The Information Commissioner’s Office (ICO) is calling on organisations to consider both their legal obligations and their workers’ rights before they implement any monitoring in the workplace.
With the rise of remote working and developments in the technology available, many employers are looking to carry out checks on workers. The ICO has today published guidance to help employers fully comply with data protection law if they wish to monitor their workers.
New research commissioned by the ICO reveals that almost one in five (19%) people believe that they have been monitored by an employer. If monitoring becomes excessive, it can easily intrude into people’s private lives and undermine their privacy. Over two thirds (70%) of people surveyed by the ICO said they would find monitoring in the workplace intrusive and fewer than one in five (19%) people would feel comfortable taking a new job if they knew that their employer would be monitoring them.
Aimed at employers across both the public and private sector, the new guidance provides clear direction on how monitoring can be conducted lawfully and fairly. As well as outlining legal requirements, it also includes good practice advice to help employers build trust with their workers and respect their rights to privacy.
Emily Keaney, Deputy Commissioner – Regulatory Policy at the Information Commissioner’s Office, said: “Our research shows that today’s workforce is concerned about monitoring, particularly with the rise of flexible working – nobody wants to feel like their privacy is at risk, especially in their own home.
“As the data protection regulator, we want to remind organisations that business interests must never be prioritised over the privacy of their workers. Transparency and fairness are key to building trust and it is crucial that organisations get this right from the start to create a positive environment where workers feel comfortable and respected.
“We are urging all organisations to consider both their legal obligations and their workers’ rights before any monitoring is implemented. While data protection law does not prevent monitoring, our guidance is clear that it must be necessary, proportionate and respect the rights of workers. We will take action if we believe people’s privacy is being threatened.”
Monitoring can include tracking calls, messages and keystrokes, taking screenshots, webcam footage or audio recordings, or using specialist monitoring software to track activity.
If an organisation is looking to monitor workers, it must take steps including:
- Making workers aware of the nature, extent and reasons for monitoring.
- Having a clearly defined purpose and using the least intrusive means to achieve it.
- Having a lawful basis for processing workers data – such as consent or legal obligation.
- Telling workers about any monitoring in a way that is easy to understand.
- Only keeping the information which is relevant to its purpose.
- Carrying out a Data Protection Impact Assessment for any monitoring that is likely to result in a high risk to the rights of workers.
- Making the personal information collected through monitoring available to workers if they make a Subject Access Request (SAR).
The guidance provides an overview of how data protection law applies to the processing of personal data for monitoring workers. It also considers specific types of monitoring practices, including the use of biometric data to monitor timekeeping and attendance.