When is employee surveillance a breach of the Data Protection Act?
Information law solicitor Natalie Ruane discusses when employee surveillance becomes a breach of the Data Protection Act.
Caerphilly Council has been warned by the Information Commissioner’s office following an investigation that it must review its approach after ordering covert surveillance on a sick employee.
The ICO found that the Council had breached the Data Protection Act when it ordered the surveillance for an employee suspected of fraudulently claiming to be sick. Anecdotal evidence only was used as grounds for the authorising of the surveillance. Surveillance began only four weeks into the employee’s sickness absence. No other measures were taken to discuss the employee’s absence before the decision was taken to use the covert surveillance.
The ICO determined the Council did not have sufficient grounds to undertake the surveillance especially at such an early stage of the employee’s absence. Whilst the ICO accepts that in exceptional circumstances covert surveillance can be justified, it also commented that spying on employees is incredibly intrusive and must only be done as a last resort. Organisations need to be absolutely clear why they need to carry out covert surveillance and consider all of the alternatives first. The employer must have grounds for suspecting criminal activity or equivalent malpractice and that notifying the individual of any surveillance would prejudice prevention or detection.
For more guidance from the ICO on monitoring employees at work, please see the ICO’s Employment Practices Code.
About the author
Natalie is a Partner and leads the Employment Law & HR team and specialises in education.
Published: Friday 30th January 2015
Categorised: Information Law