Part I of the Regulation of Investigatory Powers Act 2000 ("RIPA") replaces the previous relevant law (in the Interception of Communications Act 1985) and creates new offences of unlawful interception on public and private telecoms systems and a tort of interception on private systems by those who run them. Monitoring (and tapping) of incoming and outgoing telephone calls, faxes and e-mails on a public telephone system will be illegal except (importantly) as permitted by regulations or under a warrant issued by the Secretary of State (see below).
Part II regulates techniques such as use of agents/informants used by law enforcement, security and intelligence agencies. In view of the coming into force of the Human Rights Act 1998 on 2nd October 2000 (see Acts of Parliament etc/Human Rights Act 1998 ) the previous non-statutory authorisation system would be likely to be inadequate and is thus replaced.
Part III provides power for the government to require any person to provide a plain text copy of any encrypted information.
Part IV provides for Codes of Practice and supervisory Commissioners.
Confusion and difficulty can arise because of the overlap and sometimes apparently conflicting provisions of the Regulation of Investigatory Powers Act 2000, the Human Rights Act 1998 (see Human Rights/Human Rights Act 1998/a general note ) and the Information Commissioner's code of practice under the Data Protection Act (see notes at Data protection/a general note ). This causes particular difficulty in regard to employers' rights to monitor staff e-mail. In 2001 the Cabinet Office produced (mainly for internal use by government departments) guidelines (2nd edition) on "Electronic Communications at Work - what you need to know" - July 2001 . The guidance there on monitoring of telephone calls, email and internet use can be relevant for other organisations.
A code of practice entitled "Interception of Communications" 2002 relating to the interception of communications (mainly by public authorities) under the Act came into force on 1st July 2002 (see the Regulation of Investigatory Powers (Interception of Communications: Code of Practice) Order 2002, SI 2002/1693). There is also a Code of Practice on "Covert Surveillance", which came into force on 1st August 2002 (see Regulation of Investigatory Powers (Covert Surveillance: Code of Practice) Order 2002, SI 2002/1933). Codes of Practice on "investigation of protected electronic information" and on "Acquisition and Disclosure of Communications Data" are in effect from 1st October 2007.
There have been recent surveys which suggest that disciplinary proceedings, some leading to dismissal, for breaches of email and internet policies now outnumber proceedings for "old favourites" such as breaches of health and safety regulations, dishonesty and theft (and see notes at Unfair dismissal/reasons making dismissal prima facie fair/employee guilty of misconduct ).
The Information Commissioner published Part 3 of the Employment Code of Practice (on "Monitoring of Employees") (issued under Data Protection Act 1998) in June 2003 - see notes at Data protection/Code of Practice/Monitoring staff - part 3 and the Official data protection web-site.
In March 2004 ACAS issued a revised version of its ACAS Internet and e-mail policies leaflet for employers.
If employees have access to the internet, it is most important that the employer has a clear and consistently applied e-mail policy and internet policy so that staff know exactly what private use, if any, they are allowed to make of the facility. Having a policy is not enough - it must be consistently applied. In at least one tribunal case in which the employer's written policy allowed staff to make "limited and reasonable" personal use of e-mail employees have successfully claimed that their dismissal for abuse of the e-mail system was unfair dismissal, essentially because it was unclear what "limited and reasonable" meant and different managers applied the policy in different ways (Long v SP Dataserve Ltd ET 103200/03 - see Travers Smith, solicitors, notes on "e-mailing to excess", May 2005).
Sending spam e-mails to private individuals, which includes business partnerships, and dumping cookies onto websites is made unlawful by the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426 which came into force on 11th December 2003. In 2007 the Edinburgh Sheriff Court awarded £750 + costs against a company which had sent a commercial spam e-mail to an individual (see website re Spam e-mailer sued successfully - Gordon Dick v Transcom Internet Services Ltd. 2006/07). In 2008 a blogger in Wales was fined £150 with £364 costs, under Telecommunications Act 1984 s.43, for posting posting a grossly offensive and menacing message on his blog (see Blogger fined for 'menacing' rant, BBC News 29th April 2008). The Information Commissioner has issued Guidance to the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), with separate special sections as PECR Guidance for subscribers and PECR Guidance for marketers.
For completeness it should be noted that, also in December 2003, a raft of other regulations (concerned with anti-terrorism rather than employment law matters and so not considered further in this programme) were made under the Regulation of Investigatory Powers Act 2000. Also that a Interception of Communications (Admissibility of Evidence) Bill was introduced in the House of Lords on 10th October 2005 which, if enacted, will by pass the RIPA to permit intercept evidence and evidence of communications to be used in serious criminal cases, including specifically cases concered with terrorism.
The Information Commissioner's Office Technical Guidance Notes webpages are an essential source of practical information on all aspects of data protection.
See also notes at Human Rights/privacy and/or Human Rights/telephone privacy .