The European Court of Human Rights (ECHR), a Strasbourg-based international human rights court, ruled that companies have the right to read their employees private messages.
According to the BBC, the case was brought by Romanian engineer Bogdan Barbulescu. His employer discovered he was using the Yahoo messaging service for personal and professional contacts. The company had banned staff from sending personal messages at work. The had gone as far as dismissing Barbulescu after discovering his breach of this ban.
Barbulescu brought a case against his former employers in the domestic Romanian Courts. After losing he appealed to the ECHR, who also ruled in his former employers’ favour.
The ECHR said that it wasn’t “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours”, but that such monitoring policies must also safeguard staff from unfettered snooping.
One judge noted: “The employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate. The court sees no reason to question these findings.”
Relevance to the UK
The ECHR’s ruling applies to businesses operating in the UK. This is because nations that have ratified the European Convention on Human Rights, which include the UK, have agreed to abide by the ECHR rulings which concern them. The impact on domestic courts is less rigid; they must take ECHR decisions into account but aren’t bound to adhere.
Commenting on the ruling’s relevance to UK employers, Lilian Edwards, a professor of internet law at Strathclyde University said: “In this case, the employers say clearly that you are not to use the internet for anything but work. Although it is not popular, it is completely legal.”
Sally Annereau, a data protection analyst at the law firm Taylor Wessing, added:.“This judgment underlines the importance of having appropriate and lawful employee-monitoring policies in place and making sure both that they are communicated to employees and that they are adhered to by the employer.”
Employees and reputation
There is a necessity to monitor your employees’ internet activity to protect your business’ reputation, too. Employees can pose a risk to your company reputation if certain policies aren’t in place and abided by. Deloitte’s 2014 Global Risk Survey shows that more than half of the high-level executives questioned believe that the biggest risk to their firm’s reputation comes from their staff.
If employees post unwanted content on social media referencing your company or their job, it could potentially damage your company’s reputation online. The Deloitte Survey above shows findings that over a quarter of your business’ market value is attributable to its reputation. This unwanted content could make your firm less profitable.
Companies need to ensure that they take steps to limit the risk posed by employees online. You can read Igniyte’s ‘Protecting Your Company’s Reputation From Employee Risk’ report to determine how to achieve this aim. You may want to include measures such as:
Outlining what’s acceptable:
The first thing you need to do is write an IT and communications policy for your company. This should illustrate to employees how they should use technology and what isn’t acceptable. For example, viewing adult material on office computers, a move which will limit the risk staff pose to your business’ online reputation.
Implementing a social media policy:
Sites like Facebook and Twitter have millions of users, so ensure employees use them wisely. Write a social media policy that outlines how employees should act on these platforms and circulate it around the office. This is to ensure that staff know how they should communicate on social media without damaging your business’ brand.
Passwords are the gateway to your company’s private information, so you need to protect them. First, utilise password management services such as LastPass to limit employee access to sensitive information. Second, replace passwords when employees leave so they can’t use them to access private company data.
It isn’t enough to tell employees how to behave on the internet during working hours. You have to show them too. Provide training in critical areas such as email, and social media usage to illustrate to employees how they should act online.
Establishing a VPN:
A VPN will allow you staff to access company files away from office. This is useful in enabling remote working, but also safeguard your firm’s files by encrypting internet traffic. Therefore you can let your employees work away from the office. This will not compromise safety. You won’t have to worry about a public or untrusted Wi-Fi connection which could expose your files to outside parties.
Limit the risk
If your employees act irresponsibly on the internet, for instance they send private messages in working hours, it could reflect badly on your business. Therefore you need to implement measures to ensure staff know how to behave online. Selectively monitor internet activity in the office, to limit the risk employees pose to your business’ reputation online.