If you monitor staff at work, new guidance from the Information Commissioner's Office (ICO) could help you comply with data protection law and build trust with your staff.
Workplace monitoring
With the rise of remote working, many employers are looking to carry out checks on workers. This could include tracking calls, messages and keystrokes, taking screenshots, webcam footage or audio recordings, or using specialist monitoring software to track activity.
However, monitoring can easily intrude into people's private lives and many workers are concerned about their privacy, especially in their own homes. According to an ICO survey, 70% of people said they would find monitoring in the workplace intrusive and only 19% felt comfortable taking a new job if they knew they were being monitored.
Guidance on monitoring workers
The ICO has now published guidance on workplace monitoring to ensure that employers consider both their legal obligations and their workers' rights before they implement any monitoring in the workplace.
When deciding whether to monitor staff, they suggest you carefully balance your business interests as an employer with your workers' rights under data protection law.
If you find that you have a clear purpose for monitoring staff and there's no other reasonable and less intrusive way to achieve that purpose, then you may do so.
However, you must do so in a way that is lawful and compliant with data protection requirements.
Lawful basis
The guidance notes that to lawfully collect and process information from monitoring workers, you must have a lawful basis for doing so.
The lawful basis will depend on why you want to monitor your staff. The ICO has an interactive guidance tool to help you check that your basis for processing personal data is lawful.
If your planned monitoring captures sensitive personal information relating to, for example, race or ethnicity, sexual orientation or disability, you must, as well as a lawful basis, have a special category condition before proceeding.
You should, as a rule, do a data protection impact assessment before monitoring your staff. If you don't, you should keep a record of the reason why.
Collecting information
Data protection law requires you not to collect more information than you need to achieve your purpose. You also shouldn't keep that information longer than necessary.
Any information you collect must be accurate, especially if you use the information in performance reviews. Equipment or systems malfunction can result in incorrect or misleading information, so workers should be given the chance to explain or challenge any results of monitoring.
You must also make the personal information you collect available to workers if they make a subject access request.
Transparency
The guidance highlights that building trust with your workers starts with transparency. This involves telling staff that you're monitoring them, how you're doing so and why, in a way that's accessible and easy to understand.
You could, for example, remind staff that they're being monitored when they log into your organisation's intranet or when they sign in as they enter areas subject to monitoring.
Information about monitoring staff should also be included in your privacy notice. You can use our Privacy notice for employers to create one.