Employers are legally entitled to read private messages sent by their employees at work and use them as grounds for dismissal. A ruling on 12th January by the European Court of Human Rights (ECHR) found in favour of a firm who’d presented Yahoo Messenger chat transcripts as evidence in their case against a sacked worker.
The ECHR judgement included a statement saying that it was “[not] unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours.”
However, this ruling doesn’t give employers the right to spy on their staff. Instead it highlights how important it is to have a clear policy in place and then properly communicating that policy to your workforce.
In this case, the firm had made one crucial move in their handling of this employee: they’d given the man in question prior warning that the company could check his messages. Their IT policy strictly prohibited the use of their resources for personal purposes and when they suspected he’d breached the rules, they were entitled to investigate. They argued that since no personal communications were allowed within their policy, they were entitled to monitor his messages as they had every right to assume they were work-related. The ECHR agreed.
Now this precedent is set, it’s a good time to look at your own IT-related regulations. There are many different policies a company could consider; the number, depth and tone of these will depend to a large extent on the nature of your business, as well as its culture.
However, a good benchmark would include policies covering:
- Acceptable Use of the Internet (AUP)
- Social Media
- Bring Your Own Device (BYOD)
- Removable Media (particularly the use of USB data drives)
- Data Protection