Many companies choose to monitor communications between their employees. Especially if their role requires them to provide services to clients and customers.
If an employee email breaks your code of conduct it could cause damage to your business's reputation. But if you invade an employee's privacy they could raise claims that could land you in trouble with the law.
In this guide, we'll explain when you can monitor an employee's emails, what the law says about it and why companies decide to do it.
What is email monitoring?
Email monitoring is a way for employers to track what staff send via their work emails.
You may decide to routinely check company emails sent by members of staff from work devices. They will often have access to the content of the email messages, as well as who they're being sent to and when.
There are many reasons why an employer will choose to monitor their email system such as security and productivity reasons. It can also help employers check whether staff are following company guidelines and communicating with colleagues or clients professionally.
What are other examples of employee monitoring?
Email monitoring isn't the only way that employers can track their staff. The introduction of new technologies has allowed business owners to manage employees in a range of new ways.
As well monitoring email messages, employers can also track:
- Internet usage.
- Computer screen monitoring.
- Keystroke counting.
- Webcams.
- Phone use.
Employers can also look at how staff use these devices. For example, what they discuss with colleagues and clients during their working day.
Why might you monitor employee emails?
There are many lawful reasons why an employer will choose to monitor employee emails. While employees have a reasonable expectation of privacy in their day to day lives, you may need to set guidelines on how they handle company equipment.
For example, companies often possess a lot of private and confidential information. It's important to protect this data and stop it falling into the wrong hands. This can be avoided by checking email messages sent through the employer's system.
You may also monitor employees in the workplace to:
- Assess performance and employee productivity.
- Ensure company rules and procedures are being followed.
- Investigate any breaches of company rules.
- Preventing reputational damage.
- Preventing potential criminal activity.
- Avoid the spread of viruses, or hacking threats from scams like phishing emails.
Whatever the reason may be, it's important that you act legally and fairly to avoid invading your employee's privacy.
Is it legal to monitor employees' emails?
Yes, it is legal for an employer to monitor employee emails for business purposes. Employees should be aware that messages sent via work computers are not considered private.
Employers are free to monitor messages sent via work devices or company equipment if they have a valid reason. However there are rules that you need to follow to stay legally compliant.
There are several UK laws that cover employee rights when it comes to email monitoring. These are:
- General Data Protection Regulation (GDPR) and Data Protection Act 2018.
- The concept of fairness as applied by Employment Rights Act 1996.
To comply with the Data Protection Act and GDPR, employers must prove that their surveillance is necessary, justified and proportionate. It's a good idea to make a written record of your reasons to justify the business purposes of your decision.
Do you have to tell employees that you are monitoring their emails?
You should tell staff about the insight tools you are using and if they are potentially being monitored. Different businesses have different needs when it comes to employee monitoring. While some may want to track how often an employee communicates with a certain client, others may want to assess productivity.
The reason behind your investigation will dictate how you disclose your process. Email monitoring can be done in two ways:
- Overtly: This means that employees are aware that their communications are being monitored.
- Covertly: This is when employees are unaware that they are being monitored.
Due to the nature of a workplace, employees may assume that their emails and other electronic communications are being checked.
What is the right to privacy at work?
There is no absolute right to privacy at work. However, cases based on the European Convention on Human Rights have clearly established two principles relating to the topic. The European Court stated that:
- An employee has some right to privacy at work, even during working hours. This is still the case if they have been informed by their employer that they will be monitored.
- An employer cannot put company policies in place that completely remove the right to privacy.
The UK is yet to make a decision on whether they will uphold these rules. So until then employers should act with caution.
Employers should make sure that any monitoring is necessary, justified and proportionate. You may choose to justify this reasoning in your employee handbook or employment contract.
What should you do with information collected from monitoring?
Under the Data Protection Act 2018 (DPA 2018) and the GDPR, employers have an obligation to correctly manage collected information. These rules dictate how personal information is stored and for how long.
Data collected from an employee email can only be used in ways that the law allows. Once you have declared a reason for collecting personal data you cannot use it another way. This is the case even if the reason is accepted by law and is considered reasonable.
Employers must also make sure that they:
- Only keep information that is relevant.
- Don't keep information for longer than necessary.
- Ensure that data is processed in line with DPA 2018and GDPR.
- Make sure that it is only accessible to those who need it.
- Don't accidentally damage or destroy the information.
- Balance the need to gather and process the information against the employee’s right to privacy.
When is employee monitoring lawful?
It is illegal for an employer to monitor emails without carrying out an impact assessment. This is a way of measuring the effect that email monitoring will have on your workforce.
It is also not allowed if there is a legitimate expectation of privacy within the workplace. If the employee is able to explain that they felt entitled to a certain level of privacy then the court would consider whether the monitoring was lawful and proportionate.
For example, it's unlikely that a court would consider monitoring toilets, prayer rooms, or vehicles while an employee has personal use, lawful.
What happens if you unlawfully monitor employee emails?
There are many consequences that come with illegally monitoring an employee email. If you breach an employee's right to privacy they could raise a grievance.
If you're unable to solve the issue in-house, an employee could complain to the Information Commission's Office. Your business would then be investigated and you could receive a hefty fine. You may also receive an order to rectify or destroy inaccurate data.
