The Regulation of Investigatory Powers Act (RIP) received Royal Assent on 28 July.

The Act includes arrangements for updating and expanding the law governing the interception of communications, the acquisition of data relating to communications and the regulation of surveillance activities to ensure that they are in compliance with the EU telecommunications Data Protection Directive and the European Convention of Human Rights.There is at present no provision in law for the interception of communications on a private telecommunications system.

For employers the Act will be significant, as this will make unlawful, for the first time, the unauthorised interception of workplace telephone calls or communications on computer systems where part of the network is connected to a public or private system.Privacy rights under the Human Rights Act 1998The Human Rights Act came fully into force on 2 October and incorporated into UK domestic law most of the rights contained in the European Convention of Human Rights.This includes art.8(1), which provides: 'Everyone has the right to respect for his private and family life, his home and his correspondence'.

Art.8(2) will allow a defence to a public authority, if the interference takes place 'in accordance with the law' and is 'necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.The limitation of the Human Rights Act (as was the case with the Interception of Communications Act 1985) is that not all employees will be able to bring proceedings under the Act, as there is no direct cause of action for employees against a private sector employer.

However, the courts and tribunals must as far as possible interpret existing UK legislation in a manner, which is consistent with the convention rights under the Act.

This will mean that private sector employees will only be able to rely on their rights under the Act indirectly where they arise in the ordinary course of proceedings.This disparity in the law was brought to the fore following the ECHR ruling in the high profile case of Halford v United Kingdom.Alison Halford was assistant chief constable with the Merseyside Police.

She claimed that her employers were intercepting her office telephone calls in an attempt to gather evidence against her in a sex discrimination claim she had brought against them.The court held that the interception of the calls violated art.8(1) as it amounted to an unjustifiable interference with her right to respect for her privacy and correspondence.

In the circumstances, she had a reasonable expectation of privacy for such calls, not least as she had been advised specifically that she could use this telephone for the purpose of speaking with her solicitor.As there was no legislation in the UK regulating the interception of telephone calls on private networks, Ms Halford's employers were effectively prevented from raising a defence under art.8(2).

Art.8(2) provides a public authority with a defence if the interference with the right to privacy and correspondence is carried out 'in accordance with the law.' As the Interception of Communication Act 1985 only covered public telephone networks, the interception of calls could not be said to have been carried out in accordance with the law.Enter the Regulation of Investigatory Powers Act, which was originally derived to bring UK domestic law into line with the requirements of the European Convention on Human Rights and in response to the mauling the government had received in the European Court.Regulation & Investigatory Powers ActThe Act effectively establishes a free standing privacy right by creating a tort of unlawful interception.S.1(3) of the Act provides that any interception of a communication in the UK by, or with the express or implied consent of, a person having the right to control the operation or use of a private telecommunication system will be actionable, if it is without lawful authority.

In addition, the interception of that communication must be in the course of its transmission by the private telecommunications system or by a public telecommunication system to or from the private system itself.Any interception will not be actionable if it is carried out with lawful authority.

The interception will have lawful authority in two situations:-- Where the interception of the communication is one which has or the person intercepting has reasonable grounds for believing it has the consent of both the sender of the communications and that of the intended recipient (S.3(1)); and-- Where the Secretary of State authorises by way of regulations any conduct deemed to constitute a legitimate practice reasonably required in connection with the carrying on of any business, of monitoring or keeping records of communications of transactions entered into in the course of that business or other communications relating to that business (s.4(2)).The lawful interception of communications by way of consent reflects existing provisions under the Interception of Communications Act 1985.S.4(2) and the incumbent regulations, which allows businesses and public authorities to intercept communications without the consent of correspondents, that has caused the most consternation among civil liberties groups, trade unions and others advocating human rights and the right to privacy.Proposed scope of the Lawful Business Practice RegulationsThe Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 have recently been the subject of a public consultation exercise, which invited comment from industry on the scope and content of these regulations.

This consultation has led to regulations, which are far less onerous than those originally proposed, for employers wishing to monitor employee communications.The key change is the widening of the circumstances in which businesses will be able to monitor employee communications without first obtaining the consent of a sender, recipient or caller.

The new regulations will authorise employers to intercept communications without consent in certain circumstances for the following purposes including:-- To establish the existence of facts relevant to the business;-- To ascertain compliance with regulatory or self-regulatory practices or procedures;-- To ascertain or demonstrate standards which are achieved or ought to be achieved by persons using the system;-- To prevent or detect crime;-- To investigate or detect unauthorised use of the business's telecoms system;-- To ensure the effective operation of the system, for example monitoring viruses.The regulations will also authorise employers to monitor (but not record) without consent to check whether communications are relevant to the business and in relation to confidential, counselling helplines run free of charge.In all these cases, an employer will be required to make 'reasonable efforts' to inform employees and others using the organisations telecom systems, that their communications may be intercepted.

The question of what may amount to 'reasonable efforts' is left open.Indeed, it remains to be seen whether such a pre-condition to these exceptions will be regarded as moot, as employers wishing to intercept communications for purposes not included within the regulations, would need to gain the consent of employees as required by s.3(1) in any event.The revised regulations will provide employers with far more control in monitoring the activities of their staff.

Most notably, the ability of employers to monitor communications without consent so as to determine whether they are relevant to the business, appears vague enough to justify most instances of monitoring.

There appears to be limited guidance for employers and no safeguards in place to regulate such activity once sanctioned.It is questionable as to whether the Act has succeeded in balancing the need to intercept communications on private networks while ensuring compliance with the ECHR in the wake of the decision in Halford.

The regulations under s.4(2) may still allow for the interception of communications by employers in certain circumstances, which could arguably be prohibited under art.8 of the HRA 1998.

To this end, the new regulations may well be seen as a knee jerk reaction over concerns held by businesses that they would not have sufficient authority to access their own communications.Busi nesses are increasingly finding themselves open to potential liability where employees are seen to abuse telecom systems where, for example, abusive e-mails are sent by employees or where pornographic images are downloaded from the Internet and exchanged through the e-mail system.

What is clear is that it will still prove prudent for employers to implement detailed policies and procedures when monitoring employee communications and make clear to employees the circumstances in which interceptions may take place.

Indeed, the Department of Trade and Industry in its response to the consultation, appears to encourage establishing workplace practices in this regard.It should also be noted that the Data Protection Act 1998 already provides individuals with protection from disclosure of 'personal data' and may well in some respects prove to be more effective in protecting the privacy of employees in the workplace.The approach taken in the Act requires the provision of prior information to such individuals to make processing of information about them 'fair'.

Moreover, such information must be processed in such a way that it is in accordance with the data protection principles.The Data Protection Commissioner has also recently released a draft code of practice on the use of personal data in the employer-employee relationship, which will include the monitoring of e-mail and telephone communication.

The draft code is naturally cautious.There are general recommendations that employers should only monitor communications where such a need has been identified.

Furthermore, any intrusion on an employee's privacy must be proportionate to the benefits of monitoring.

The full standards for monitoring are set out in the code, which is currently the subject of a consultation.Although the Data Protection Commissioner has generally welcomed the provisions of the RIP, it will be interesting to see how the proposed code of practice will operate in conjunction with the Act.