International Law firm Bird & Bird warned employers that they have only three weeks to get ready for new e-mail laws.
The Department of Trade and Industry on 3rd October published the new Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations, which will come into force on 24 October 2000. As a result, employers and other operators of private telecommunications networks will have to move fast to ensure that they do not break the law when monitoring e-mail, voicemail, telephone calls and other electronic communications on their networks.
The background to the Regulations is that on 24 October 2000 section 1(3) of the Regulation of Investigatory Powers Act 2000 will come into force. This creates a completely new right, enabling individual senders and recipients of electronic communications to sue for damages or an injunction if someone acting with the express or implied consent of the controller of a private telecoms network (such as an employer) accesses communications on its network without lawful authority. The Regulations provide a 'safe harbour' within which employers and other private network operators can access communications without risk of being sued.
A key provision of the Regulations is that in order to take advantage of these exemptions the system controller must have made 'all reasonable efforts to inform every person who may use the telecommunication system in question that communications transmitted by means thereof may be intercepted'. If a system controller has not done this, it cannot take advantage of the safe harbour provisions of the Regulations.
It used to be thought that an employer was free to set whatever ground rules it wished for its electronic communication policies, including the degree to which they might be considered private, so long as it communicated the rules to its staff. That is no longer the case. The employer's ability to gain access to communications will be regulated by the RIP Act and the new Regulations. The ability to make use of information that constitutes personal data is already subject to the Data Protection Act 1998, and will shortly be more specifically regulated by a Data Protection Code of Practice, on which the Data Protection Commissioner will shortly initiate a consultation exercise. And the question of employee privacy may also be affected by the provisions of the Human Rights Act, which came into force on 2 October 2000.
The Regulations are available on the Department of Trade and Industry website at www.dti.gov.uk/cii/lbpresponse.htm.