Last month, Facebook backtracked on using facial recognition technology to automatically detect the faces of its users after a US court deemed the software an invasion of private affairs and concrete interests. The software sent tag suggestions? to users if their faces appeared in recently uploaded photographs, whether or not they had been tagged in them.
There are interesting comparisons to be drawn between how a company monitors its users and how a business monitors its employees. With privacy rights increasingly hitting headlines, employers should carefully consider how such rights might affect how they monitor their employees.
Reasons for monitoring
Employers can monitor employees in a number of ways; dedicated software is increasingly being used, as are more traditional methods, such as checking emails, voicemails and recording telephone calls, as well as using CCTV.
There are myriad reasons to carry out such monitoring, for example…
Most IT security breaches happen through employee negligence. By monitoring and restricting employees? online activity, a company can protect its systems, and the information contained within, against attacks.
2. Data protection
There has been a significant increase in data protection regulation. Tracking employees? actions can help ensure that employers are aware of data breaches and that relevant rules are complied with.
3. Leaks of confidential information
Monitoring may not prevent a leak, but it can help spot one and gives the business a fighting chance of damage limitation.
4. Internal rules
Monitoring can help employers ensure that a range of policies and internal procedures are being adhered to and detect misconduct.
5. Remote working
Tracking communications and login details allow employers to confirm that employees are performing their job appropriately, wherever they are.
6. Boosting productivity
Certain data generated from monitoring can be analysed to devise productivity strategies to move the business forward.
It is arguable that these might be even more important to an SME, given that a smaller number of employees often means a wider knowledge of sensitive company information and a greater reliance on each employee complying with the rules and performing their role adequately.
Mitigate the risk
Failing to take account of the relevant legal protections afforded to employees when monitoring staff can result in claims for compensation, negative publicity and fines.
It is therefore critical that employers are aware of their employees? rights. Human Rights Act 1998 (hRA?) Underpinning all other rights is the HRA, which protects an individual’s right to respect for private and family life and correspondence.
Employee rights are paramount
In the workplace, it means that employers should only access an employee’s personal correspondence with a legitimate objective (such as protecting the company’s reputation and ensuring productivity), and having considered whether there might be a less intrusive way to accomplish that objective.
Investigatory Powers Act 2016 (iPA?) and the Investigatory Powers Regulations 2018 (iPRegs?) Under the IPA, employers must have lawful authority? before they can intercept an employee’s email.
lawful authority? could mean obtaining the consent of both the sender and the recipient, or by monitoring for one of the reasons specified in the IPRegs, which include ascertaining compliance with certain procedures, detecting unauthorised use of the email system and detecting crime.
General Data Protection Regulation 2016 (gDPR?) and the Data Protection Act 2018 (dPA?) The GDPR and the DPA will be relevant as almost all forms of monitoring will involve processing? the personal data of the employee being monitored.
In order to comply with the GDPR and DPA, employers must generally warn employees about the monitoring taking place, limit monitoring as far as possible, only use the data collected by that monitoring for the purpose disclosed to the employee and ensure any data collected is kept secure.
Shaun Hogan is a Senior Associate at Stevens & Bolton LLP. Shaun advises on a range of contentious and non-contentious employment matters including service agreements and employment policies, redundancies and restructurings, dismissals and negotiation of settlement agreements. He also advises on the employment aspects of business sales and outsourcing. He has experience in bringing and defending Employment Tribunal proceedings ranging from unfair dismissal and unlawful discrimination to contractual and TUPE claims