§ The Earl of Northeskasked Her Majesty's Government:
Whether a company that complies with the terms of the Lawful Business Practice Regulations could lay itself open to potential liability under the terms of the Data Protection Act 1998. [HL21]
§ Lord Sainsbury of TurvilleUnder the Lawful Business Practice Regulations, businesses may have access to communications without the consent of the sender or recipient, for the purpose of monitoring or recording them for legitimate business purposes specified by the regulations. A business which complies with the regulations is exempt from liability under the Regulation of Investigatory Powers Act 2000.
The regulations do not however affect the obligations which the Data Protection Act 1998 places on businesses regarding the processing of personal data. In particular, under that Act, any business undertaking the interception of communications should ensure that its collection, use and other processing of personal data is targeted and proportionate to the needs of the business.
The Data Protection Commissioner has issued for consultation a draft code of practice on the use of personal data in employer/employee relationships. When this is finalised in the New Year, it will provide comprehensive guidance on the application of the Data Protection Act and the regulations to practice in the workplace.