Page 1

WORKS Chairman’s view Employee monitoring is a sensitive area for both employers and their staff, particularly as it is often used to gather evidence of some form of poor performance or misconduct. Despite there often being a compelling case for surveillance, the law is complex and stepping over the permissible boundaries can expose an employer to legal risk, even if the employee is culpable! Getting it right does not have to be difficult. In this edition, we explain the current legal position, and give some good practice guidance on how employers can stay the right side of the law. Irrespective of your organisation’s size, and the sector in which you operate, monitoring is likely to be just one element of your governance policy. With this in mind, I was prompted to consider that a whistleblowing policy may also be another tool you have in common when it comes to protecting your organisations. Such a policy can be a highly effective risk management tool for identifying control weaknesses, malpractice and criminal activity.

and at the same time to provide protection to those individuals from unfair treatment or dismissal. Employers often struggle when it comes to understanding this second aim, which is admittedly complex. This has recently been highlighted in two cases in which the Employment Appeal Tribunal was called upon to intervene. In the first case against a NHS Trust, the focus was on how wide reaching the whistleblowing protection is, touching not only employees and workers, but additional categories of workers who would not usually be protected from an employment law perspective, for example, an agency worker provided to an end user. In the second case, the Royal Mail was found to have unfairly dismissed an employee, although the decision maker was unaware of the whistleblowing; the decision maker had been influenced by someone else who was aware, for which the employer was held responsible. To the dismay of many employers, legal reform campaigners want to see greater protection in this area. Given the current political climate and particularly Brexit, employers will be relieved that the introduction of stronger measures around whistleblowing are unlikely to be a priority.

Floyd Graham

For a whistleblowing policy to play an effective role in managing organisational risk, employers must understand that the key aims of the legislation are to encourage individuals to report wrongdoing,

october 2016 0808 172 93 22

round up: Job applicant denied discrimination compensation The European Court of Justice has ruled that a job applicant, who had only applied for a job to bring a discrimination claim, should not be compensated; EU discrimination law cannot be relied upon for abusive and fraudulent ends. It would ultimately be for the national courts to determine if there had been an abuse of rights.

Gender Pay Gap Reporting The regulations which will bring into effect gender pay gap reporting have been delayed. However, it is reported that the first date for the reports (April 2018) remains unaffected. We will update our readers on any further changes as and when they are announced.

To Vape or not to Vape? Public Health England has published a report on vaping, which includes a section giving guidance to employers about the use of e-cigarettes in workplaces. A key consideration for any employer should be its smoking policy and how that policy differentiates between e-cigarettes and smoking.

Upcoming Seminars... FRIDAY, 23RD SEPTEMBER


Creating harmony in a world governed by TUPE – change management & legal compliance.

TUPE – A Trap for the Unwary: A practical approach for employers tackling the rights and obligations of a transfer.



STRICTLY PRIVATE & CONFIDENTIAL: DO EMPLOYEES HAVE A RIGHT TO PRIVACY IN THE WORKPLACE? Employers often harbour suspicions of employees spending a disproportionate amount of time updating their status on Facebook, checking their online banking, ordering their weekly online grocery shopping or emailing and instant messaging their friends. These suspicions ultimately give rise to concerns about the level and standard of work delivered by those employees.

Does a blanket ban on personal usage provide total protection to the employer?

So when is it permissible for an employer to monitor employees' emails and internet history as part of an evidence gathering exercise in support of potential disciplinary action for poor performance and/or breach of the employer’s computer misuse policy?

In the Romanian case of Barbulescu v Romania [2016], the employer adopted a policy setting out that employees were strictly prohibited from using the employer’s communications systems for personal purposes. The employee (“B”) was instructed by the employer to create a Yahoo messenger account for the purpose of responding to clients’ enquiries, but was informed that he could password protect the account with a password of his choice.

It is generally accepted that unless an employer’s policies specifically prohibit an employee's private use of its systems, some private use is acceptable. It follows naturally that, if some private use is permitted by the employer, then the employee will have a legitimate expectation that their privacy will not be violated by the employer accessing private information stored on the system.


Despite recent media coverage of the case below, which has perhaps misleadingly reported that employers have an unlimited right to “snoop” on their employees’ personal emails if a blanket ban on personal use is in place, the short answer to the question is no!

