Call us on:  0808 172 93 22

CCTV surveillance of employees – could you be in breach of the Data Protection Act?

19882888_m CCTV Suviellance

SUMMARY: A council in Wales has been warned about its future conduct after carrying out covert surveillance of an employee in breach of the Data Protection Act 1998

Circumstances of the warning

The ICO (Information Commissioner’s Office) has reported that the following occurred at Caerphilly council, resulting in a warning:

Breach of the Data Protection Act 1998 (“DPA”)

The Commissioner’s view was that there were not sufficient grounds at this early stage of the employee’s sickness absence to justify the authorisation of covert surveillance. The Commissioner therefore considered that the covert surveillance of the employee’s activities was unfair and in breach of the First Data Protection Principle (which is to process personal data fairly and lawfully).

How can employers comply with the DPA when carrying out CCTV surveillance of employees?

The ICO has made it clear that covert surveillance to monitor employee behaviour can be justified in some circumstances.  However the employer must:

    1. be satisfied that there are grounds for suspecting criminal activity or equivalent malpractice (i.e. serious but non-criminal employee misbehaviour such as fraudulently claiming sick pay);
    2. be satisfied that notifying individuals about the monitoring would prejudice its prevention or detection.  Keep records of these details; and
    3. consider alternatives to covert surveillance which respect the employee’s privacy and keep a record of the reasons why these alternatives are not viable/appropriate.  The ICO Employment Practices Code advises conducting a written impact assessment which must:
      • clearly identify the purpose(s) behind the surveillance and the benefits it is likely to deliver;
      • identify any likely adverse impact of the surveillance;
      • consider alternatives to surveillance or different ways in which it can be carried out;
      • take into account the obligations that arise from the surveillance; and
      • judge whether the surveillance was justified.

Particularly consider whether a medical report should be obtained and whether a discussion should take place with the employee – both of which we would advise carrying out in most cases; and

  1. only use covert surveillance in exceptional circumstances as a last resort when all the above points have been satisfied.  Covert surveillance should only be authorised by senior management.

When authorising and following the authorisation of covert surveillance, after the above steps have been completed, the employer must:

  1. ensure that any such surveillance is strictly targeted at obtaining evidence within a set timeframe and that the surveillance does not continue after the investigation is complete;
  2. not use covert audio or video monitoring in areas which workers would genuinely and reasonably expect to be private;
  3. if a private investigator is employed to collect information on workers covertly ensure there is a contract in place requiring the private investigator to only collect information in a way that satisfies the employer’s obligations under the DPA.  The contract should impose requirements on the investigator to only collect and use information on workers in accordance with the employer’s instructions and to keep the information secure.
  4. Disregard and, where feasible, delete information collected in the course of monitoring unless it reveals information that no employer could reasonably be expected to ignore or is used for the prevention or detection of criminal activity or equivalent malpractice.

Employers can find further information on surveillance in the ICO’s Employment Practices Code.

Contact Details

If you are considering covertly monitoring an employee or conducting an impact assessment in relation to covert surveillance we can advise – please contact:

fgmedia@fgsolicitors.co.uk

+44 (0) 1604 871143

This update is for general guidance only and does not constitute definitive advice.

Updated: by FG Solicitors
Call us on:  0808 172 93 22

CCTV SURVEILLANCE OF EMPLOYEES € COULD YOU BE IN BREACH OF THE DATA PROTECTION ACT?

19882888_m CCTV Suviellance

SUMMARY: A council in Wales has been warned about its future conduct after carrying out covert surveillance of an employee in breach of the Data Protection Act 1998

Circumstances of the warning

The ICO (Information Commissioner’s Office) has reported that the following occurred at Caerphilly council, resulting in a warning:

  • An employee was off work for 4 weeks with a sick note for anxiety and stress when covert surveillance was authorised.
  • The employee had told a few people that she felt housebound and the employer believed that she would use the absence to avoid attending meetings she was required to attend at work.
  • There was no medical indication that the employee was housebound.
  • No other measures were taken to discuss the employee’s sickness absence and potential attendance at meetings before resorting to covert surveillance.
  • There had been no evidence to suggest that the employee would use the sickness policy as a basis for not attending the meetings she was required to attend.  In fact the employee attended a meeting which took place shortly after the surveillance had been carried out without being aware that the surveillance had been conducted.
  • The report which was produced by the surveillance company was never used despite the report verifying that the employee was not housebound.

Breach of the Data Protection Act 1998 (“DPA”)

The Commissioner’s view was that there were not sufficient grounds at this early stage of the employee’s sickness absence to justify the authorisation of covert surveillance. The Commissioner therefore considered that the covert surveillance of the employee’s activities was unfair and in breach of the First Data Protection Principle (which is to process personal data fairly and lawfully).

How can employers comply with the DPA when carrying out CCTV surveillance of employees?

The ICO has made it clear that covert surveillance to monitor employee behaviour can be justified in some circumstances.  However the employer must:

    1. be satisfied that there are grounds for suspecting criminal activity or equivalent malpractice (i.e. serious but non-criminal employee misbehaviour such as fraudulently claiming sick pay);
    2. be satisfied that notifying individuals about the monitoring would prejudice its prevention or detection.  Keep records of these details; and
    3. consider alternatives to covert surveillance which respect the employee’s privacy and keep a record of the reasons why these alternatives are not viable/appropriate.  The ICO Employment Practices Code advises conducting a written impact assessment which must:
      • clearly identify the purpose(s) behind the surveillance and the benefits it is likely to deliver;
      • identify any likely adverse impact of the surveillance;
      • consider alternatives to surveillance or different ways in which it can be carried out;
      • take into account the obligations that arise from the surveillance; and
      • judge whether the surveillance was justified.

Particularly consider whether a medical report should be obtained and whether a discussion should take place with the employee – both of which we would advise carrying out in most cases; and

  1. only use covert surveillance in exceptional circumstances as a last resort when all the above points have been satisfied.  Covert surveillance should only be authorised by senior management.

When authorising and following the authorisation of covert surveillance, after the above steps have been completed, the employer must:

  1. ensure that any such surveillance is strictly targeted at obtaining evidence within a set timeframe and that the surveillance does not continue after the investigation is complete;
  2. not use covert audio or video monitoring in areas which workers would genuinely and reasonably expect to be private;
  3. if a private investigator is employed to collect information on workers covertly ensure there is a contract in place requiring the private investigator to only collect information in a way that satisfies the employer’s obligations under the DPA.  The contract should impose requirements on the investigator to only collect and use information on workers in accordance with the employer’s instructions and to keep the information secure.
  4. Disregard and, where feasible, delete information collected in the course of monitoring unless it reveals information that no employer could reasonably be expected to ignore or is used for the prevention or detection of criminal activity or equivalent malpractice.

Employers can find further information on surveillance in the ICO’s Employment Practices Code.

Contact Details

If you are considering covertly monitoring an employee or conducting an impact assessment in relation to covert surveillance we can advise – please contact:

fgmedia@fgsolicitors.co.uk

+44 (0) 1604 871143

This update is for general guidance only and does not constitute definitive advice.