The ICO issued its guidelines alongside research on employee monitoring that it commissioned. Before conducting any workplace tracking, companies should examine their legal obligations under the Data Protection Act as well as their employees' rights.
According to its findings, 19% of respondents feel they have been tracked by their employers, with 70% believing it would be "intrusive" if their employers monitored them. Some employees told the ICO that working for a company that monitored them would put them off, with less than one in five stating they would feel confident taking a new job if they knew they would be monitored.
The ICO claims that the guidance provides "clear direction" on how employee monitoring can be carried out ethically and legally. It is directed at both private and public sector companies. It outlines a company's legal obligations and offers best practises guidance.
The ICO's research shows how concerned employees are regarding their privacy at home when it comes to employee monitoring, Emily Keaney, deputy commissioner for regulatory policy at the ICO stated.
“As the data protection regulator, we want to remind organisations that business interests must never be prioritised over the privacy of their workers,” she explained. “Transparency and fairness are key to building trust and it is crucial that organisations get this right from the start to create a positive environment where workers feel comfortable and respected.”
Workers privacy at risk
While data protection law does not forbid monitoring, the ICO urges businesses in across all sectors to recall their "legal obligations" to their employees' rights, stressing that such monitoring must be "proportionate" as stated in its guidance: If we think that people's privacy is in danger, we will act, Keaney warned.
The ICO defines monitoring in its guidelines as keeping track of calls, texts, and keystrokes as well as taking screenshots, webcam recordings, and audio recordings. Additionally, it states that using specific software to track activities and using biometric data to measure attendance and timekeeping are both examples of employee monitoring.
It advises organisations to take a number of steps before introducing worker monitoring if they wish to do so. Employees must be informed of the "nature, extent, and reasons" of any monitoring, and employers must have a "lawful basis" (such as consent) for processing employee data.
The regulator also makes reference to the requirement for data protection impact assessments for any monitoring activity, which is not always supported by the Data Protection and Digital Information Act, the UK's GDPR replacement bill that is now being debated in the House of Commons.
More than 1,000 UK citizens were surveyed by the ICO regarding their views and experiences with employee monitoring. 78% of respondents thought that recording audio and video was the most intrusive action an employer could take, while 83% thought that monitoring personal devices was the most intrusive action.
According to Antonio Fletcher, head of employment at the legal firm Whitehead Monckton, employees' privacy concerns are growing, especially in light of the widespread usage of webcams and other video. In addition, he mentioned that if employees are working remotely, audio recordings might be used for surveillance and might record private conversations with children and adults.
