When spying on employees becomes a breach of privacyby
The ability to monitor employees has never been a more prevalent issue than right now. Barry Ross explains where employee monitoring becomes a breach of privacy, and what steps employers must take before capturing employee data.
Monitoring employees is not something new, but advances in technology mean it is easier to monitor staff in a variety of ways with key stroke monitoring, GPS in mobile phones, and performance tracking. The software is available in abundance to enable all of these, but where does the line fall between monitoring employees legally and breaching privacy?
While employees are increasingly aware of monitoring and their rights, the ability of employers to monitor employees legally, whether at home or in the office, has not changed dramatically in recent years.
The main UK legislative sources for the collection and monitoring of data are the Data Protection Act 2018 (“DPA 2018”) and GDPR, alongside the right to a private life under Article 8 of the ECHR.
Ultimately, the ability of a business to monitor employees must always be balanced against these rights for any individual. Employers must be mindful of the seven data protection principles and, unless an exemption applies, the subject’s rights regarding the processing of their data.
Employment Practices Code
The Information Commissioner’s Office published the Employment Practices Code to help employers balance these rights under the Data Protection Act 1998.
While it is yet to be updated to reflect DPA 2018 and GDPR, it is a good reference point – particularly part 3: Monitoring at work.
Article 29 Working Party, an independent European advisory body on data protection and privacy, also sets out its views on the acceptable scope of monitoring and treatment of employees’ personal data.
Can accounting and finance companies monitor their employees?
The short answer is yes. Even the ICO recognises monitoring is a “component of the employment relationship”. But there are considerations to do so legitimately and the requirements and justifications for monitoring varies widely from business to business based on legitimate business needs.
The ICO recommends carrying out an impact assessment to help weigh up the monitoring proposed, the methodology and justifications for doing so. Accountancy firms should look to take these steps before capturing employee data:
1. Are the methods you are implementing proportionate to achieving your goals or is there a less intrusive way to do it?
For example, key stroke monitoring is likely in most cases to go too far, particularly as it risks recording private passwords if you allow employees to use equipment for personal use. Are there other less onerous methods that could be used instead?
2. Provide legitimate reasons to justify monitoring
This could be to avoid harassment, conduct or inappropriate behaviour by employees, monitoring for performance or training purposes, complying with regulatory requirements, preventing theft, controlling confidential information, or even stopping employees from soliciting current clients.
3. Consider each situation on its merits and why you need to monitor and the extent
Does the method go further than is necessary - is it too intrusive? For example, tracking software using the GPS of an employee’s personal mobile phone in the majority of cases is going too far for most employees.
4. Notify employees clearly that they may be monitored and how
This should be supported by a clear policy indicating what systems are used and why, including the permitted reasons, who is authorised to monitor, whether any internal sign off is required before monitoring, what happens with the data gathered and how it is stored/ shared, any disciplinary offences and applicable sanctions for conduct. There will be times and reasons where notifying employees may not be possible and covert monitoring is required, but this requires further analysis, in line with the decision of the Grand Chamber of the European Court of Human Rights in López Ribalda.
5. Consider the results of the monitoring and whether the information is being used for the purpose intended or whether there is an unrelated purpose
6. Where reasonable, have employee representatives involved in drawing together your policies
Ultimately, communication and transparency are key, if there is an open and honest dialogue employees are going to be clear on the rules and have less objections to the proposals. This also encourages a prevention is better than detection mentality and can deter any misuse or wrongdoing.
7. Offering alternative means to use technology privately
For example, a Wi-Fi connection for personal devices, or in the case where employees are allowed to use company email, ask these to be marked as private/personal to ensure that they are not monitored.
Ultimately, it is important to recognise that monitoring can be used legitimately in accounting and finance businesses for a wide number of reasons that benefit all parties, including employees; monitoring can help to improve productivity as well as prevent theft and misconduct issues among many others. The key is the balance of why you are monitoring, the method used and whether it is proportionate against employees’ rights.
You might also be interested in
Barry Ross, director and partner at Crossland Employment Solicitors, has been practising Employment Law since 2006 when he worked in-house for major legal expenses Insurance provider, DAS. There, he provided employment law advice across a whole spectrum of issues to commercial and individual clients. Barry provides commercial advice on all...