A recent decision by the European Court of Human Rights (in Bărbulescu v Romania) has emphasised that where an employer monitors an employee’s emails, without communicating to the employee that it is doing so, then this will constitute a breach of Article 8 Right to Privacy. Public Sector organisations must have clear, defined policies, setting out the circumstances in which employee communications will be monitored.
A recent Information Commissioner’s Office (ICO) decision resulted in Nottinghamshire County Council being fined £70,000 for failure to keep data safe. The ICO considered that one of the online portals used was not sufficiently secure, lacked authentication processes and that the data could be available to anybody using a search engine.