Key elements of a policy


Employers should consult affected workers on any proposed workplace monitoring. Where there is a recognised union, the union and employer should negotiate a workplace policy on monitoring.


In negotiations or consultations, reps should seek to ensure the following elements are incorporated into the workplace policy and the employers’ overall approach to monitoring: 


• the employer should demonstrate good cause for the monitoring. The employer should also have made an assessment as to whether a less intrusive practice could achieve the desired objective. This could involve consideration of targeted rather than continuous monitoring;


• monitoring should be appropriate and proportionate to meet the objective. It should not be oppressive or demeaning, or unnecessarily intrusive;


• staff should be made fully aware of any surveillance policy (including the nature and extent of surveillance) and the reasons for it; 


• access to CCTV, computer logs, phone call recordings and other monitoring data should be restricted to a small number of people, and information should be stored in accordance with the Data Protection Act 1998 (DPA 98); 


• the policy should spell out clearly what the information gathered from the monitoring will be used for. The information should normally only be used for the specified purpose (e.g. health and safety, security) unless it reveals something that no employer could reasonably ignore;


• workplace surveillance should not normally be used for performance management or disciplinary purposes;


• where the employer takes action against an employee based on information from monitoring, the employee should have the opportunity to explain or challenge the results of monitoring;


• employers should ensure that workplace monitoring is implemented in accordance with the DPA 98 and reflects the good practice set out in the ICO Employment Practices Code and other ICO guidelines.


CCTV and audio and video recordings


• audio or video recording should not be used in areas where workers would reasonably expect to be private, such as toilets, changing rooms, rest rooms. Cameras should be sited carefully to avoid capturing irrelevant or private images.


Telephones and electronic communications


• employers should not read or listen to emails or calls which are evidently personal or private;


• email monitoring should be restricted to addresses/headings unless there is a valid and defined reason to examine content;


• monitoring of internet use should be undertaken by automated systems rather than scrutiny by managers of usage by individuals;


• restrictions on email and internet use and types of websites which should not be accessed should be made clear;


• a reasonable amount of private use of the employer’s telephone, internet and email systems should be allowed;


• employers, such as call centres, which routinely record telephone calls must provide staff with a means of making calls that are not recorded;


• workplace policies should guarantee the privacy of trade union communications within the organisation.


Vehicle tracking


• vehicle cameras and tracking systems should not be used for surveillance of individuals and performance management or disciplinary purposes. They should include a privacy button so that monitoring can be disabled during private use.


Covert monitoring


• employers should not engage in covert surveillance unless there is evidence of criminal activity or equivalent malpractice;


• covert surveillance should only be implemented to investigate a particular problem that has been identified, and should be limited to a short time period. The information gathered and used should relate only to the particular problem being investigated, unless it reveals something that no employer could reasonably ignore. Information and images irrelevant to the investigation should be securely discarded.


Personal information


Reps should seek to make sure that the policy covers personal information and spells out employees’ right to: 


• know what their information is used for; 


• know if any checks have been carried out on them (and their results); 


• know exactly what information is held about them (this can be requested from an employer through a data subject access request, and the employer is legally obliged to respond within 40 days); 


• correct any errors in their personal record; 


• ensure that their information is securely kept; and 


• refuse tests or checks that are disproportionate or have no business purpose.