The employer took the decision to monitor B’s use of the account, however B was not informed of this fact. The employer’s monitoring exercise found that B was using the account for sending personal emails. B denied that he had done so, but was then

confronted with a transcript containing personal messages sent from the account to members of his family. The transcript also contained messages that he had sent during working time on a work device from another personal messenger account. B was dismissed from his employment for this breach, a decision that he challenged in the domestic courts in Romania on the basis that the employer had violated his right to private correspondence under Article 8 of the European Convention of Human Rights. His challenge was dismissed and so B brought his claim before the European Court of Human Rights (“ECtHR”), which had the task of considering whether the Romanian courts had struck a fair balance between B’s entitlement to respect for his private life on the one hand, and the employer’s interests to monitor fulfilment of contractual obligations by its employees on the other. The court, by a majority of six to one, dismissed B's claim for the following reasons: 1. Whilst accepting that Article 8 applied, this did not mean that employees were protected absolutely from interference with their Article 8 right in the workplace. 2. B had been informed that personal use of the employer's systems was prohibited – this removed any expectation of privacy on the employee’s part. 3. It was therefore not unreasonable for the employer to monitor B’s email account to verify that he was completing his professional tasks during working hours, especially as the employer was accessing the account in the belief that it contained only client related communications. 4. The monitoring was limited in scope because only the messenger account was accessed and not the entirety of the computer’s storage systems; the monitoring was therefore proportionate. In addition, the data was used solely for internal disciplinary purposes only and to the extent that it proved B’s breach of the Company’s policy. Nevertheless, the dissenting judgment in this case is very significant. The lone judge commented that the domestic courts, and the majority of the ECtHR, had overlooked crucial features of the case: 1. The employer did not have in place an Information Communications Systems Policy covering employee surveillance and monitoring (the employer would potentially be in breach of the Data Protection Act in these circumstances if

based in the UK). In the absence of any warning that communications are being monitored, an employee has a reasonable expectation of privacy in the workplace. Our view on this point is that it is difficult to see how B had a reasonable expectation of privacy if, as he stated, he never used the employer’s systems for private use! 2. The sensitive, intimate and personal nature of the messages, and the fact that some of the messages were sent to what was clearly a personal account titled: “Andra Loves You,” casts doubt over the validity of the employer’s need to access these particular messages, and to transcribe them in order that they could form part of the internal disciplinary process. Further, the employer did not take any precautions to ensure that the highly sensitive nature of the messages’ content was confined to the disciplinary proceedings – the messages were in fact made known to other colleagues and discussed openly within the workplace. We have more sympathy with this point. The judge suggested that the case had been wrongly decided and would set a dangerous precedent that would be detrimental to employees’ rights. So what are the lessons for employers who want to monitor employee communications?  The Barbulescu case does not overrule previous case law applicable to the UK. If personal use is permitted, in the absence of a warning that monitoring may take place, employees will have a reasonable expectation of privacy in the workplace. The principles of the Data Protection Act also still apply if monitoring of emails and internet usage occurs.  However, where there is a clear workplace policy preventing personal use, employers may check communications as long as the policy is made known to employees and warnings are given as to usage.  In line with a non-personal use policy, employers are entitled to monitor computers in the workplace as part of its right to check that professional tasks are being completed. A legitimate monitoring policy that is applied reasonably and proportionately is not a breach of Article 8. CONTINUED ON PAGE 4 ...



 Employers should be mindful about the difference between going on a fishing expedition in the hope of finding something incriminating about an employee, and having a valid reason for the search, such as the employee stating in defence of disciplinary action that they never use the employer’s computer systems for personal use. In the latter case, checking may be the only way to establish whether the defence is valid.


If an employer intends to monitor an employee’s communications, the employer should refer to Part 3 of The Employment Practices Data Protection Code issued by the Information Commissioner, which provides guidance about best practice. The code specifies core principles such as: 1. if employers wish to monitor their workforce, they should be clear about the purpose of the monitoring and be satisfied that the particular monitoring arrangement is justified by the real benefits that will be delivered; and 2. workers should be aware of the nature, extent and reasons for monitoring in advance.

1. H  ave a written whistleb lowing policy setting out how to repor t concerns. 2. E  nsure an impartial inv estigation is always part of the proc ess. 3. Document the reaso n for any decision taken in relation to the whistleblower. For exam ple, performance reviews, dis ciplinary issues or redundancy. Th is will help demonstrate any decision is unrelated to any disclo sure they have made if a cla im has to be defended.

Generally, the best option is to adopt a clear Information Communication Systems Policy bespoke to your workplace practices, and to regularly update workers, in writing, in advance, if monitoring is to occur covering the nature, extent and reasons for the monitoring. An area that has not yet been tested is the scope of Article 8 in relation to employees using their own devices for work purposes; as a general rule, this practice is not recommended.

4. C  ommunicate a zero to lerance stance to retaliation ag ainst whistleblowers.

For advice more specific to your workplace, contact us for a no obligation discussion.


SOLICITORS Lawyers for today’s employers Connect with FG Solicitors

Follow us on Twitter @FGSolicitors

2 Deanery Court Grange Farm Preston Deanery Northants NN7 2DT 0808 172 93 22

Like us on Facebook

FGWorks Oct 2016  
FGWorks Oct 2016