Search
Close this search box.

What is acceptable practice when monitoring employees?

With Coronavirus and the evolution of rapidly improving tech surveillance systems acting as dual drivers of increased home working, this has led many employers towards introducing or at least considering ways to monitor staff behaviours. However, to avoid legal and ethical pitfalls (not to mention the severe reputational damage that can result), they should proceed with caution. In particular, employers should carefully consider their reasons for monitoring staff as well as how those activities are reflected in governance and related compliance controls.

While the monitoring of staff members’ working patterns can have its advantages, getting it wrong could constitute a serious breach of privacy, data protection legislation and employment contracts. It could also be damaging to the image and reputation an organisation holds with its clients, prospective employees, the public, investors, and media – not to mention disaffecting its own top talent, which might be difficult to replace. Indeed, while many employees might (at least in part) be sympathetic to the rationale behind being monitored by their employer, few are likely to volunteer for it.

Of course, there are work environments where staff monitoring has been normal practice for years. Among them are call centres, where we have all become accustomed to the obligatory disclaimer that telephone conversations are recorded for quality control and in case of customer complaints; health and social care, to ensure the safe and considerate treatment of patients or residents; and the use of vehicle telematics and in-cab recording devices in the haulage industry, to ensure road safety and that rest stops are taken appropriately.

In addition, there may be legitimate reasons for an organisation to monitor an individual in particular circumstances.  This could be based on specific events or occurrences, for example where an individual employee is reasonably suspected of conducting illegal activities or other behaviour constituting gross misconduct. Or it could be part of an organisation’s wider workforce practices, for example, where on-site CCTV has been installed for health and safety or general crime prevention purposes. The impetus for monitoring is also likely to be greater where, for example, complaints have been made or there is another source of risk that substantiates greater sensitivity, such as the need to obtain evidence of an employee’s failure to comply with non-compete obligations or confidentiality provisions.

However, it is unlikely that employment tribunals, courts of law or the court of public opinion will be rushing to agree that the pandemic-driven rise in home working can alone be a sufficient justification of a newfound enthusiasm for monitoring staff. No doubt, organisations will still need to carefully assess their approach in this regard and risk a rude awakening if the intention is to use the pandemic as a smokescreen for the introduction of over-zealous workstation surveillance.

Of paramount importance is that employers and HR professionals ask themselves why the level of monitoring they are considering is needed, thinking hard about whether there is a less intrusive method of achieving the same objective. With a string of binding cases brought under human rights laws confirming that there can be a valid expectation of privacy in the workplace and courts obliged to give effect to those rights, the failure to approach this properly could lead to private claims. Alongside this there are specific rules on the lawful interception of communications plus stringent UK data protection laws (including the GDPR) to contend with, adding an additional layering of checks and balances that HR professionals will have to be familiar with. Under the data protection regime these include conducting a detailed assessment of the impact on the worker’s privacy and ensuring an appropriate balancing of the interests of the employing organisation against those of the employee. Essentially, the processing of any personal data obtained through monitoring exercises must always have a lawful basis.

Monitoring of homeworkers includes a relatively wide range of actions. Among them are constantly checking in with staff throughout the day to ensure they are at their workstation and not occupied in unauthorised activities; surveilling them via inbuilt webcams; and installing software on devices such as laptops that confirms a desk presence, records keystrokes and tracks websites visited.

All these are likely to create challenges under data protection laws which, beyond imposing specific parameters on lawfulness and data security, also automatically involve principles of proportionality, transparency, and fairness.

Of course, some monitoring exercises are carried out with the best of intentions. For example, many organisations are genuinely concerned about the mental wellbeing of those working from home or furloughed during the pandemic and the impacts of the enforced remote employment patterns. They want to know that their people are okay, are not overstressed or working long hours and, quite reasonably, would like to check on how they are feeling and coping for these reasons.

Where monitoring is sincerely intended to protect staff members rather than on the basis of common economic drivers (namely performance and efficiency), then it is almost certainly more likely to be lawful. This could include, for example, concerns about adequately addressing mental health and other H&S issues, objectives which are also ultimately in the legitimate interests of staff members.

However, great care must always be taken to ensure that data security arrangements reflect the nature and volume of data being processed. A recent case involving H&M highlights the pitfalls and the highly unattractive consequences of getting things wrong. In this instance the multinational clothing retailer has recently been fined £30m by a German regional data protection authority after furloughed staff were asked by management how they were feeling and if they had any family issues, anxiety, or mental health concerns. Notes were then made on their responses and shared with senior managers across H&M’s German operations, allowing for a significant betrayal of employees’ reasonable expectation that the information they provided would be treated sensitively and in the strictest confidence.

Beyond privacy and the data protection dimension, the potential breach of the duty of trust and confidence caused by secret surveillance exercises or the subsequent mishandling of data that has been legitimately collected also should not be ignored. It is imperative for HR professionals to ensure that employers know they have a duty to maintain the trust and confidence of employees – and that if they are careless with information or are objectively using heavy handed monitoring techniques purely for efficiency gains, employees could resign and claim constructive dismissal.

Even when HR managers are satisfied that the monitoring is justified and legally permissible, they will still need to ensure that relevant policies, procedures, and privacy notices are updated to ensure that staff are made fully aware of the methods being employed, their purpose and any protective measures in place to govern their usage.

Organisations should also include a clause in employment contracts which refers employees to the privacy notice and applicable policies and procedures. To the extent any new, specific monitoring actions are being introduced to the organisation, these should be integrated within the organisation’s existing compliance infrastructure, with any new or revised policies identified to staff who have the means and encouragement to read them regularly. With transparency as the overarching principle, staff should always know about a monitoring exercise and how the data collected will be managed, stored, and used. Employers must then ensure that appropriate procedures are implemented to protect the integrity of more sensitive datasets that are being obtained.

Such measures will not only comply with the core principles of the data protection regime, but also dictate whether affected member of staff can validly point to an infringement of the right to private and family life as guaranteed under human rights law.

If in doubt, then it is always a good idea to take the advice of either in-house counsel or an external legal specialist on any proposed monitoring and the successful handling of any data harvested.

    Read more

    Latest News

    Read More

    Expert tips for spring cleaning CV and career

    29 March 2024

    Newsletter

    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    Latest HR Jobs

    University of Warwick – WMGSalary: £23,144 to £25,138 per annum

    The Open University – People ServicesSalary: £57,696 to £64,914 + up to £8,000 per annum MRP supplement*

    Cardiff UniversitySalary: Competitive

    University of Oxford – Oxford Department of International DevelopmentSalary: £28,759 to £33,966 (Grade 5)

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read the latest digital issue of theHRDIRECTOR for FREE