes the circumstances in which it is lawful to intercept communications. It authorises interception in cases where the interceptor has reasonable grounds to believe that both the sender and intended recipient have consented. It also provides for the Secretary of State to make "Lawful Business Practice" Regulations setting out the circumstances in which businesses can lawfully intercept communications without consent.

The Lawful Business Practice Regulations will allow businesses to intercept without consent for purposes such as recording evidence of transactions, ensuring regulatory compliance, detecting crime or unauthorised use, and ensuring the operation of their telecoms systems. Businesses will not need to gain consent before intercepting for these purposes although they will need to inform their staff that interceptions may take place.

The new rules will come into force on 24 October 2000. These notes set out the purposes for which businesses will be able to intercept without consent under the regulations and the steps they should take to inform staff of these practices. The notes also set out some of the circumstances in which businesses would need to gain consent for interceptions and some of the steps they might take to ensure that this is achieved. 

2. Purpose of these notes

These notes represent no more than the views of the DTI on the meaning of Part I of the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. They are not exhaustive and have no legal force. They will not necessarily have any bearing on how the courts interpret the new legislation.

Businesses will need to consult the Act and the Regulations in order to ensure that their activities do not breach the new interception rules. They may need to take legal advice to ensure compliance.

3. Interceptions authorised under the Lawful Business Practice Regulations

The Regulations authorise businesses to monitor or record communications on their telecoms systems without consent for the following purposes:

a.   to establish the existence of facts relevant to the business

e.g. keeping records of transactions and other communications in cases where it is necessary or desirable to know the specific facts of the conversation.

b.   to ascertain compliance with regulatory or self regulatory practices or procedures relevant to the business

e.g. monitoring as a means to check that the business is complying with regulatory or self regulatory rules or guidelines.

c.   to ascertain or demonstrate standards which are or ought to be achieved by persons using the telecoms system

e.g. monitoring for purposes of quality control or staff training.

d.   to prevent or detect crime

e.g. monitoring or recording to detect fraud or corruption.

e.   to investigate or detect the unauthorised use of their telecoms systems

e.g. monitoring to ensure that employees do not breach company rules regarding use of the telecoms system.

f.    to ensure the effective operation of the system

e.g. monitoring for viruses or other threats to the system; automated processes such as caching or load distribution.

The Regulations also authorise businesses to monitor (but not record) without consent in the following cases:

g.   for the purpose of determining whether or not they are communications relevant to the business

e.g. checking email accounts to access business communications in staff absence.

h.   in the case of communications to a confidential anonymous counselling or support helpline

e.g. monitoring calls to confidential, welfare helplines in order to protect or support helpline staff. 

4. Requirement to inform staff of interceptions made under the Regulations

If businesses intend to make interceptions without consent for the purposes authorised under the regulations, they are required to make all reasonable efforts to inform every person who may use their telecoms system that communications may be intercepted.

e.g. Businesses could place a note in staff contracts or in other readily available literature informing staff that interceptions may take place.

The persons who use a system are the people who make direct use of it. Someone who calls from outside, or who receives a call outside, using another system is not a user of the system on which the interception is made.

5. Interceptions outside the scope of the Regulations

If businesses wish to make interceptions for purposes outside the scope of the regulations, they will need to gain consent of the sender and the intended recipient of the communication.

e.g. Interceptions for purposes such as marketing or market research;

e.g. Interceptions for any other purposes that fall outside the list in Section 3 above.

6. Gaining consent for an interception outside the scope of the Regulations

The Regulation of Investigatory Powers Act authorises interceptions in cases where the interceptor has reasonable grounds to believe that he has the consent of both the sender and the intended recipient of the communication.

If businesses need to intercept communications for purposes outside the scope or the Regulations, they could take a number of steps to ensure that they gain the consent of staff and outsiders:

e.g. the business could insert a clause in staff contracts by which employees consent to calls being monitored or recorded;

e.g. the call operator could ask outsiders at the start of a call whether they consented to their call being monitored or recorded;

e.g. the business could begin calls with a recorded message stating that calls might be monitored or recorded unless outsiders requested otherwise.

We believe that, as a minimum, a business would need to give outsiders a clear opportunity to refuse consent to interception and to be able to continue with the call.

7. Warning: The Data Protection Act 1998

Anybody who intercepts a communication will need to be sure that their actions are authorised under the Regulation of Investigatory Powers Act and comply with the requirements of the Data Protection Act 1998.

The Lawful Business Practice Regulations make an exception to the rule established in the Regulation of Investigatory Powers Act that consent is needed before an interception can take place. If a business intercepted a communication in accordance with the Regulations, it would not risk civil liability under the Regulation of Investigatory Powers Act for unlawful interception.

However, businesses should be aware that any interception which involves obtaining, recording or otherwise processing personal data by means of automated equipment (for example recording calls or filtering emails) also falls within the scope of the Data Protection Act 1998. So too does the holding or processing of personal data after the interception has taken place.

8.Further Information

For more information about the Lawful Business Practice Regulations visit the main pages on the DTI website