Since computers became commonplace and social media a core part of an individual’s private life, businesses have been battling to identify the correct line of business between employees’ personal and professional lives when it comes to communication. But, a recent case in the European Court means employers must now establish their internal policies and be very clear and transparent about what constitutes professional communications, even when using personal devices.
It is common place to see employees bringing their personal devices into work, and even use them in a work capacity. The desire to use personal portable devices for meetings – such as a tablet – or adding work email accounts to a personal device are now considered normal, and even acceptable. However, this approach results in work related information, which is the property of the employer and often confidential, being downloaded or copied to personal devices – which can present very obvious security risks.
Exacerbating the issue is the high level of confidentiality that many communications must be handled with, especially in the financial services industry. This sector is also under the microscope of regulators and the public, so any suggestion of sharing insider knowledge, leaking information (maliciously or otherwise) or other data breaches could have a catastrophic effect on the reputation of the company.
The other related issue is that of staff moving roles and – whether knowingly or not – taking confidential company information with them on their personal devices. Particularly amongst investor institutions and banks, individuals are often seen leaving their role for a similar position at a direct competitor. Should high value information or a company’s strategic plans follow an employee, it could seriously risk the competitive edge that company has.
A change in rights?
The European Court recently gave employers the right to monitor their employee’s private messages in response to the changing trends we are witnessing. This is a positive step in the battle for safeguarding a company’s confidential information and does not drastically change the rights of an employee. The Information Commissioner’s Office’s guidance on monitoring staff at work already allows the logging of email and internet use, without the employees’ knowledge, if there is a suspicion that the employee is breaking the law. Furthermore, wholesale monitoring is allowed if the employee is made aware. Therefore, the decision made by the court does not ring any changes as far as UK citizens are concerned.
So, should businesses respond?
Although there have been no drastic changes to the law, employees and employers alike are far more aware of the legal situation relating to communications within the workplace, but most remain unclear as to a particular company’s policy. The best course of action for any employer is to establish an accessible company policy which helps to maintain a clear separation between work and private life when it comes to electronic communications.
Other cybersecurity measures should also be reinforced and ensure they are ingrained into every day activity, including monitoring of all mediums of communication, especially chat and voice data, for signs of misconduct or unintentional information sharing – enabling companies to instantly intervene if necessary.
Furthermore, it is not only misconduct or misuse of data that must be considered, but also the processes that a company will undergo when an employee is departing the company. Such a procedure should be available to all employees and address items such as contact details, business leads and creative thought ideas. By clearly stating that these are the property of an employer if established when in employment, it will help negate any ill feeling towards communications being checked, copied or monitored. This is particularly crucial when considering contact cards and LinkedIn relationships.
Businesses have a responsibility to protect confidential company information to prevent breaches or data loss and protect employees. By implementing clear guidelines and educating employees on the need to maintain a clear separation between work and private life, companies and individuals will better understand their rights.