User privacy in the context of a company and its various systems is an often misunderstood area, and falls fairly and squarely on company governance. If, through a company’s acceptable user policy, people are allowed to use IT systems for private purposes – email or word processing, for example – then those private documents must be kept separate and must not be viewable by other company staff. A tall order generally fixed by a catch-all phrase in a person’s contract of employment stating that any staff communication is liable to be monitored.
However, that then means if a private document or communication gets leaked, you have a data protection issue. So how do you monitor staff use of IT without raising the spectre of an Information Commissioner's Office (ICO) investigation?
