The IT department has a responsibility to provide computer resources to their own organisation.  Computer resources are rarely free - hardware, software and communication networks are all limited within the constraints of cost, processing power, bandwidth and specialist personnel.

Priority is given to allow business transactions to be processed, and when employees start to offend upon this limited resource, then the current working practices may change.  Stricter working practices or new regulations or monitoring tools may be put in place to assess, police and limit misused resources.  The result of such changes will normally result in less freedom to conduct non-business related computer-based communication.  It will be the employees that will have to change their current practices.

Every non-business related email message that is sent from a users mailbox uses up network bandwidth on your local network, computer processing power on the email server, disk storage is used up to store the message, internet bandwidth is used to transfer the message to an external recipient. All these resources are shared by within your company to conduct its every day business.

Most of this stuff is well known to the email administrator, who job is to make sure that the email system stays up and remains within its maximum capacity to process and store email messages.  Email is a great communication tool, and as all communication messages are computer-based, monitoring this system has allowed a very large market to be created for the supply of third-party email monitoring tools.

These tools allow for detailed auditing, recording and overall management of communication in terms of:

- who sends and receives email, when, where, and how often

- how many emails are transmitted within, outwith and into the company

- the content of email messages (filtering on keywords/phrases or on other suspicious or damaging content)

These tools, before being integrated into the organisation, must not only be assessed purely in terms of their fitness of purpose in helping to meet specific corporate objectives, but also need to assess their impact in addressing and maintaining other regulatory or governance standards - such as complying with strict employment and privacy laws.

My advice if you are asked to implement an email monitoring tool (such as a email content filter system) is to relay your legal concerns on this matter to the HR department and the sponsoring board-level executive, and make sure that they fully act upon your written concerns with their legal representatives.  The sure way to seek this authority is that any company director may be open to legal prosecution if the company fails to fully comply with UK legal regulations.

An Acceptable Use Policy only guides the end user in the use of a computer system it was written for.  If a new computer monitoring system is not fully legal with current national laws, then does this policy cover the administrative side?  I guess not.

Remember to visit the 'important links' web page as this will point you in the right direction.