07/17/2024 | News release | Distributed by Public on 07/17/2024 07:31
The news of Wells Fargo dismissing employees for using "mouse jiggling" devices to simulate activity at their workstations has brought the issue of employee monitoring back into sharp focus. This incident is a stark reminder of the complexities surrounding employee surveillance in an era where remote and hybrid working arrangements are becoming the norm for many.
Since the pandemic and the rise of remote working, companies are increasingly turning to staff monitoring technology to ensure productivity and compliance. Employers argue that these systems are necessary to manage a dispersed workforce effectively. For instance, EY has been reported to use turnstile data to monitor the office attendance of its employees, while other companies have implemented more intrusive measures such as biometric attendance monitoring. However, the use of such monitoring tools raises important questions about privacy and trust in the workplace.
Employee monitoring can take various forms from tracking timekeeping and keyboard activity to accessing webcams, taking screenshots and monitoring internet usage. As already mentioned, there is an increasing trend to use security gate data as a means of monitoring the frequency of individual employees' office attendance in comparison to their remote working days, which could be perceived as excessive surveillance. In October 2023, the Information Commissioner's Office (ICO) released guidance in respect of employee monitoring, discussing how it can work alongside data protection regulations and how to ensure any monitoring is lawful.
Employers have the right to monitor their workers as long as they do so consistently with data protection law and Article 8 of the Human Rights Act which concerns the right to respect for a private and family life.
To lawfully collect and process information obtained from monitoring employees, an employer must identify one of the following lawful bases:
Whilst the "legitimate interests" ground is the widest category, the ICO does emphasise that the ground cannot be relied upon for employee monitoring "if you can reasonably achieve the same result in a less intrusive way". This means that employers must always seek the least invasive methods to accomplish their monitoring objectives, ensuring that employee privacy is respected as much as possible.
The ICO has also set up an interactive guidance tool that employers can use to determine which lawful basis best fits the circumstances. It may be that more than one basis applies - in such an instance, all applicable bases should be noted.
Furthermore, when the monitoring process involves "special category data", employers must not only identify a lawful basis but also a special category processing condition as outlined in Article 9 of the UK GDPR. This is because such data requires greater protection due to its sensitivity and the increased potential for harm to individuals if it is misused. Special category data pertains to sensitive information such as racial or ethnic origins, political opinions or health conditions.
When considering employee monitoring, it is advisable for employers to:
It is clear that navigating the fine line between surveillance and trust in employee monitoring is crucial. While employers have a right to monitor their employees and use various technologies to ensure productivity and compliance, there is a need for transparency with employees and compliance with data protection laws.
Employers should communicate openly with their employees about the purposes and benefits of monitoring, while also conducting thorough DPIAs to identify any potential negative impacts. Transparency from the outset helps manage expectations and alleviates concerns regarding privacy infringement. By adopting a balanced approach that considers both employee privacy and organisational needs, employers can create an environment built on mutual trust and productivity. This ensures that monitoring practices not only optimise operational efficiency but simultaneously uphold the rights and privacy of employees.