Communication technology is an indispensable tool for modern organisations – including emails, access to the internet, or mobile phones provided to staff. Limited private use of these tools is often permitted, generating a level of expectation by employees for privacy: employers should not routinely read employee' emails or check what they are looking at on the internet.
However, employers also have a legitimate interest to ensure that usage remains limited. In order to balance the monitoring of usage while respecting their employees' privacy, employers should adopt a gradual approach and avoid the collection of data when possible.
Data quality - It is important not to process more personal data (also referred to as personal information) than necessary. How? By only collecting relevant data in the first place. In the case of verifying acceptable use of IT resources made available (eMonitoring) this means not monitoring everyone's use all the time, but to minimise monitoring to the extent possible. For example, instead of monitoring individual usage, employers can monitor aggregate levels of usage and send general reminders to staff. If excessive private use persists, monitoring can be increased in line with the defined rules of the organisation, for example to specifically target particular suspicions. Where the private use of telephones is to be reimbursed by employees, there are a number of possible ways to do this, for example using a specific code for private calls or declaring of private calls either when making them or afterwards.
Confidentiality of communications – Where limited private use is allowed or tolerated, employees have a reasonable expectation that their communications will remain confidential. This should be ensured by the employer.
Right of information – Employees should be told about the organisation’s rules on the use of communication tools in the workplace when starting their employment, so they can act accordingly. The rules in place have to be documented and clearly communicated to staff.