Introduction to cyber security: stay safe online
Introduction to cyber security: stay safe online

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

2.5 Lawful Business Practice Regulations

Under UK law, employers have certain rights to monitor communications made by their employees.

They are authorised to do so under the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 SI 2000/2699 (sometimes abbreviated to IC Regs). Monitoring can take many forms including recording telephone calls, storing telephone numbers, email addresses and website addresses, storage of email and the inspection of any email attachments.

The regulations exist so that employers can ensure that their networks are used in a manner that does not bring the company into disrepute (such as sending offensive emails would), be used for illegal activities (such as transmitting copyright materials without licence), or to check that company resources are not used for personal reasons.

Companies may also have to monitor their networks to meet legal regulation – such as in the case of financial organisations where ‘health warnings’ must be offered to customers – and in extreme cases, monitoring may take place in support of national security.

The IC Regs are an exception to the general understanding that it is unlawful to intercept any communications unless an individual or organisation is specifically authorised to do so. This is codified in RIPA – see Investigatory Powers Act 2016 ( ukpga/ 2016/ 25/ section/ 1/ enacted [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] and government/ collections/ ripa-codes). The IC Regs allow interception to be made under specific conditions, but only if both parties in the communications consent to it happening. Such consent may be a necessary condition of employment, or it might be an additional agreement between an employer and their employees.

Monitoring of employees is an activity that must be done with care since it has the potential to erode trust between management and workers as well as being intrusive. Employers must abide by legislation including the Human Rights Act and the Data Protection Act to ensure that interceptions take place in a proportionate manner that any intercepted data is used for the correct purposes and that personal information is stored and processed appropriately.

Next you can complete an activity to check what you’ve learned about cyber security and the law.

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371