If you are an employer, checking that your staff or working and now skiving is going to be a bit more difficult than it used to be. You may want to ensure they are working hard by monitoring phone or email use, but a new code of practice now gives your workers a right to privacy at work.

The code in question is part 3 of the Employment Practices Data Protection Code which in conjunction with the Data Protection Act 1998 imposes obligations on employers on how they deal with data held on employees.

The idea is to ensure technology is not abused by employers and includes important new guidance on what you can and cannot do to check-up on what their employees are doing at work. Get caught out and you can be prosecuted-you could also be liable to pay compensation. So what can you do to make sure you comply?

The main risk to you the employer is that it is easy to unwittingly fall foul of the new code and your route to compliance is will be a undertaking an impact assessment. That means that before your think about any kind of monitoring you have to ask why it is necessary, assess the potential impact on the employees' concerned, and then ensure if you do monitor you are not doing any more than is necessary for a sound business reason.

So, for instance, if like many companies you have software which alerts a manager when a server accesses improper web sites, you must be clear that this monitoring is for the purpose of protecting the staff in the workplace against offensive or discriminatory images and tell them so.

All monitoring must be justified, and the benefits and impact of monitoring balanced, so as not to infringe on the private lives of workers.

Using the phone or internet for personal business during working hours may be something your business frowns upon but you must remember that personal communications should not normally be monitored. If you want to clamp down on this and comply with the new regulations, you must give your employees a facility to make/send unmonitored private telephone calls and emails, and the ability to distinguish between personal and professional communications.

Any monitoring you do carry out must not be intrusive, so if you do need to keep an eye on what your staff are up to you should use spot checks and audits rather than continuous monitoring.

Even if you suspect some sort of criminal activity your course of action should be to involve the police at the earliest stage. Every business should have a clear policies on email, internet use and telephone use. If you haven't got one then now is the time to sort one out. It should define what is allowable use, what is not allowed and also state what monitoring is carried out and what sanctions may arise from a breach of the policy.

If you want more information on the new code go to www.dataprotection.gov.uk. If you are still puzzled then Trowers & Hamlins partner Will Downing will explain all, www.trowers.com.