Are You Being Watched?

Natasha Smith looks at workplace monitoring and employee surveillance

By Natasha Smith, Senior Associate

Monitoring and surveillance in the workplace can involve any form of observation or supervision of staff. In recent years, software that monitors internet use, calendar use and keyboard strokes has become increasingly commonplace. Spot checks or active monitoring (for example, randomly scanning emails for keywords or phrases) can now be carried out fairly regularly using modern software. Such technologies, while perhaps promising benefits for employers in terms of greater management and insights, can also have a serious impact on trust levels, affecting employee relations and employee morale.  

A couple of years ago, Barclays came under fire when it installed ‘Big Brother’ style software to monitor staff activity, discouraging staff from stepping away from their desks or taking toilet breaks with this time being recorded as ‘unaccounted’ activity. Clearly this sort of approach goes against the valuable work being done by many employers to promote employee wellbeing at work. 

The Information Commissioner’s Office (ICO) recently issued draft guidance to employers. The ICO highlights the increasing importance of employers being aware of the expectation staff have towards their privacy, particularly in the context of homeworking where the prospects of capturing sensitive information about their private life is much higher. The acceleration towards remote working as a result of the pandemic has certainly increased privacy risks. 

Whilst employers are able to monitor staff, they do need to do so within the application of the Data Protection Act 2018 as well as the guiding principles of the UK General Data Protection Regulation (GDPR), balancing the business needs of employers with the level of intrusion with their staff. 

For example, employers must consider staff privacy at work by:

• Making sure that any monitoring they carry out is justified and proportionate 
• Notifying staff if they are being monitored and explain why they are being monitored
• Only targeting and limiting covert monitoring to cases where criminal or other serious malpractice is suspected.
  

The purpose for monitoring staff is a key aspect of data protection legislation. Employers should not be monitoring their staff ‘just in case’. If staff monitoring is being used in order to enforce various internal policies (i.e. performance management, disciplinary procedures etc.) then this should be made clear to staff. To be able to lawfully collect and process information from monitoring workers, employers must identify a lawful basis for doing so, of which there are six that may apply:

• Consent – where the worker freely consents to employers processing their data for a specific purpose. 
• Contract – where the monitoring is necessary for the contract to be performed by the employer.
• Legal obligation – where the processing is necessary for the employer to comply with the law. 
• Vital interests – where the processing is necessary to protect someone’s life in an emergency.
• Public task – where the processing is necessary for employers to perform a task in the public interest.
• Legitimate interest – where the processing is necessary for employers (or third parties) legitimate interests, provided those interests cannot be achieved in a less intrusive way.
  ‍
  Potential implications for employers who undertake improper staff monitoring
  

• Employers could face Tribunal claims for constructive unfair dismissal if, through improper staff monitoring practices, they have substantially breached the implied term of trust and confidence that is contained in the contract of employment or claims of unfair dismissal if an employee is dismissed unfairly as a result of the monitoring.
• Employers may have to pay damages to any individual who suffers a loss or distress because of a breach of data protection law, or to the sender or recipient of a communication that has been intercepted through unlawful monitoring.
• Employers could face criminal prosecution if they fail to get consent to search an employee, even if they had a contractual right to search them.
• Employers and/or their staff may be liable for downloading inappropriate material from the internet at work.

Employers would be wise to have an IT and Communications Policy which sets out the nature, purpose and extent of any monitoring. They should bear in mind, however, that excessive monitoring will not necessarily be considered lawful, just because they have documented it. 

If you would like us to provide you with a GDPR-compliant IT and Communications Policy or wish to discuss the potential legal implications for employers seeking to monitor staff, please do not hesitate to contact Joseph Oates on email: jmo@cooperburnett.com or Natasha Smith on email: nes@cooperburnett.com or tel: 01892 515022.‍

This blog is not intended as legal advice that can be relied upon and CooperBurnett LLP does not accept any responsibility for the accuracy of its contents.

Originally published in The Times of Tunbridge Wells: https://www.timeslocalnews.co.uk