As technology continues to evolve, so do the methods by which employers monitor their employees. If you are monitoring employees for security purposes or to increase productivity, you need to think about the data privacy concerns employee monitoring raises. It is crucial that your business understands what its legal obligations are and strikes a balance between legitimate business interests and employee privacy rights.

What is employee monitoring?

Common examples of employee monitoring include:

• CCTV: surveillance systems are common in the workplace. Employers must be able to justify the use of CCTV, minimise intrusiveness and ensure the correct signage is in place. Continuous monitoring of employees without cause may give rise to a breach of privacy rights.

   

• Location Tracking: GPS tracking of company vehicles or employee mobile devices can enhance efficiency. However, if you are storing employee location data, particularly outside working of hours, you need to consider whether this causes a risk to the rights and freedoms of employees.

   

• Computer and Keystroke Monitoring: advances in technology mean that employers are easily able to track computer activity, including keystrokes. Remember, the use must be proportionate. Monitoring personal emails or sensitive data may violate privacy rights.

   

• Alcohol and Drug Testing: given the intrusive nature, any form of testing should be carried out in line with guidance issued by the Information Commissioner’s Office (ICO). For example, testing should be carried out by a professional to minimise the risks of incorrect tests and avoid disputes. Employees should be able to have a duplicate sample which they can get tested themselves in case of an issue. Any internal policy should reflect what happens in practice.

What can businesses do to ensure they are compliant?

Inform employees about your monitoring practices, including the purpose, scope, and methods. It is important that employees understand how their data is collected and used.

If your business relies on legitimate interests as a legal basis for monitoring, you must conduct a balancing test. This is done by way of a Legitimate Interest Impact Assessment (LIIA) and a Data Protection Impact Assessment (DPIA). Consider whether the monitoring is necessary and whether it is proportionate to your purpose.

Remember, consent as a lawful basis for processing is rarely appropriate in an employment context due to the imbalance of power between employer and employee. Consent must be freely given, specific, informed, and unambiguous. In an employment context, employees may feel pressured to consent and it is therefore unlikely that consent will be valid.

You should only collect the data that is necessary for your purpose. Avoid collecting excessive or irrelevant information.

It is important that employee data is kept safe. Your business should look to safeguard data that is collected through employee monitoring. Safeguards can include encrypting data, implementing access controls, and reviewing existing security measures.

Conclusion

While there are many advantages to employee monitoring, there are certain risks under UK data protection law.

To learn how your business can ensure compliance with data protection law, or for more information on employee data privacy rights, contact Maria at mspencer@prettys.co.uk or if your job role involves data protection and you would like to increase your knowledge, join our data protection hub by clicking on this link https://prettys.co.uk/join-data-protection-hub.