The UK’s data regulator, the Information Commissioner’s Office (ICO), has issued new guidance for employers on monitoring workers and how this interacts with data protection.
The guidance, “Employment practices and data protection − Monitoring workers“, highlights the imperative for employers to balance their legal obligations and their workers’ rights when implementing workforce monitoring.
The new guidance comes in response to the post-pandemic increase in remote, hybrid and home working arrangements, which has led to employers seeking to monitor staff productivity through tactics such as tracking calls, messages and keystrokes; taking screenshots, webcam footage or audio recordings; or using specialist monitoring software to track activity.
This has precipitated the privacy watchdog to warn employers of their obligations not to infringe on workers’ privacy. The ICO says that any tracking must be done in the “least intrusive” way possible and workers must be explicitly made aware of the “nature, extent and reasons for monitoring”. Companies must have a lawful basis for processing workers’ data for staff monitoring purposes, such as employee consent or legal obligation.
The regulator has powers to take enforcement action for “excessive” employee surveillance that contravenes workers’ privacy rights, such as imposing fines on companies that breach privacy rules in this area. For the most serious breaches, the ICO has the power to issue fines of up to 4% of a company’s global turnover.
The guidance also said that companies must make personal information collected through monitoring available to workers if they make a subject access request.
ICO spokesperson, Emily Keaney, said: “Our research shows that today’s workforce is concerned about monitoring, particularly with the rise of flexible working – nobody wants to feel like their privacy is at risk, especially in their own home.”