There may be only 11 players on the

There may be only 11 players on the pitch during a
match, but the Blackburn Rovers Football Club in the
UK employs more than 800 people. As with any mod-
ern organization, computers are at the heart of run-
ning an efficient business. Most of the club’s comput-
ers are housed with the administration department at
the Ewood Park office, but others can be found at the
club’s training center and soccer academy.
The club decided to install a software product called
Spector 360, which it obtained from the Manchester-
based company Snapguard. According to Snapguard’s
sales literature, the product enables company-wide
monitoring of employee PC and Internet usage.
Previously, the club had tried to introduce an accept-
able use policy (AUP), but initial discussions with
employees stalled, and the policy was never imple-
mented. Early trials of Spector 360 showed that some
employees were abusing the easygoing nature of the
workplace to spend most of their day surfing the Web,
using social networking sites, and taking up a huge
amount of bandwidth for downloads.
Before officially implementing the monitoring soft-
ware, the AUP was resurrected. It was sent out as an
e-mail attachment and added to the staff handbook.
The policy was also made part of the terms and condi-
tions of employment. Understandably, some employ-
ees were annoyed at the concept of being watched,
but the software was installed anyway. According to
Ben Hayler, senior systems administrator at Blackburn
Rovers, Spector 360 has definitely restored order,
increasing productivity and reducing activity on non-
business apps.
Reports provided by Spector 360 can show manag-
ers the following: excessive use of Facebook, Twitter,
and other social networking sites; visits to adult sites
or shopping sites; use of chat services; the printing or
saving of confidential information; and staff login and
logout times. Managers can also use the software to
drill-down to look at patterns of usage, generate screen
snapshots, or even log individual keystrokes.
The software can also be used to benefit employ-
ees. For example, because it can log exactly what an
employee is doing, the system can help in staff train-
ing and troubleshooting, because it is easy to track
exactly what caused a particular problem to occur.
Another important benefit of the software is that
it helps the club to stay compliant with the Payment
Card Industry (PCI) Data Security Standard. PCI stan-
dards require access to credit card information. As
Spector 360 tracks and records all data to do with credit
card transactions, the information can be easily recov-
ered.
However, what is the wider view of the monitor-
ing of employees in the workplace? According to the
Citizens Advice Bureau (a free information and advice
service for UK residents), the following are some of the
ways that employers monitor their employees in the
workplace: recording the workplace on CCTV cameras;
opening mail or e-mail; using automated software to
check e-mail; checking telephone logs or recording
telephone calls; checking logs of Web sites visited; vid-
eoing outside the workplace; getting information from
credit reference agencies; and collecting information
from point-of-sale terminals.
Although this list may look formidable, there is no
argument that the employer has a right to ensure that
his or her employees are behaving in a manner that is
not illegal or harmful to the company. However, under
UK data protection law the employer must ensure
that the monitoring is justified and take into account
any negative effects the monitoring may have on staff.
Monitoring for the sake of it is not allowed. Secret
monitoring without employees’ knowledge is usually
illegal.
In a case that went before the European Court
of Human Rights in 2007 (Copeland v the United
Kingdom), Ms. Copeland, who was an employee of
Carmarthenshire College, claimed that her privacy
had been violated. She was a personal assistant to the
principal and also worked closely with the deputy
principal, who instigated monitoring and analysis
of her telephone bills, Web sites visited, and e-mail
communication. The deputy principal wanted to
determine whether Copeland was making excessive
use of the college’s services. The European Court
ruled in her favor, stating that her personal Internet
usage was deemed to be under the definitions of the
Convention for the Protection of Rights, covered as
“private life.” Note that although this case came to
the court in 2007, the monitoring took place in 1999,
prior to the introduction into English and Welsh law of
the Regulation of Investigatory Powers Act 2000 and
the Telecommunications (Lawful Business Practice)
Regulations 2001, which seek to clarify regulations
about the interception of communications