New Page 1

‘AIN’T MISBEHAVING’

Employee misconduct in the workplace

Susan L. Belgrave

Barrister

‘Privacy in the workplace’

1. The common law does not recognise a right to privacy and protection afforded to individuals hitherto has been on the basis of the breach of confidence. The situation has changed with the Human Rights Act 1998, if only because greater emphasis is being placed on article 8 of the European Convention on Human Rights.

Article 8 Right to respect for private and family life, home and correspondence

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety, or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

2. Private life has not received extensive interpretation by the Court. The concept encompasses personal freedom and it ensures that there is a sphere within which everyone can freely pursue the development and fulfilment of his/her personality. It includes the right to an identity and the right to develop relationships with other persons. A member state must not only curb its own interference in the private lives of its citizens in keeping with article 8 but there is a positive duty to protect the enjoyment of rights and secure the respect for those rights in its domestic law.

3. In the field of employment this can be important in many respects: apparent discrimination on the grounds of sexuality or sexual orientation may be considered a violation of article 8 and a person’s entitlement to respect for private and family life. This can manifest itself not only in the way that a person is treated but also in the nature of benefits which are provided to a class or group of persons but not to others. Interception of correspondence, telephone tapping and searches (at home or at work) will be covered. Access to information about a person’s identity is also covered, but also a person’s right to have and to express an identity. The individual has the right to express his or her sexuality under this provision. In a health and safety context, the article supports the right to be free from severe environmental pollution such as cigarette smoke.

4. The article also covers the collection and use of information concerning an individual. It will therefore have an impact on the extent to which an employer during the course of an investigation into an employee acts reasonably in dismissing an individual when relying on something in that person’s life outside work. The right to have and form social relationships and the protection of a person’s reputation are also covered by the article. This means that an effected item must respect the right of the person to social relationships at work, so that a rule against office affairs might run counter to it.

5. An effected item may lawfully interfere with these rights if it is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety, the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

6. The State has an obligation under Article 8 to take steps to provide the rights and privileges guaranteed by the article and to protect people against the activities of other private individuals that prevent the effective enjoyment of these rights.

7. Private life: in Nimietz the court said: ‘there appears to be no reason of principle why this understanding of the notion of private life should be taken to include understanding of the activities of a professional or business nature since it is after all, in the course of their working lives that the majority of people have a significant, if not the greatest opportunity of developing relationships with the outside world’.

8. In Klass v Germany 1978 2 EHRR 214 German law permitted the state authorities to open and inspect mail and listen to telephone conversations in order to protect against ‘imminent danger’. The applicants accepted that there might be surveillance but objected that there was no requirement to notify individuals that surveillance had stopped nor was there a remedy against commencement of surveillance.

9. The leading case is of course that of Alison Halford. Ms. Halford was a senior police officer who had made a complaint of sex discrimination against the force she was working for. She alleged that her phone was being tapped. The ECHR did not accept the UK’s argument that an employer should be able to monitor calls made by an employee at work without informing the employee that such surveillance was taking place. The court held that since the employer had not warned Ms. Halford of possible monitoring, she had a reasonable expectation of privacy for her phone calls. Thus the ECHR recognised that phone calls made from the workplace were covered by article 8.

10. The question thus arises as to whether this right to privacy is satisfied if the employer gives advance warning of the possibility of monitoring. The ambiguous situation is covered by the Regulation of Investigatory Powers Act 2000 (see below).

11. The question arises as to whether individuals have a right not to be subjected to compulsory blood and urine testing. This does not mean that a prospective employee can refuse to undergo testing at the stage of recruitment:

‘if the person concerned, after being properly informed, withholds his consent to a test which the medical officer considers necessary in order to evaluate his suitability for the post for which he has applied, the employer cannot be obliged to take the risk of recruiting him.’

12. In Smith v United Kingdom [1999] IRLR 734 the European Court ruled that gay men and women serving in the armed forces had their right to respect for private life violated by questions about their homosexuality which had led to their dismissal.

