Large companies snoop on staff emails - and face legal danger

About 40 percent of large firms are monitoring staff messages, and some are breaking the law

Many UK organisations are likely to be breaching privacy laws, according to a recent survey, which found over a third of large firms employ staff to read and analyse outbound emails and other electronic messages.

Messaging security software specialist Proofpoint surveyed over 400 US and UK companies with over 1,000 employees and found 38 percent employed staff to monitor outbound messages. The figure rose to 44 percent for companies with over 20,000 staff.

One in three respondents said that in the last year they had investigated an email leak of confidential or proprietary information, and just under a third had fired an employee for violating email policies.

However, despite this widespread monitoring of emails, Keith Crosby, director of market development at Proofpoint, said that almost a fifth of UK firms had no formal email usage policy and just under half of those that did failed to carry out formal training around the policy. "There is a good chance many employees don't know they are being monitored," he added.

Legal experts warned that failure to ensure employees are aware of email checks could risk breaching a number of laws, including Lawful Business Practice Regulations, the Data Protection Act and the Human Rights Act.

"There are good reasons for monitoring staff email, but employers have to be cautious," said John Salmon of legal firm Pinsent Masons. "Employers must always tell their staff about the types of monitoring taking place, the reasons for it, the sort of information that will be obtained, when, why and how it will be obtained, how the information will be used and to whom it will be disclosed."

Masons added, “If an employer goes too far - and reads the personal emails of staff without lawful justification, for example - he could find himself hauled before an employment tribunal or a court.”

Mark Hughes, managing director for Europe, the Middle East and Africa at Proofpoint, said firms had a difficult balancing act between protecting the privacy of staff and the privacy of customers. "Employees may feel it is an infringement of their privacy, but as a customer of these companies you'd want to know there are checks to ensure your confidential data is not being leaked," he added.