Search

How can we help?

Icon

Can an employer monitor employees at work?

It’s recently hit the news that an employer in Jersey breached data protection requirements when it covertly monitored an employee’s car during working hours after having concerns that the employee was not carrying out their duties.

This brings up the question of whether an employer can lawfully monitor their employee, without their knowledge, if they suspect wrongdoing?

Can employers monitor employees?

It’s worth mentioning at the outset that data protection law does not prevent employers from monitoring workers provided this is done in a way that is compliant with data protection laws and principles. However, there is an emphasis on being open and transparent and, as such, covert monitoring is unlikely to be justified.

Can employers covertly monitor employees?

The ICO have stated that covert monitoring of employees will only be justified in ‘exceptional’ circumstances where it is necessary to prevent or detect suspected criminal activity or, similar wrongdoing, like gross misconduct. In all cases employers will have to justify their decisions and, if there’s a less intrusive way of achieving the ultimate goal then the monitoring will not be lawful.

The ICO provide an example of an employer who discovers that a small number of remote workers started later than their timesheets suggested and, as a result, allows senior management to access automatic webcam images to check if workers are at work. This would likely be unlawful as it is disproportionate.  The employer could have checked the times workers logged onto the computer system instead and given employees the opportunity to explain any discrepancies.

Covert monitoring must be targeted to obtain evidence within a set timeframe, limited to the shortest time possible and should not be continued once an investigation is complete.

ICO guidance

The ICO has issued guidance on covert monitoring. It says that employers should have a policy which sets out when covert monitoring may be used.  Monitoring should be authorised by senior management and a data protection impact assessment should be carried out. The employer must be satisfied that there are reasonable grounds for suspecting the criminal activity or gross misconduct and that informing employees about the monitoring would prejudice its prevention or detection.

Covert monitoring must be targeted to obtain evidence within a set timeframe, limited to the shortest time possible and should not be continued once an investigation is complete.

An employer should not use covert monitoring in areas or situations that employees would reasonably consider private, for example CCTV in toilets or monitoring personal emails. This is a more topical point of late with the rise of homeworking where employees have an expectation of privacy in their own homes.

Information obtained through the covert monitoring should only be used for the intended purpose and should be disregarded and destroyed when it is no longer needed unless it reveals something that no employer could reasonably ignore (and which could not be revealed by other means).

The people who are involved in the investigation should be kept limited, with clear rules to limit disclosure of, and access to, information.

Monitoring employees is certainly not popular amongst employees with a recent report commissioned by the ICO finding that 70% of the public would find it intrusive to be monitored by an employer. However, cases like the one in Jersey show that there will be situations where an employer feels, rightly or in many cases wrongly, that covert recording is necessary. Employers should keep in mind that as well as potentially being unlawful, covertly recording employees can have other negative consequences, such as damaging the trust the employee has in the employer and affecting mental wellbeing.

If you any advice in relation to monitoring employees, please do not hesitate to contact our data privacy lawyers.

About this article

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

About this article

Read, listen and watch our latest insights

Pub
  • 26 March 2024
  • Privacy and Data Protection

AI Podcast: AI and Data Security

In the third and final podcast in our ‘AI Podcast’ trilogy, members of the data protection team, will be discussing how to use AI to process data safely. They will be looking closely at the risks for businesses and the types of data security protections you can put in place.

art
  • 26 March 2024
  • Privacy and Data Protection

Key considerations for data retention policies

In the ever-evolving landscape of data protection regulations, data retention stands as a crucial aspect of compliance and risk management for organisations across industries.

art
  • 18 March 2024
  • Privacy and Data Protection

Consent or pay: Issues and considerations, Meta’s potential breach

The ICO has stated that any organisation considering using “consent or pay” must ensure that the consent to processing of personal data for personalised advertising is being given freely, and is fully informed.

art
  • 13 March 2024
  • Privacy and Data Protection

21 March 2024 Deadline: Are your international data transfer agreements compliant?

If your organisation transfers personal data from the UK to another country, it needs to comply with statutory requirements to ensure adequate levels of protection for that data are in place.

art
  • 06 March 2024
  • Privacy and Data Protection

Personal Data Breaches – How do I deal with them?

This article will provide an overview of the steps to take when experiencing a personal data breach.

Pub
  • 05 March 2024
  • Privacy and Data Protection

How do I protect my business in the event of a personal data breach?

Don’t let your business fall victim to personal data breaches. Join Louise Keenan and Rebecca Dowle, for a quick overview of how to protect your business.