A01 chaf6542 06 se fm indd

’ of monitor-

ing activities.

According to the code, an impact assessment involves:

● 

identifying clearly the 

purpose(s) behind the monitoring arrangement and the benefits 

it is likely to deliver

● 

identifying any likely 

● 

considering 

An assessment of the 

employee monitoring 

process in the workplace 

to identify improvements 

to minimise infringement 

of employee privacy.

Figure 11.29

Employee controls

Source: DTI (2006) Department of Trade and Industry Information Security Breaches Survey.

59%

94%

50%

44%

2%

83%

to the Internet at work

Block access to inappropriate websites

(through blocking software)

Block access to social networking sites

Monitor logs of which websites

staff visit and when

Monitor what staff have posted

onto social networking sites

ISBS 2013 - large organisations

ISBS 2013 - small businesses

20

0

60

80

M11_CHAF6542_06_SE_C11.indd   582

7/23/14   1:27 PM

583

Chapter 11  Analysis and design

● 

taking into account the 

obligations that arise from monitoring

● 

judging whether monitoring is 

justified.

The code does not make specific recommendations about monitoring of emails or web 

traffic, but it does refer to them as typical monitoring activities which it suggests may be 

acceptable if staff are informed of them and an impact assessment has been conducted. The 

code does ask employers to consider whether alternatives may be better than systematic 

monitoring. Alternatives may include training or clear communication from managers and 

analysis of stored emails where it is thought an infringement has taken place rather than 

continuous monitoring. For example, automated monitoring is preferred to IT staff viewing 

personal emails of staff. The code also makes clear that the company should not under-

take any 

Download 29,46 Mb.

Do'stlaringiz bilan baham: