Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Printer Friendly Version
It is now a year since Edward Snowden leaked a flurry of classified documents from the vaults of the US National Security Agency.
His leaking of highly classified material revealed previously unknown details of a global surveillance apparatus which was being operated by the NSA and many of its partners, such as the UK's GCHQ.
During this period, the leaks have been fuelling an unprecedented debate in much of the developed world on mass surveillance by governments and the line to be drawn between security and the citizen's right to privacy.
So what can businesses and individuals learn from this debacle? After all, most businesses monitor their staff or customer's behaviour in some way.
Most individuals accept that some monitoring of them will take place from time to time. If you walk down Whitehall in London, you shouldn't really be miffed about being filmed on CCTV. If you call your bank, you can typically expect your conversation to be recorded.
So when does surveillance go from 'acceptable' to 'icky'? When does it start to feel just a bit creepy? When does a business cross the line?
Alas, nowadays, that line is fiendishly hard to draw.
The law does provide some help (see below), but businesses have to be a bit more sophisticated than simply spouting 'we are in full compliance with our legal obligations'.
The law is all well and good but if you start 'playing hard and fast' with what your customers expect of you, then you could find yourself dealing with a messy PR disaster and plenty of lost customers.
Just because you can monitor doesn't mean that you should monitor.
It strikes me that the key word that is often forgotten when this subject is discussed is 'trust'.
In an interconnected world, trust is more important than we think. When trust exists—and what an intangible quality it is!—things are just, well, easier. It is the superglue that binds us together and this includes businesses and customers.
If you over-monitor staff or customers, trust is easily jeopardised and vital relationships may be compromised.
Take a deep breath—as difficult as this may be at first—and trust your staff. Have some faith in your customers.
I attended an event on Monday evening which debated this topic. The Guardian journalist, Luke Harding, ventured (and I'd agree) that constant surveillance 'corrodes the soul'. In this case he was talking about when he worked in Russia and he was under the constant watch of the security services there.
Even Sir David Omand, Ex-Director of GCHQ—who you'd think would want mini-cameras permanently installed on all of our heads—made it clear that he did not want to see a society where everything was monitored all of the time. He opined that 'we need to live with risk' and, more interestingly, 'a crime-less society is not desirable because of what you need to do to get to it.'
Now whether you believe Sir David or not is, as it happens, down to trust in the government and our democratic institutions. That is perhaps for another day.
Clearly, there are a smattering of bad guys out there which need to be dealt with (I'm not suggesting that you turn off all of your anti-viral software for instance) but this shouldn't mean that you treat all of your key stakeholders with unwarranted suspicion or contempt.
The following laws are relevant to monitoring IT and communications systems:
Generally speaking, monitoring is permitted provided appropriate notices are given to those being monitored. Notices are usually given to employees in staff policies, such as Internet acceptable use policies. Notices can also be given to people other than employees in customer terms and conditions, recorded messages and website notices.
As for consent, it is generally neither practicable nor legally necessary for a business to obtain consents to monitor its own (not third-party) IT or communications systems provided the conditions of the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 have been met.
What's more, there is also an implied duty of trust and confidence between employers and employees implied into UK contracts of employment. Added to this are the provisions in the Human Rights Act 1998 which grant individuals a right to respect for private and family life. Breach of an employee's reasonable expectation of confidentiality or privacy may give rise to a claim, such as a discrimination claim where an employee claims their communications are excessively monitored or restricted compared to other staff.
So there’s a (very rough) run through of the laws that you should consider in the first instance.
Perhaps you have decided to go ahead and are looking to implement a robust monitoring policy. What then?
Businesses can prevent unlawful and excessive monitoring by implementing comprehensive procedures when, for example, IT personnel conduct monitoring. This is typically done through a monitoring policy.
Ideally, such a policy should make clear:
This area is notoriously complicated so it is sensible to have a chat with a lawyer specialising in this area for tailored advice.
Moreover, have a word with your sales teams. What do your customers expect from you?
If you are transparent about monitoring and ensure that it is as focussed as possible, then you should be able to minimise any legal and PR risk to your business and, all being well, keep customers happy. No bad thing!
Do let us have your thoughts. As always, comments can be posted below.
0330 161 1234