Although the position regarding monitoring employees' email and web use is less than clear, employers should be able to find a workable compromise. The key elements to consider are:
- Ensure that you have a clear Acceptable Use Policy and that employees understand it - back up the policy with training to help make sure that employees consent to monitoring.
- Make sure the policy is distributed to all employees and enforced on a consistent basis.
- Conduct an Impact Assessment to determine if the benefits of any monitoring justify the intrusion to employees.
- Consider revising your AUP in the light of any impact assessment.
- Use spot-checks, rather than continuous monitoring (it is more likely to be proportionate).
- Use automatic content filtering tools rather than checking every site visited and email sent.
- Make allowances for genuinely inadvertent visits to unacceptable websites or the unsolicited receipt of unacceptable email content.
- Ensure that the IT and & HR departments talk when determining the policy and methods of enforcement and also on any change of policy.
- Above all make sure that the method and extent of interception is proportionate, objective and fairly applied to all employees.