By Natasha Smith, Senior Associate
Monitoring and surveillance in the workplace can involve any form of observation or supervision of staff. In recent years, software that monitors internet use, calendar use and keyboard strokes has become increasingly commonplace. Spot checks or active monitoring (for example, randomly scanning emails for keywords or phrases) can now be carried out fairly regularly using modern software. Such technologies, while perhaps promising benefits for employers in terms of greater management and insights, can also have a serious impact on trust levels, affecting employee relations and employee morale.
A couple of years ago, Barclays came under fire when it installed ‘Big Brother’ style software to monitor staff activity, discouraging staff from stepping away from their desks or taking toilet breaks with this time being recorded as ‘unaccounted’ activity. Clearly this sort of approach goes against the valuable work being done by many employers to promote employee wellbeing at work.
The Information Commissioner’s Office (ICO) recently issued draft guidance to employers. The ICO highlights the increasing importance of employers being aware of the expectation staff have towards their privacy, particularly in the context of homeworking where the prospects of capturing sensitive information about their private life is much higher. The acceleration towards remote working as a result of the pandemic has certainly increased privacy risks.
Whilst employers are able to monitor staff, they do need to do so within the application of the Data Protection Act 2018 as well as the guiding principles of the UK General Data Protection Regulation (GDPR), balancing the business needs of employers with the level of intrusion with their staff.
For example, employers must consider staff privacy at work by:
The purpose for monitoring staff is a key aspect of data protection legislation. Employers should not be monitoring their staff ‘just in case’. If staff monitoring is being used in order to enforce various internal policies (i.e. performance management, disciplinary procedures etc.) then this should be made clear to staff. To be able to lawfully collect and process information from monitoring workers, employers must identify a lawful basis for doing so, of which there are six that may apply:
Employers would be wise to have an IT and Communications Policy which sets out the nature, purpose and extent of any monitoring. They should bear in mind, however, that excessive monitoring will not necessarily be considered lawful, just because they have documented it.
If you would like us to provide you with a GDPR-compliant IT and Communications Policy or wish to discuss the potential legal implications for employers seeking to monitor staff, please do not hesitate to contact Joseph Oates on email: firstname.lastname@example.org or Natasha Smith on email: email@example.com or tel: 01892 515022.
This blog is not intended as legal advice that can be relied upon and CooperBurnett LLP does not accept any responsibility for the accuracy of its contents.
Spread the word:Get In Touch