Employees may also be able to take you to an employment tribunal for claims of unfair dismissal or discrimination. Here you may need to pay compensation for injury to feeling and discrimination.
How to carry out an impact assessment
Before you begin monitoring employee emails you should consider if this is the right move for your business. To do so, you should conduct an impact assessment to measure the benefits.
This can be done by asking the following questions.
What is the purpose of monitoring employees?
As an employer, you need to consider why you want to monitor employee emails. You might have recently had a security breach, or a series of complaints from customers about staff behaviour.
Whatever the reason, you must make sure it's justified under law and not an opportunity for you to collect personal information. While work emails are not the same as private emails you should still be aware of some level of privacy.
Some of your staff may choose to disclose personal issues to their line managers. This can be for a range of reasons such as sickness absence or reasonable adjustments. It's important to make sure that these conversations remain private for those involved.
What will monitoring employees achieve?
As mentioned above there are many lawful reasons why an employer would choose to monitor emails. But it's important to specify the exact reason for this decision. This is because collected personal information can only be used for this purpose and cannot be changed once decided.
An exception can be made if an employee email shows activity that you cannot reasonably ignore. This could include potential criminal activity, gross misconduct or clear violations of company policies.
Can this be done without monitoring employees?
Once you've identified why you want to monitor staff, you need to consider whether there is an alternative way to solve this problem. Email monitoring should only be used as a last resort, so make sure you consider other options available to you.
For example, if you want to protect your company system by stopping employees from accessing phishing links, consider installing strong malware protection. You may also be able to limit the risk by conducting employee training on the issue.
The alternative you choose will depend on the size of your business. Large businesses for example will likely have better access to training resources due to the size of their workforce.
If not, how can you help maintain employee privacy?
Sometimes there's no way around an issue. Meaning the only way to solve it is to track an employee's working day. In this case, try to look for a less intrusive way to monitor staff.
For example, many employers need to check that staff are keeping confidential information safe. This includes not sharing it with parties outside of your organisation. To avoid this from happening, employers could routinely examine emails sent by employees and check the content.
This however can be considered invasive as an employee would need to be assigned the task of reading and checking these electronic communications. Alternatively, companies could use automated monitoring software. This would look at the content and subject matter of each email and check for potentially sensitive information based on keywords and phrases.
As this is not monitored by a specific individual, it is much less intrusive for employees.
What will be the impact of monitoring employees?
It's important that you measure the impact that employee monitoring will have on your workers. You need to assess whether this will encroach on any part of their private lives or reveal sensitive information that could be damaging to you and your business.
To assess this you should consider the following questions:
- Is the type of monitoring fair on your employees and workers?
- Will this impact the level of trust between you and your employees?
- Will this action increase the chance of sensitive information being leaked to people within your organsiation?
All information should only be gathered for business use. If you monitor your employees for any other reason this will likely have a negative impact on your working relationship.
Can your reasons for monitoring emails be justified?
Once you have considered the above questions you need to make a clear decision about whether your reasoning is justified. You essentially need to be able to prove that your actions are needed for your business to continue working successfully.
It is generally easier to provide justification for less intrusive monitoring. So keep this in mind when creating your plan.
How to begin monitoring employee emails
It's important to create a good balance when it comes to monitoring employees. Go too far and you could end up alienating your staff and lowering employee engagement. But without it you could see a drop in employee productivity and risk potential data leaks.
Let's explore how to begin email monitoring.
Create an email monitoring policy
The first step is to create an email monitoring policy that is kept within your employee handbook. This should outline when and why emails are being monitored. By being open with your staff you create a level of trust that can improve employee relations and avoid a toxic workplace culture.
Your company policy should also outline how data is collected, stored and who it will be disclosed to. It can also help to include general guidelines about how work devices should be used. For example, whether staff can access personal emails or social media sites on their computers outside of working hours.
If you have other types of monitoring in place such as tracking internet use or blocking websites you should make staff aware of this.
Share the policy with staff
Your staff should be aware of all of your company policies. This will make sure that they are aware of what is expected of them and how they should behave while at work.
All policies should be stored within your employee handbook. This way staff can refer to the document should they have any questions. Make sure new starters sign this before starting employment.
Regularly update your policy
You need to be aware of any legal updates that will affect the way you monitor your employees. Laws are constantly changing, that's why you need to stay up to date with any new amendments and update your policy accordingly.
Each time your policy is updated you should redistribute a copy of your employee handbook. You may ask employees to sign and date the policy to prove that it has been read and understood.
Provide regular training to staff
If your staff don't know the rules around internet and email use then they are more likely to break them. Providing training to staff about why you have these rules in place can help them understand them better.
Let them know how an employee email can pose a risk to you as a company. Make it clear whether their devices can be used for personal or business use and explain how your monitoring is done in line with current law.
Get expert advice on employee email monitoring from Peninsula
Your employees are likely unaware of the risk their emails pose. But if they break the rules it could have a big impact on your business.
It's unlikely that you need to track every employee email but introducing some email monitoring can help you catch problems early. However, if you invade an employee's private life, you could find yourself facing claims in court.
Peninsula offers expert advice on email monitoring. Our HR team provides unlimited 24/7 HR employment services which are available 365 days a year.
Want more information on how to protect your business? Seek specialist advice from one of our HR consultants. For our services and further information, call our telephone number 0800 028 2420.