Yes they can, but only in a limited set of circumstances relevant for that business which have been defined by the LBP Regulations. The main ones are:
- to provide evidence of a business transaction
- to ensure that a business complies with regulatory procedures
- to see that quality standards or targets are being met in the interests of national security
- to prevent or detect crime to investigate the unauthorised use of a telecom system
- to secure the effective operation of the telecom system.
In addition, businesses can monitor, but not record, phone calls or e-mails that have been received to see whether they are relevant to the business (ie open an employee’s voicemail or mailbox systems while they are away to see if there are any business communications stored there). For further information see the DTI website where the LBP Regulations are posted.
However any interception of employees’ communications must be proportionate and in accordance with Data Protection principles. The Information Commissioner has published a Data Protection Code on “Monitoring at Work” available on its website here. The Code is designed to help employers comply with the legal requirements of Data Protection Act 1988. Any enforcement action would be based on a failure to meet the requirements of the act – however relevant parts of the Code are likely to be cited in connection with any enforcement action relating to the processing of personal information in the employment context. Accordingly this Code of Practice and the Data Protection Act must also be considered by any business before it intercepts employees’ communications.