The monitoring of employees phone or email use, to make sure that they are working and not skiving, could prove to be more difficult than in the past. A new Code of practice now gives your workers the right to privacy in the workplace.

The Code in question is part three of the Employment Practices Data Protection Code which, in conjunction with the Data Protection Act 1998, imposes obligations on employers in how they deal with the data held on their employees.

The idea is to ensure technology is not abused by employers and includes important new guidance on what you can and cannot do when it comes to checking up on what employees are doing at work. Get caught out and you can be prosecuted, and, you could also be liable to pay compensation. So what can you do to make sure you comply?

The main risk to you, the employer, is that it is easy to unwittingly fall foul of the new Code and your route to compliance will be undertaking an impact assessment. That means before you think about any kind of monitoring you have to ask why it is necessary, assess the potential impact on the employees concerned, and then ensure if you do monitor you are not doing any more than is needed for a sound business reason.

For instance, if like many companies you have software which alerts a manager when a server accesses improper websites, you must be clear this monitoring is for the purpose of protecting the staff in the workplace against offensive or discriminatory images and tell them so. All monitoring must be justified, and the benefits and impact of monitoring balanced, so as not to infringe on the private lives of workers.

Using the phone or internet for personal business during working hours may be something your business frowns upon, but, you must remember personal communications should not normally be monitored. If you want to clamp down on this and comply with the new regulations, you will have to give your employees a facility to make/send unmonitored private telephone calls and emails, and the ability to distinguish between personal and professional communications.

Monitoring should not be intrusive, so, if you do need to keep an eye on your staff you should use spot checks and audits. If you suspect some sort of criminal activity then the police should be involved at the earliest possible stage. Every business should have a clear policy on email, internet use and telephone use. If you haven't then now is the time to sort one out. It should clearly define what is allowed and what is not. Also state monitoring is being carried out and it should be made clear what sanctions may arise from a breach of policy.

If you want more information on the new Code go to www.dataprotection. gov.uk. If you are still puzzled then Trowers & Hamlins partner Will Downing will explain all. For contact details go to: www.trowers.com.

How to beat the anti-snooping code

• Only carry out monitoring where it is absolutely necessary, for example, for health and safety or security reasons

• Don’t carry out covert monitoring – the new Code is very clear that this will only now be acceptable in the most limited of circumstances

• Don’t use video surveillance technology installed for security purposes to monitor employees' work levels

• Don't listen in on or record telephone conversations unless required to by law or for other compelling reasons (e.g. helplines or financial services companies)

• Don't read personal emails nor those in employees deleted items boxes