Our Guest article this month comes from Melanie Guy, HR and Operations Manager at 2nd Head Consulting.
Following a recent ruling by The European Court of Human Rights (ECHR) it was reported in the press that employers can read private messages which employees send using chat and email accounts. However, the ruling by The ECHR does not mean that the fundamental rules regarding ‘spying’ in the workplace have changed and so the recent press reports should be read with a degree of caution; and beyond the headline.
This particular case concerned a Romanian engineer, Bogdan Barbulescu who, in 2007, was accused by his employer of sending messages to personal contacts during work hours - using the Yahoo Messenger account created by his employer for professional use. Barbulescu denied the accusation but when his employers checked the account they found that he had in fact used it for purposes forbidden by their company policy.
As part of their investigations his employer had only looked at personal messages and emails when it suspected that the Yahoo Messenger account was being used for purposes other than that which it was intended for.
Following disciplinary and dismissal proceedings Barbulescu took his case to the domestic courts in Romania, complaining that his employer had breached his right to confidential correspondence because it had accessed his communications. He lost his case and subsequently appealed to The ECHR.
The ECHR in Strasbourg handed down their decision on 12th January 2016 ruling that Mr Barbulesco’s former employer had “acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate.”
What can we learn from this?
The ruling does not mean that it is OK to monitor all email content created by employees and it is therefore important that employers have very clear policies. This is both in relation the use of the Internet and also when and under what circumstances Internet use and email or download content may be monitored.
Trust has be a factor too along with mutual respect.
Businesses use the Internet for a whole range of systems and services now, meaning that it’s available to a greater number of employees during the course of their working day. Employees should be given guidance with regard to what is considered acceptable use when it comes to online shopping, browsing and accessing emails.
Banning or restricting access to the Internet for personal use is not illegal but it’s not likely to be a popular decision. Likewise many workers today have never known an era when they did not have access to a mobile phone 24 hours of the day. The need to ask permission to use the Internet to make a doctors’ appointment online, for example, would seem extreme today but it’s actually not that long ago where it was considered reasonable to ask permission to use the telephone to make such an appointment.
Technology moves quickly and employers need to keep in step by making sure that they protect their business and provide employees with a clear set of guidelines. For example by including very clear and transparent Acceptable Use and Monitoring policies into the suite of company policies means that there is no misunderstanding from the start. Making all employees aware of the these policies from their first day of employment, keeping them up to date to reflect changes in technology and communicating those policy changes is also key.
Key content to consider includes:
- Use of the company provided Internet, both via company owned and personal devices;
- Downloading of content – including what is considered appropriate/inappropriate and that which causes a disruption in network service;
- Legal compliance such as the Data Protection Act;
- Relevant industry standards;
- When and how monitoring may take place;
- Clearly outline the possible outcome where an employee is found to be in breach of the policy.
If it is found that the employee is in breach of the policy, then a relevant and transparent Disciplinary Policy should also be in place. In the case of Barbulescu, it was found that his employers had complied with their policies and informed him of this.
Employers should not be tempted to review their employees as a matter of course or they could find themselves in breach of their own policy.
Putting these policies in place could seem like a daunting prospect for many small businesses who don’t have the relevant knowledge in house but there is plenty of expert advice and help out there; and what better place to start searching than on the Internet.