When surfing isn't safe

Using email at work is taken to be a right these days, and email snoops and bosses who restrict online activity are often seen as invading employee rights. Most people wouldn't apply for a new job by email if they suspect they're being watched. But if you're working long hours, you expect a bit of leeway to organise your social life, or even order groceries online so that your fridge is stocked when you roll home late after preparing for the next day's presentation.

Research company IDC predicts that 80 percent of companies will be monitoring their employees' online behaviour by this time next year. The law doesn't necessarily prevent them from doing so. There is legislation in place to protect you from prying eyes, however. Who goes where is rapidly becoming a contentious issue.

The sensible precaution is not to do anything dodgy in the first place.

Trouble in store
If you download porn at work, spend long hours surfing at the expense of your job, or apply for jobs over email, you are asking for trouble. Even if you think you could be within your rights, dismissal or going to a tribunal can be a costly way of finding out.

In an ideal world, your employer would treat you like an adult, and you'd respond accordingly. And most of the time, that's how things work out. But does that mean you should be given free rein?

"The boundaries between work space and private space have become blurred as people work longer hours, become more mobile and adopt other untraditional working patterns," says Peter Skyte, national secretary of the Manufacturing, Science and Finance (MSF) Union's Information Technology Professionals Association.

"Just as work intrudes into private space, it's to be expected that home life will intrude to some extent into work, with people needing to arrange childcare or find someone to repair their washing machine while they're at work. A sensible employer will find a way to fit those things together - and allowing reasonable private use of the internet is part of that."

It's not just unions who say this, many bosses agree. "It's in the company's interests to encourage people to use the web, because it's the only way they're really going to understand its potential," says Margaret Smith, director of ecommerce at Legal & General. "And we want people to market-watch and tell us what's happening in ecommerce."

Smith compares the internet to a chocolate factory. "If you're allowed to eat as much as chocolate as you want, the first week you may eat a lot, but after that you won't."

Paul Ockenden, technical director of technology marketing company CST Group, takes a similar view. "I let my employees know that they should treat email like the phone and the web like magazines," he says. "I don't mind the occasional personal phone call, but spend all day on the phone to your mates and I'll sack you. Ditto with email. I don't mind you flicking through a magazine during your coffee breaks, but spend all day reading and I'll sack you. The same with the web. It's not rocket science."

What is reasonable use isn't always clear, however. Last year, Lois Franxhi, IT manager at Focus Management Consultants, was fired after her employer found she had booked a holiday online at work. She was said to have spent 111 minutes online over four days. Franxhi brought claims for unfair dismissal and sex discrimination against her employer, arguing the real reason for her dismissal was that she was pregnant. A Liverpool tribunal threw out her claims, but gave her a month's salary to compensate for breach of contract.

Go by the book
What's needed are clear guidelines from your employer as to what you can and can't do. It's possible that your company already has a policy but has forgotten to tell you about it. A survey by Content Technologies found that 78 percent of respondents had a policy on web usage, but half had neglected to inform their employees about it!

If your workplace is unionised, union reps can negotiate the policies for you. Otherwise it's a case of convincing your employer that it's in their interest to pin things down. You could even propose a draft agreement yourself.

The good news is that the Human Rights Act, due to come into force in October, will shift the balance in your favour.

"Reading private email could constitute an invasion of privacy under the Act. An employee who found an employer snooping might be able to resign and then claim constructive dismissal," says Warren Foot, partner and head of the employment unit at law firm Tarlo Lyons.

It's better all round if employers put their perspective across at the beginning, however. "A policy shouldn't just say what you can and can't do on the internet, but should also spell out what will happen if you breach the policy," says Foot.

One office worker found this out the hard way. "One day, I was hauled into the boss's office and sacked for having used the firm's internet access facilities for a personal purchase," she says. "I couldn't believe it - the total cost to the company of the online time was something like £1.34 and I had done most of the searching in my lunch hour. I would never assume now that I'm allowed to use a facility at work without permission. My advice is, if in doubt, always ask. Just because there's no policy, don't assume something is allowed."

The danger in email
If monitoring who's been where is contentious, reading personal email is even more so. As for deleted email that's been 'resurrected', Bill Clinton and Monica Lewinsky are just two unfortunates who can testify to the damage that can do.

The good news is that the law is on your side. David Smith, assistant data protection commissioner at the Data Protection Registrar's Office, says work is currently in progress on a code of practice covering the use of personal data in employment - a draft of which should be available in September. "It's likely we'll be recognising that employers do have some right to monitor emails as well as telephone calls and so on, but that there must be a clear business need, not just nosiness, and that the level of monitoring must be proportionate to the problem."

The latest version of the Data Protection Act also allows staff to object to automated decision-making. The clause was introduced in connection with computerised credit decisions, but could probably be invoked in the case of automated email screening, says Robin Chater, director of the Personnel Policy Research Unit. Chater has drafted a report on privacy at work called The Uses and Misuses of Personal Data In Employer/Employee Relationships for the Data Protection Registrar's Office (www.dataprotection.gov.uk/ppru.htm).

"Supposing that when you keyed in the word 'sex' the boss was alerted, you could object," he says. "In practice, it probably means that the employer couldn't discipline you based on that one consideration. It would need some other evidence too, such as a statement from a manager."

In addition, the MSF has drawn up a draft code of practice for the Protection of Privacy At Work (www.msf-itpa.org.uk). Skyte believes that all forms of surveillance, including the monitoring of email, should be regulated by legislation at European level. "Private email should only be read with good reason, for example if there is reason to believe that an employee has committed a criminal offence. And if a company is going to do this, it should notify the union's representative first," he says.

Information overload
It's not uncommon for companies to give you email access but then impose limits on surfing by installing internet management tools. The mere fact that the network manager is lurking with a CDRom doesn't mean you should pick up the phone to your lawyer, however - sometimes they're only protecting the network from overload.

Steve Purdham, president of JSB Software Technologies, whose SurfControl product monitors and controls internet use, says bandwidth problems can be caused unintentionally by technically unaware users. "One company found that it couldn't process orders because all its bandwidth was being eaten up by something else," he says. "The something else turned out to be the guys in the production department listening to the radio on the web. They knew they were allowed to listen to the radio but didn't understand the implications of doing it on the web."

These tools can also make employees' lives easier, says Purdham. "People don't have to guess what they're allowed to do. It can also prevent accidents. For example, there's a URL where if you type '.com' instead of '.co.uk' you get a hardcore porn site instead of a financial advice site. With controls in place, you don't run the risk of getting into trouble."

At Legal & General, internet management software from Websense is used to block access to dodgy websites. The company can also track who visits what sites for how long. "We publicise the fact that we have these tools and it does encourage people to be careful," says Smith. "People will come to me and say 'I accidentally happened on this website - will it still be on my PC?'"

Meanwhile, employers who use surveillance methods without good cause could be sailing close to the wind. Robin Chater (who under the pen-name Simon Paine is author of a forthcoming book on privacy called Endangered Spaces) says: "It wasn't the government's intention, but I hope the Human Rights Act will provide an opportunity for judges to become our guardians against oppressive governments that believe in surveillance come what may."