In the era of the UK Online Safety Act, employers face growing responsibility to safeguard their organisations, employees, and the wider public from harmful or unlawful online content and behaviour. Recent cases involving employees in both regular employment as well as sensitive roles have heightened concerns about organisational liability, with public scrutiny often asking, “Did the employer do enough?”
To help employers navigate this complex landscape, here is a comprehensive A to Z guide outlining practical, legally compliant steps to minimise risks and demonstrate robust due diligence.
A – Awareness
Ensure leadership and HR teams understand the scope and requirements of the UK Online Safety Act and related safeguarding laws, as awareness drives effective policy and risk management.
B – Background Checks
Implement thorough pre-employment screening, including criminal record checks where lawful and relevant, to identify any past convictions or red flags.
C – Clear Policies
Develop and publish clear, accessible policies on employee conduct online, use of company devices, and social media guidelines, making expectations explicit.
D – Documentation
Maintain detailed records of all checks, policies, training, and any incidents or investigations to demonstrate compliance and due diligence.
E – Education and Training
Provide regular training for all employees on safeguarding, recognising harmful content, and reporting procedures, as training fosters a vigilant culture.
F – Filtering and Monitoring
Where lawful and appropriate, use technical controls to limit access to harmful content on company devices and networks, without infringing privacy.
G – Governance
Assign responsibility for online safety and safeguarding to specific roles or committees to ensure ongoing oversight and accountability.
H – Hiring Practices
Use structured interviews and reference checks focused on safeguarding and integrity, especially for roles with vulnerable populations.
I – Incident Response
Have clear procedures to swiftly investigate and respond to reports of harmful or unlawful conduct by employees.
J – Jurisdiction Awareness
Stay informed about evolving UK regulations and Ofcom guidance related to online safety and employee conduct.
K – Keep Updated
Regularly review and update policies and practices in line with legislative changes and emerging risks.
L – Legal Compliance
Ensure all actions respect data protection laws, employment law, and human rights considerations.
M – Monitoring Balance
Balance reasonable monitoring to protect the organisation with respect for employee privacy, avoiding overreach.
N – Neutral Reporting Channels
Provide confidential, anonymous ways for employees and others to report concerns safely.
O – Outsourcing Carefully
If using third-party screening or monitoring services, vet their compliance with legal standards and data protection.
P – Protect Vulnerable Groups
Take extra care when hiring or managing staff working with children, elderly, or vulnerable adults.
Q – Question Appropriately
During recruitment and reviews, ask relevant questions about conduct and safeguarding without discrimination.
R – Risk Assessment
Conduct ongoing risk assessments focused on employee roles, online behaviour, and potential impact on the organisation.
S – Social Media Checks
Conduct reasonable public social media searches linked to employee names or professional emails, documenting outcomes and actions.
T – Transparency
Communicate clearly with employees about checks, policies, and the rationale behind safeguarding measures.
U – Understand Boundaries
Know the limits of your authority, avoid unlawful surveillance or data gathering outside public, consented, or lawful channels.
V – Vetting Refreshers
Consider periodic re-checks for employees in sensitive roles or where risk levels change.
W – Whistleblower Protections
Ensure those who report concerns are protected against retaliation, encouraging a culture of safety.
X – Xenial Culture
Foster a workplace culture that is welcoming but vigilant, where respect and integrity are valued.
Y – Your Reputation
Recognise that proactive safeguarding protects not only users and colleagues but also the organisation’s reputation and viability.
Z – Zero Tolerance
Adopt a firm stance against harmful conduct and ensure consistent enforcement of policies to deter breaches.
While no system can guarantee the prevention of all harmful employee behaviour, employers who take these comprehensive, documented steps will be well placed to comply with UK Online Safety duties and demonstrate that they acted responsibly, this proactive approach reduces legal risk, protects vulnerable people, and supports a safe, trustworthy workplace.
If your organisation needs help implementing or reviewing safeguarding and online safety policies, consulting with legal and HR professionals experienced in UK regulations is highly recommended.
