Technology &
Internet Law

Components of an Internet Policy - Implementing an Email Policy and Human Rights Guarantees

In the context of the Human Rights Act 1998, and the somewhat challenging terms of the Regulation of Investigatory Powers Act 2000 ("RIPA 2000"), you need to balance the statutory "right to a private life" with the prohibition on interception of communications under RIPA 2000.  RIPA 2000 allows for some employer interception but this may conflict with both the Data Protection Act 1998 and the Human Rights Act: compliance with one Act is no defence to breach of another. 

All of this is as yet untested in the courts and you should take specific advice for your circumstances on either amending or embarking upon the preparation of an email/internet policy.  Nevertheless, you may find the following points useful: 

1. It is important to recognise that there is one option (although for many of us it is not really an option), namely to ban the use of email or the Internet altogether. 
2. A more realistic compromise on option 1 is to consider the possibility of a total prohibition on email and Internet use for personal use.  This is probably the most comprehensive and safest reaction but it may be politically unacceptable within your organisation.  Indeed, it would be even in my own firm. 
3. Your email/internet policy should specify that in the legitimate interests of the business it may from time to time be necessary to gain access to email accounts and individual emails. 
4. You should consider specifying that when sending emails out of your organisation, the employee should not use the company's "signature" (ie standardly worded footnote or headnote).  It may be wise also to require that they use a separate signature stating that a personal email is being sent as a personal email and not in the course of business.  This is not a watertight position but it may be helpful in the event of a dispute. 
5. Make it a condition of use of email for personal purposes that the employee does not give out his/her email address to any person for non-business use without warning them that those emails may be subject to the company's monitoring policy from time to time and that by using the email facility they are consenting to such monitoring.  This will work with new email accounts but will not work with existing ones where the address has already been given out.  The problem is that failure to gain consent of the recipient as well as the sender of a personal email will be in breach of RIPA 2000.  You might want to add a stipulation that employees notify all existing holders of the account details of this fact immediately. 
6. You should also make it clear that the only option, if they are not happy with the provisions in the policy, is not to use the email for personal use at all. 
7. Under the new Lawful Business Practice Regulations, you are allowed to intercept emails to ensure that employees' use of company computers is only for business purposes.  It is as yet untested and uncertain how this will fit in with legislation quoted earlier in this article. 

This is not an exhaustive list of issues to include in an Internet or email policy by any means.   These points merely address some of the concerns arising out of the latest legislation. Take advice from your Internet-specialist lawyer.

NEED TO KNOW MORE?

For further information on Business Law, contact Maitland Kalton.  Should you prefer to telephone, call us on +44 (0)207 278 1817.

Kaltons Solicitors, Suite 302, Spitfire Studios, 63-71 Collier Street, London, N1 9BE. Telephone +44 (0)20 7278 1817; Fax: +44 (0)207 278 1835.

© Kaltons Solicitors November 2000.  All rights reserved.