1 minute read
Checklist
Before monitoring emails and messages, you should consider the following questions:
• If network data monitoring alone is not sufficient, can the network data record be used to narrow the scope of the monitoring, for example to restrict the checking of email content to those sent to rival organisations? • What risk does any monitoring pose to the common law duty of confidence owed to workers or customers? • Are there secure lines of communication that will not be caught by monitoring? For example, for emails from workers to trade union representatives. • Have you banned personal use of the system? Even a ban would not entirely justify accessing the content of personal messages. You should investigate workers who breach any ban by looking at network data first rather than content. • Does your system enable workers to mark emails as personal or private? • Are systems for recording information about emails and messages reliable and accurate?
Advertisement
We are clear about our purpose and collect no more data than we need to achieve it.
We have carried out a DPIA that fully addresses our monitoring of emails and messages. It fully explores any impact on the rights and freedoms of workers and other individuals whose personal data may be captured by the monitoring.
We distinguish between network data and content. We only access content in exceptional circumstances and we notify workers in advance.
We have identified a lawful basis and a special category condition where appropriate.
Where required, we have an Appropriate Policy Document in place.
We have an acceptable usage policy in place and we bring this to workers’ attention regularly.
We have informed workers of the nature, extent and justification for any monitoring.
We have a retention policy in place. We bring this regularly to the attention of workers, who know what to do with messages that need to be retained for business reasons.
