Can an employer monitor employees at work?

It’s recently hit the news that an employer in Jersey breached data protection requirements when it covertly monitored an employee’s car during working hours after having concerns that the employee was not carrying out their duties.

This brings up the question of whether an employer can lawfully monitor their employee, without their knowledge, if they suspect wrongdoing?

Can employers monitor employees?

It’s worth mentioning at the outset that data protection law does not prevent employers from monitoring workers provided this is done in a way that is compliant with data protection laws and principles. However, there is an emphasis on being open and transparent and, as such, covert monitoring is unlikely to be justified.

Can employers covertly monitor employees?

The ICO have stated that covert monitoring of employees will only be justified in ‘exceptional’ circumstances where it is necessary to prevent or detect suspected criminal activity or, similar wrongdoing, like gross misconduct. In all cases employers will have to justify their decisions and, if there’s a less intrusive way of achieving the ultimate goal then the monitoring will not be lawful.

The ICO provide an example of an employer who discovers that a small number of remote workers started later than their timesheets suggested and, as a result, allows senior management to access automatic webcam images to check if workers are at work. This would likely be unlawful as it is disproportionate.  The employer could have checked the times workers logged onto the computer system instead and given employees the opportunity to explain any discrepancies.

ICO guidance

The ICO has issued guidance on covert monitoring. It says that employers should have a policy which sets out when covert monitoring may be used.  Monitoring should be authorised by senior management and a data protection impact assessment should be carried out. The employer must be satisfied that there are reasonable grounds for suspecting the criminal activity or gross misconduct and that informing employees about the monitoring would prejudice its prevention or detection.

Covert monitoring must be targeted to obtain evidence within a set timeframe, limited to the shortest time possible and should not be continued once an investigation is complete.

An employer should not use covert monitoring in areas or situations that employees would reasonably consider private, for example CCTV in toilets or monitoring personal emails. This is a more topical point of late with the rise of homeworking where employees have an expectation of privacy in their own homes.

Information obtained through the covert monitoring should only be used for the intended purpose and should be disregarded and destroyed when it is no longer needed unless it reveals something that no employer could reasonably ignore (and which could not be revealed by other means).

The people who are involved in the investigation should be kept limited, with clear rules to limit disclosure of, and access to, information.

Monitoring employees is certainly not popular amongst employees with a recent report commissioned by the ICO finding that 70% of the public would find it intrusive to be monitored by an employer. However, cases like the one in Jersey show that there will be situations where an employer feels, rightly or in many cases wrongly, that covert recording is necessary. Employers should keep in mind that as well as potentially being unlawful, covertly recording employees can have other negative consequences, such as damaging the trust the employee has in the employer and affecting mental wellbeing.

If you any advice in relation to monitoring employees, please do not hesitate to contact a member of the data protection team.