13. Article 8 protects the individual from having private information disclosed to third parties. The ECHR held that this includes the unnecessary disclosure of confidential medical information in legal proceeding in Z v Finland (1998) EHRR 371. In disability cases, medical information concerning an application may be restricted to that which is necessary for the determination of the questions in issue between the parties. The recent case of De Keyser v Wilson [2001] IRLR 324 the EAT emphasised that in commencing an employment tribunal case, the applicant had consciously limited her right to privacy and this had to be weighed in the balance against article 6 concerns of a right to a fair hearing.

14. Public authority employers may face a dilemma in cases where the employee is seeking information about other employees. In TV v Finland (Application no 21780/93, 76A DR 140) the Commission held the disclosure of the fact that a prisoner was HIV positive to prison staff directly involved in his custody and who themselves were subject to obligations of confidentiality was justified as being necessary for the protection of rights of others.

15. Where information is passed on between authorities an infringement of the right to privacy may also take place unless it has been authorised by the subject. In MS v Sweden, the applicant had sustained a back injury and objected to disclosure of medical records, which contained confidential information to the Social Insurance Office for the purpose of assessing her compensation claim. The Court recognised that the object of disclosure was a proper one: to enable the Office to determine whether the conditions for granting compensation had been met. The court then considered whether, in the light of the case as a whole, the reasons adduced to justify the interference were relevant and sufficient and whether the measure was proportionate to the legitimate aim pursued.

16. The case of Woolgar v Chief Constable of Sussex Police [2000] 1 WLR 25 the claimant was a registered nurse and matron of a nursing home who was arrested after a patient died in her care. She was interviewed by the police under caution. The local authority’s registration and inspection unit was concerned about this incident and other complaints which had been made and asked to see a copy of the transcript of the interview. W sought an injunction to restrain disclosure. The Court of Appeal upheld the judge’s decision not to grant an injunction. While acknowledging that it was important that information provided to the police should not be used for a collateral purpose, the public interest in protecting public health and safety trumped this concern. Where the police intended to disclose such information, they should inform the affected person in sufficient time to allow that individual to apply to the court for a ruling on the matter. The regulatory body could similarly apply to the courts if the police refused to disclose the information.

17. The question of the individual’s entitlement to see the records held about him or her also raises some interesting issues. If the file contains confidential information provided by a third party can the authority safely refuse to disclose the records? This arose in the case of Gaskin v UK [1990] 1 FLR 167. The court held that there was a positive obligation arising out of Article 8 to disclose case notes which related to the individual’s private and family life. The records were the only information on his formative years and the effectiveness of the childcare system was legitimate aim. The stipulation that the third party’s consent should be obtained was reasonable but the court emphasised that an independent authority should decide whether access should be granted where the third party withheld his/her consent.

18. This has been addressed in the Data Protection Act 1998 which provides that an individual is entitled:

(a) to be informed by any data controller whether personal data of which that individual is the data subject are being processed by or on behalf of that data controller;

(iii) the recipients or classes of recipients to whom they are or may be disclosed;

(I) the information constituting any personal data of which that individual is the data subject; and

(ii) any information available to the data controller as to the source of those data; and

(d) where the processing by automatic means of personal data of which that individual is the data subject for the purpose of evaluating matters relating to the individual such as, for example, performance at work, creditworthiness, reliability or conduct, has constituted or is likely to constitute the sole basis for any decision significantly affecting the individual, to be informed by the data controller of the logic involved in that decision-taking.

19. Section (2) provides that a data controller is not obliged to supply any such information unless the data controller has received:

(b) except in prescribed cases, such fee (not exceeding the prescribed maximum) as the data controller may require.

