Accordingly and with the assistance of developing technologies, surveillance cameras may be installed in office, emails may be scanned and telephone conversation may be recorded to over see the work of employees.

Needless to say, these practices have spawned heated opposition for workplace privacy. Should the employers be allowed to spying on their workers? Should employees be given greater privacy at workplace? Unfortunately, the present law does not provide a satisfactory solution to all these questions. In response to answer the conflicting interest of both the employers and employees, the Privacy Commissioner for Personal Data has issued a draft Code of Practice on Monitoring and Personal Data Privacy at Work ("the Code") for public consultation in March this year.

It is understandable that employers are eager to monitor the performance of their workers. They have a legitimate interest in checking the work quality, protecting their business secrets and ensuring efficiency of their workers. Therefore, installing video camera, checking employees' emails in the company mail account, listening to employees!| telephone conversation all help to achieve these goals.

New technologies provide various ways for employers to monitor many aspects of their employees' work. Pinhole cameras, which can be hidden everywhere, can be linked to a data transmitter enabling the employer to monitor live footage of their workers over the Internet anywhere in the world; computer monitoring technique allows employers to keep track of the amount of time an employee spends away from the computer; other software, need not to be very sophisticated, can read server logs and easily find out what websites employees are surfing and how long they are staying there; keystroke software tells how many keystrokes a data-entry or word-processing employee had been performing per hour. Just to name a few. With all these, employers can fix an eye anytime and anywhere on their workers.

Since workplace monitoring is unavoidable, the issue remains on how to balance the interest of employers and the privacy of employees. This is where the draft Code comes in. Under the draft Code, workplace surveillance can only be undertaken if it is fair in the circumstances and serves a lawful purpose related to the business. There are two underlying principles in the draft Code: the principle of proportionality and transparency.

The principle of proportionality means that any intrusion into an employee's privacy at work should be proportionate to the benefits derived from that monitoring. To justify for surveillance, there must be compelling risks threatening the business operation. Such risks include financial loss to the company, such as misappropriation of funds or fraud; damage to the company reputation and goodwill; unauthorized disclosure of confidential information, such as trade secrets; exposure to vicarious liability for the unlawful acts of employees; and lost of working time or productivity.

The principle of transparency requires employers to work out a written Workplace Monitoring Policy to communicate to employees the monitoring policy. That includes what monitoring devices are installed, where are they, when will they be functioning, for whom and for what purpose they are purported to serve. These will enable the employee to review those policies, to spell out what is acceptable and make an informed choice as to whether to stay in the company or not.

Aside from complying with the two principles, the level of monitoring should not be greater than what is reasonably required to contain or guard against the risk. Access to employee monitoring records should be restricted to authorised personnel. "Fishing", that is checking the recorded data randomly without a particular purpose is not allowed. Employers cannot peep into the content of the e-mails, phone calls or employees' conversations unless there is strong evidence to suspect any wrongdoing or betrayal of company interest is committed. What they can check is where the mail or call goes and who is the recipient. As soon as the genuine purpose of monitoring is fulfilled, all the recorded data should be erased.

Compared to other jurisdictions like the UK and the US, Hong Kong has taken a bold step in regulating workplace spying. However, the Code is subject to certain limitation. A breach of the Code by is not by itself a breach of the Privacy (Personal) Data Ordinance, but only give rise to a rebuttable presumption against the data user, in any legal proceeding under the Privacy (Personal) Data Ordinance, or serves as unfavorable evidence against the data user in any complaint before the Privacy Commissioner. In addition, the scope of the Code is rather narrow. It mainly focuses on four commonly used types of employee monitoring practices: the monitoring of telephone calls, E-mail, computer usage and videotaping. These are by no means comprehensive to cover all situations of workplace spying, bearing in the mind ever advancing technologies.

Excessive monitoring not only erodes employee's loyalty, dampen the employee morale but may also increase the likelihood of job hopping. The Code, although inherited with certain limitation, will certainly offer great guidance for workplace monitoring and helps to build a friendly and trust working atmosphere.