Recent Human Rights legislation has established the fundamental need to respect a person's privacy. However, whether or not such rights become enforceable will greatly depend upon whether the employee has reasonable grounds to contend that certain information received, stored and / or created on the employer's systems may be reasonably considered as 'private'. Your Information Security Policy must be clear about this.

• Where the monitoring of employee activity is perceived as intrusive and / or excessive and in contravention of the law, legal proceedings could result in fines and other penalties for your organisation.

• Ensure that all employees are aware of and have agreed (in writing) to adhere to, the Information Security Policies of the organisation.
• Periodically, or when any doubt exists amongst staff, promote awareness of the organisation's Policy on the issue of privacy.
• It is essential that staff are made aware of, accept, and participate in, any form of workplace monitoring. This should be notified before it is implemented.
• Data collected by monitoring procedures must be safeguarded to prevent any form of 'modification'.
• Data collected by monitoring procedures must be controlled by an effective audit trail to assure its integrity. The Federation of European Employers (FedEE) and the The Personnel Policy Research Unit (PPRU) provides more in-depth information on this subject.
  
  N.B. Always seek legal advice where your safeguards to protect the organisation could be perceived by the another party (or, potentially, their lawyer) as threatening, or in contravention of privacy or other rights.
• See also Complying with Legal and Policy Requirements.