Agentless Backup is Not a Myth

The monitoring of an employee's email, phone and internet use by a Welsh college was a breach of her human rights, the European Court of Human Rights has ruled. The UK Government must pay £3,000 damages and legal costs in the case.

Lynette Copland said her email traffic, internet activity, and telephone usage were all monitored by the deputy prinicipal of Carmarthenshire College or his staff in a manner that breached her rights to a private life as enshrined in the European Convention on Human Rights.

The government argued that monitoring, which it said was far more limited than Copland claimed, was justified in order to determine whether or not she had been excessively using college resources for personal communication.

"The court is not convinced by the government's submission that the college was authorised under its statutory powers to do 'anything necessary or expedient' for the purposes of providing higher and further education, and finds the argument unpersuasive," said the court's ruling.

The events took place in the 18 months leading up to November 1999, when Copland claims that the deputy principal of the college not only monitored her use of phone, internet and email facilities but contacted some of the people she had communicated with to ask about the nature of the communications and enquired at another campus of the college about a visit she had made there with a male director while she was on holiday.

Copland said that the monitoring was extensive and took place over a period of 18 months. The government admitted that monitoring took place but said that it lasted only a few months. It admitted that the college monitored dates and times of emails. The college had no policy in place at the time informing employees that their communications might be monitored.

"According to the court's case-law, telephone calls from business premises are prima facie covered by the notions of 'private life' and 'correspondence' for the purposes of article eight," said the Court's ruling. "It follows logically that emails sent from work should be similarly protected under article eight, as should information derived from the monitoring of personal internet usage.

"The applicant in the present case had been given no warning that her calls would be liable to monitoring, therefore she had a reasonable expectation as to the privacy of calls made from her work telephone. The same expectation should apply in relation to the applicant's e-mail and internet usage," it said.

The court said the monitoring of Copland's activity was an interference with her rights, and that that interference was not "in accordance with the law" as the government had claimed, and that therefore there had been a violation of Copland's rights. The court noted that the Regulation of Investigatory Powers Act (RIPA), passed after these events in 2000, would have given a framework for the regulation of employer monitoring of communications.

"The ruling is important in that it re-inforces the need for a statutory basis for any interference with respect to private use of a telecommunications system by an employee," said Dr Chris Pounder, a privacy specialist at Pinsent Masons, the law firm behind OUT-LAW.COM. "The lawful business practice regulations [part of RIPA] allow an employer to monitor and intercept business communications, so the Court is implying that private use of a telecommunications system, assuming it is authorised via an acceptable use policy, can be protected."

Copland was awarded £3,000 in damages and £6,000 in costs.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Cloud storage: Lower cost and increase uptime