Snooping on your staff? Make sure you know the rules

James Willis – Head of Employment at stevensdrake

To what extent you can (or should) be monitoring your staff when they are at work is an ongoing problem for many employers.

More specifically, can you look at your employees’ internet history, emails and other electronic communications without getting yourself into trouble?  A recent Romanian case that found its way to the European Court of Human Rights (ECHR) provides us with a good excuse to have a fresh look at this issue.

Bogdan Barbulescu’s ‘beef’

In the course of his employment, Mr Barbulescu was required to set up a Yahoo Messenger account in order to communicate with his employer’s customers.  The account was meant to be used for business purposes only.  Indeed, the company had a strict rule that required employees to refrain from any personal use of its IT systems.

Problems arose when Mr Barbulescu’s employer monitored his usage of the Yahoo Messenger account and found that he had been sending personal as well as business messages, some of which were to his fiancée.  His employer confronted Mr Barbulescu with the allegations and ultimately dismissed him for breaking its internal disciplinary rules.  Mr Barbulescu’s claims before a Romanian court were unsuccessful, so he ended up in front of the ECHR, arguing that his human rights had been breached; more specifically, he relied on his right to respect for his private life and his correspondence.

What did the court say?

By a majority of 6 votes to 1, the ECHR concluded that Mr Barbulescu’s human rights had not been breached.  Instead, the court found that his employer had acted reasonably and proportionately in seeking to check that he was doing his employer’s work during working hours.

What does this mean for employers here in the UK?

It is reassuring to hear that, in the right circumstances, monitoring your employee’s usage of your IT systems will not amount to a breach of their human rights.  But this is by no means the end of the story.  After all, we also have to factor into our thinking, amongst other things, the impact that the Data Protection Act 1998 has on our behaviour.  In this regard, it is well worth looking at The Employment Practices Code, which is published by the Information Commissioner.  Here’s a link that will take you to it:

Part 3 of the Code deals with monitoring staff in the workplace.  It is fairly easy to read and provides some very helpful guidance.  In summary, the Code says that you should only monitor your employees’ use of IT systems if they know what you are up to.  You should keep monitoring to a minimum and be clear as to the reasons why you are doing it.

Bearing the above in mind, before you start interrogating your employees’ emails archives, it is essential to check that your policies give you the right to monitor them in this way.  Without clear policies, your capacity safely to monitor your employees may be significantly curtailed.

What else should you be doing to protect yourself?

Once you know what (if anything) your policies say on this subject, you should: update your policies (if necessary) in order to make staff aware of your right to monitor them; make sure that your policies are also clear on the extent to which employees can use your systems for personal purposes (if at all);consider using a ‘pop-up’ message, to remind staff of your right to monitor their usage of your systems each time they log in; consider requiring your staff to ‘consent’ to you monitoring their activities in your employment contracts; andif you find yourself wanting (or needing) to ‘snoop’ on your employees, consider taking legal advice first.

Want to know more?

If you would like to discuss this issue in more detail, please get in touch with me at

Leave a Reply

Your email address will not be published. Required fields are marked *