The European Court of Human Rights (ECHR), a Strasbourg-based international human rights court, recently ruled that companies have the right to read their employees’ private messages.
According to the BBC, the case was brought by Romanian engineer Bogdan Barbulescu. His employer discovered he was using the Yahoo messaging service for personal and professional contacts. The company had banned staff from sending personal messages at work and dismissed Barbulescu after checking his messages and discovering he had breached this ban.
Barbulescu brought a case against his former employers in the domestic Romanian Courts. After losing he appealed to the ECHR, who also ruled in his former employers’ favour.
The ECHR said that it wasn’t “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours” but that such monitoring policies must also safeguard staff from unfettered snooping.
One judge noted: “The employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate. The court sees no reason to question these findings.”
Relevance to the UK
The ECHR’s ruling applies to businesses which operate in the UK. This is because nations which have ratified the European Convention on Human Rights, which include the UK, have agreed to abide by the ECHR rulings which concern them. The impact on domestic courts is less rigid; they must take ECHR decisions into account but aren’t bound to adhere to these rulings.
Commenting on the ruling’s relevance to UK employers, Lilian Edwards, a professor of internet law at Strathclyde University said: “In this case, the employers say clearly that you are not to use the internet for anything but work. Although it is not popular, it is completely legal.”
Sally Annereau, a data protection analyst at the law firm Taylor Wessing, added: “This judgment underlines the importance of having appropriate and lawful employee-monitoring policies in place and making sure both that they are communicated to employees and that they are adhered to by the employer.”
Employees and reputation
There is a necessity to monitor your employees’ internet activity to protect your business’ reputation, too. Employees can pose a risk to your company reputation if certain policies aren’t in place and abided by. Deloitte’s 2014 Global Risk Survey shows that more than half of the high-level executives questioned believe that the biggest risk to their firm’s reputation comes from their internal staff.
If employees post unwanted content on social media referencing your company or their job, it could potentially damage your company’s reputation online. The Deloitte Survey referenced above found that over a quarter of your business’ market value can be attributed to its reputation, so this unwanted content could make your firm less profitable.
Companies need to ensure that they take steps to limit the risk posed by its staff online. You can read Igniyte’s ‘Protecting Your Company’s Reputation From Employee Risk’ report to determine how to achieve this aim. You may want to include measures such as:
- Outlining what’s acceptable: The first thing you need to do is write an IT and communications policy for your company. This should illustrate to employees how they should use technology and what isn’t acceptable e.g. viewing adult material on office computers, a move which will limit the risk staff pose to your business’ online reputation.
- Implementing a social media policy: Sites like Facebook and Twitter have millions of users, so ensure employees use them wisely. Write a social media policy that outlines how employees should act on these platforms and circulate it around the office, to ensure that staff know how they should communicate on social media without damaging your business’ brand.
- Protecting passwords: Passwords are the gateway to your company’s private information, so you need to protect them. First, utilise password management services such as LastPass to limit employee access to sensitive information. Second, replace passwords when employees leave so they can’t use them to access private company data.
- Supplying training: It isn’t enough to tell employees how to behave on the internet during working hours – you have to show them too. Provide training in critical areas such as email, and social media usage to illustrate to employees how they should act online.
- Establishing a VPN: A VPN will allow you staff to access company files away from office, enabling remote working, but also safeguard your firm’s files by encrypting internet traffic. Therefore you can let your employees work away from the office, without having to worry a public or untrusted Wi-Fi connection which could expose your files to outside parties.
Limit the risk
If your employees act irresponsibly on the internet, for instance they send private messages in working hours, it could reflect badly on your business. Therefore you need to implement measures to ensure staff know how to behave online, and selectively monitor internet activity in the office, to limit the risk employees pose to your business’ reputation online.