20. ‘Sensitive data’ is defined as personal data relating to the race, ethnic origin, political opinions, religious or other beliefs, trade union membership, sex life or the commission of any offence. Where consent has not been given to the collection and processing of personal data, it is necessary for the data controller to show that the collection and use of such information is necessary for the performance of the contract of employment or is in the vital interests of the employee or that one of the exemptions applies (eg detection or prevention of crime). In respect of sensitive data, it is also necessary for the employer to obtain the explicit consent of the individual or show that the processing is either required under a legal obligation or is undertaken with a view to promoting or maintaining equality.

21. In the Guidance issued by the Information Commissioner emphasises that there must be some active communication between the parties and it should not be inferred by a non-response.

22. Here the right to privacy collides, possibly, with employers’ duties in relation to health and safety legislation. Where an employee consents to testing for drugs or alcohol, there is usually no problem. This may not be an effective method of proceeding and the employer may wish to use random testing. Transport workers might reasonably be required to undergo random testing. The draft code suggests that testing meets certain standards:

i. tests should be carried out on the basis of a voluntary programme for the detection and treatment of drug/alcohol abuse (unless compulsory testing can be justified on safety grounds);

ii. that drug testing, when used as the basis for decision affecting a person’s employability or continued employment, is of the highest technical quality and is subject to rigorous quality control procedures. The testing must be conducted under the direction of a medically qualified person.

23. Policies should clearly spell out what action should be taken if a positive result is obtained from the tests. Positive drugs and alcohol should set out the sanction for positive test results.

24. The Government enacted the Regulation of Investigatory Powers Act 2000 which came into force on 24 October 2000. This legislation is concerned primarily with regulating the functions of the security services and the state but the provisions apply generally. There is a new statutory tort of unlawful interception of communications on a private network.

‘An interception of a communication ...by, or with the express or implied consent of, a person having the right to control the operation or the use of a private telecommunication system shall be actionable at the suit or instance of the sender or recipient, or intended recipient, of the communication if it is without lawful authority and is either - (a) an interception of that communication in the course of its transmission by means of that private system; or (b) an interceptions of that communication in the course of its transmission by, by means of a public telecommunication system, to or from apparatus comprised in that private telecommunication system.

26. ‘Communications’ is not clearly defined in the act. It includes ‘anything comprising speech, music, sounds, visual images or data of any description’.

27. ‘Private telecommunications systems’ this is a system attached directly or indirectly to a public telecommunications system. This means a system attached to a public telecom system.

- monitors transmissions made by wireless telegraphy to or from apparatus comprised in the system in such a way as to make some or all of the contents of the communication available during transmission to a person other than the sender or intended recipient. The key aspect of the definition is that it must occur ‘in the course of the transmission.’ The definition of ‘in the course of transmission’ is extended by section 2(7) to include the time when the item is being stored in order to be read by the intended recipient.

29. The interception is unlawful if it is done without consent of the sender or intended recipient. Regulations made under the Act enable an employer to monitor or record certain types of communication in defined circumstances without consent.

30. These regulations came into force on 24 October 2000. They authorise interception of communications in several different circumstances:

to establish the existence of facts relevant to the business - this may include keeping records of transactions and other communications in cases where it is necessary or desirable to know the specific facts of the conversation;

- to ascertain compliance with regulatory or self-regulatory practices or procedures relevant to the business;

-to ascertain or demonstrate standards which are or ought to be achieved by person using the system;

(a) the interception in question is effected solely for the purpose of monitoring or (where appropriate) keeping a record of communications relevant to the system controller’s business;

(b) the telecommunication system in question is provided for use wholly or partly in connection with that business;

c) the system controller has made all reasonable effort s to inform every person who may use the telecommunication system in question that communications transmitted by means thereof may be intercepted; and

(i) concerning national security, the person by or on whose behalf the interception is effected is a person specified in section 6(2) (a) to (I) of the Act;

(ii) concerned with monitoring communications for the purpose of determining whether they are relevant to the controller’s business, the communication is one which is intended to be received (whether or not it has been actually received by a person sing the telecommunication system in question.

32. Interceptions are authorised only if the controller of the telecommunications system on which they are effected has made all reasonable efforts to inform potential users that interceptions to which the person making and receiving the communications have consented as these are not prohibited by the Act.

