• 15 Nov 2023
• •
• 2 min read

Employment Alert - ICO publishes new guidance on workforce monitoring

What’s happening?

The Information Commissioner’s Office (ICO) has published new guidance for employers on workforce monitoring.
 
The guidance applies to any form of monitoring on people who carry out work on the employer’s behalf, whether the monitoring takes place in the workplace or elsewhere (e.g. working from home). This could include camera surveillance or webcam footage, tracking calls or keystrokes, taking screenshots, intercepting messages and audio recordings.
 
The aim of the guidance is to help employers fully comply with their data protection obligations, build trust with their workforce and to balance the interests of the business against a worker’s right to privacy. It covers legal obligations and best practice, including in relation to:

• Identifying the lawful basis for monitoring;
• Communicating with employees in relation to the purpose and means of monitoring;
• The monitoring of employees who work from home;
• Where a Data Protection Impact Assessment must be carried out;
• When covert recording is justified;
• How to deal with workers’ objections to being monitored;
• The use of biometric data for attendance control;
• Retention of the data collected.

Why is this important?

While data protection laws do not prevent monitoring, the guidance makes it clear that monitoring must only be carried out where it is necessary, proportionate and respects the rights of workers.
 
Just because monitoring is available, this does not necessarily mean it is the best way of achieving an employer’s aims and may not always comply with data protection laws. Employers must identify a lawful basis and select the least intrusive method to obtain the relevant data.
 
With the rise of homeworking, the ICO has made it clear that those who work from home can expect a greater level of privacy. Therefore, employers should not be adopting a one-size-fits-all approach.
 
Action may be taken by the ICO where an employer has not complied with its obligations and infringed its worker’s right to privacy.

What should you do?

Stay compliant: familiarise yourself with the guidance and carry out an audit of your monitoring practices to ensure you are compliant. In particular, ensure that you have a lawful basis on which to monitor employees and you are using the least intrusive method to collect the relevant data. Remember that a one-size-fits-all approach may not be appropriate in all circumstances.
 
Review and update policies: have in place robust policies which include all relevant information on your monitoring practices, as identified in the guidance.

Communicate with employees: ensure you have effectively communicated with relevant employees on the purpose and means of your monitoring practices.
 
Seek legal advice: our employment and data protection teams are ready to provide advice and assistance to ensure you are complying with your obligations.

If you would like to talk to our expert Employment team, please please call us on 0800 2800 421 or contact us using the form below.