Sunday, August 5, 2007

Email Monitoring Could Breach Human Rights Law

Earlier this year a college in Wales was found in breach of human rights law when it monitored an employee's email, web and telephone activity in 1998 and 1999; the employee who took the colleage to court was awarded 3000 euro in damages for stress and anxiety.

Nearly half of UK organisations risk breaching human rights legislation by monitoring employee emails without following proper policies. Up to 44 per cent of large UK companies are potentially breaching a range of laws governing email monitoring, including the Human Rights Act 1998, the Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000, and the Telecommunications Regulations 2000 because they monitor emails without explaining their reasons to staff.

If your organisation routinely monitors emails for discipline purposes, or you monitor "live" emails as part of your proactive secuirty management programme, you are advised to seek guidance from your legal and HR departments. Seizing computer evidence (including old emails) for analysis in investigations, however, is generally not a breach of legislation.

The legal implications of computer evidence is one of many subjects addressed on the forthcoming IT Security and Incident Response Course, 9-10 October, led by author and broadcaster Ed Wilding.