33. The significance of this definition is that it is supposed to provide a lawful basis for interference with the right to privacy. Thus a tribunal considering whether evidence has been lawfully gathered in this manner would have to reach a conclusion on whether it was so gathered.

34. Certain conduct is authorised without an interception warrant. Section 3(1) of RIA 200 provides that conduct consisting in the interception of a communication is authorised if the communications one which, or on which that person has reasonable grounds for believing, is a communication sent by a person who has consented to the interception and the intended recipient of which has also consented. The interception of a communication is also authorised under Part II of RIA 2000. Where all parties to the communication consent to the interception no question of unlawful interception arises under RIA 2000. There will be a substantive question of whether a general consent would suffice. Must the consent be given to the interception of the particular communication or can a general consent for example given in a contract, authorise the interception?

35. Where conduct falls under section 1(6) a person with a right to control a private network may intercept their own network without committing an offence under RIA 2000. However, where the controller of a private network intercepts communications on the network he may still be exposed to civil liability if he has permitted private communications to be sent over that medium. Thus were a public authority employer has permitted private mails to be sent between members of staff on the network, he may be in breach of their right to privacy as a result of this practice regardless of a technical reservation of a right to monitor.

36. Section 4 provides that the interception of a communication in the course of its transmission by means of a telecommunication system is authorised if it falls within regulations. Interception may be legitimate if reasonably required for the purpose, in connection with the carrying on of a business, of monitoring or keeping a record of:

(a) communication by means of which transactions are entered into in the course of that business; or

(b) other communications relating to that business or taking place in the course of this being carried on.

37. The employer’s disciplinary procedure should make it clear what use of the internet is permitted; when such use is permitted and for how long an individual can remain on the internet. It should also be crystal clear what type of sanction is involved for misuse of the E-mail and Internet. The employer should make it absolutely clear, for instance, that downloading pornography is prohibited as well as racially abusive material. More flexibility may be required in relation to personal use of E-mail and use of Internet services during working hours eg. Booking holidays, online banking etc.

38. The employer may set certain standards on the type of language which may be used:

2. unacceptable to use the E-mail system to send any form of jokes or messages of a personal nature as this can cause offence;

3. individuals sending E-mail of a personal, offensive /sexual/ racist nature will be in breach of company’s policy on E-mail and Internet use and equal opportunities policy.

It should be emphasised that passing on or distributing such E-mail is also forbidden and this will be regarded as a serious disciplinary matter;

employees should be warned that the system is swept regularly to ensure compliance.

39. There should be a rule about private use of Internet. It is the employee’s responsibility to ensure that friends and family do not infringe this rule. Alternatively, employees may be permitted personal use during lunch hours.

40. Disciplinary sanctions - the downloading of unauthorised or illegally copied software may be deemed to amount to gross misconduct. This would also include sending offensive or unacceptable E-mail or accessing, downloading, viewing or distributing offensive, unsuitable or obscene or pornographic web pages or material.

41. Electronic media such as the Internet should not be used for the transmission of, retrieving or storing of any communication that is:

Mr. J was authorised to use his employer’s computer system and had a password which gave him access only to certain data held on the computer. It was discovered that he had gained access to sensitive data for which he was not authorised. He claimed to have been playing around. He was dismissed for gross misconduct. The EAT reversed a finding that the dismissal was unfair. The tribunal held that if an employee deliberately uses an unauthorised password to enter a computer known to contain information to which he was not entitled, that would constitute gross misconduct.

Employee suspended for using the internet to book her holiday, she had also boasted that free postage was a perk of the job. A small business run on a friendly and informal way was justified in dismissing a trusted employee who had abused its postage and Internet facilities. Her misconduct was not such as to justify summary dismissal.

An old case of a female employee who shared an office with several male colleagues who downloaded pornographic and offensive material, some of which was referred to her, the majority was not. She resigned and successfully claimed sexual harassment.