contents
  • About the Code
  • Managing Data Protection
  • Part 1: Recruitment and Selection
  • Part 2: Employment Records
  • Part 3: Monitoring at Work
  • About Part 3 of the Code
  • Good Practice Recommendations
    • 3.1 THE GENERAL APPROACH TO MONITORING
    • 3.2 MONITORING ELECTRONIC COMMUNICATIONS
    • 3.3 VIDEO AND AUDIO MONITORING
    • 3.4 COVERT MONITORING
    • 3.5 MONITORING THROUGH INFORMATION FROM THIRD PARTIES
  • Part 4: Information About Workers' Health
  • Contact Details

part 3–monitoring
at work

Good Practice Recommendations – Part 3

The parts of the Code in this section are:

3.1 The general approach to monitoring

3.2 Monitoring electronic communications

3.3 Video and audio monitoring

3.4 Covert monitoring

3.5 In-vehicle monitoring

3.6 Monitoring through information from third parties

3.1 The general approach to monitoring

Core Principles

  • It will usually be intrusive to monitor your workers.
  • Workers have legitimate expectations that they can keep their personal lives private and that they are also entitled to a degree of privacy in the work environment.
  • If employers wish to monitor their workers, they should be clear about the purpose and satisfied that the particular monitoring arrangement is justified by real benefits that will be delivered.
  • Workers should be aware of the nature, extent and reasons for any monitoring, unless (exceptionally) covert monitoring is justified.
  • In any event, workers’ awareness will influence their expectations.

3.1.1 Identify who within the organisation can authorise the monitoring of workers and ensure they are aware of the employer’s responsibilities under the Act.

Key points and possible actions

  • There are non-compliance risks if line mangers introduce monitoring arrangements without due authority.
  • Those who monitor workers, or who can authorise such monitoring, should be briefed on the Act and this Code.

3.1.2 Before monitoring, identify clearly the purpose(s) behind the monitoring and the specific benefits it is likely to bring. Determine – preferably using an impact assessment – whether the likely benefits justify any adverse impact.

Key points and possible actions

  • Identify the monitoring that currently takes place in your organisation.
  • Identify any monitoring that you plan to implement.
  • Consider conducting an impact assessment on either current or planned monitoring based on the guidance on page 56.

3.1.3 If monitoring is to be used to enforce the organisation’s rules and standards make sure that the rules and standards are clearly set out in a policy which also refers to the nature and extent of any associated monitoring. Ensure workers are aware of the policy.

Key points and possible actions

  • Identify which of your organisation’s rules and standards are enforced partly or wholly through the use of monitoring.
  • Ensure that these rules and standards are set out in policies that are clearly communicated to workers.

3.1.4 Tell workers what monitoring is taking place and why, and keep them aware of this, unless covert monitoring is justified.

Key points and possible actions

  • Ensure that workers are aware of the nature and extent of any monitoring.
  • Set up a system (for example by using the workers handbook or via an intranet) to ensure workers remain aware that monitoring is being conducted.
  • Tell workers when significant changes are introduced.

3.1.5 If sensitive information is collected in the course of monitoring, ensure that a sensitive data condition is satisfied.

Key points and possible actions

  • If monitoring workers’ performance or conduct results in the collection of information on such matters as health, racial origin, trade union activities or sex life, check that at least one of the sensitive data conditions is met.

See Supplementary Guidance which explains more about the conditions for processing sensitive data. (Clicking this link opens a new window)

3.1.6 Keep to a minimum those who have access to personal information obtained through monitoring. Subject them to confidentiality and security requirements and ensure that they are properly trained where the nature of the information requires this.

Key points and possible actions

  • Assess whether the organisation could reduce the number of staff involved in monitoring workers.
  • Consider whether monitoring is more appropriately carried out by security or personnel
    functions rather than by line managers.
  • Ensure that the training for workers who may come across personal information whilst
    monitoring makes them aware of data protection obligations.

3.1.7 Do not use personal information collected through monitoring for purposes other than those for which the monitoring was introduced unless:

(a) it is clearly in the individual’s interest to do so; or

(b) it reveals activity that no employer could reasonably be expected to ignore.

Key points and possible actions

  • Ensure that only senior management can authorise the use of personal information obtained through monitoring for new or different purposes.
  • Ensure that they are familiar with the Act and the relevant parts of this Code.

3.1.8 If information gathered from monitoring might have an adverse impact on workers, present them with the information and allow them to make representations before taking action.

Key points and possible actions

  • Equipment or systems malfunction can cause information collected through monitoring to be misleading or inaccurate. Information can also be misinterpreted or even deliberately falsified.
  • Ensure that, within or alongside disciplinary or grievance procedures, workers can see, and if necessary explain or challenge, the results of any monitoring.

3.1.9 Ensure that the right of access of workers to information about them which is kept for, or obtained through, monitoring is not compromised. Monitoring systems must be capable of meeting this and other data protection requirements.

Key points and possible actions

  • Assess whether monitoring systems collect information in a way that enables you to respond readily to access requests.
  • If they do not, ensure that a mechanism that will allow you to do so is built into the system.
  • Check that any electronic monitoring system, bought ‘off-the-shelf’, has the capability to enable you to meet access requests.

3.1.10 Do not monitor workers just because a customer for your products or services imposes a condition requiring you to do so, unless you can satisfy yourself that the condition is justified.

Key points and possible actions

  • Monitoring is not justified simply because it is a condition of business. Such a condition cannot over-ride the employer’s obligations to comply with the Act.
  • Consider carrying out an impact assessment to assess whether meeting any external stipulation
    means that your organisation is in breach of the Act. If so, cease monitoring on this basis.

3.2 Monitoring electronic communications

This sub-section deals with the monitoring of telephone, fax, e-mail, voice-mail, internet access and other forms of electronic communication.

3.2.1 If you wish to monitor electronic communications, establish a policy on their use and communicate it to workers – see ‘Policy for the use of electronic communications’ below.

Key points and possible actions

  • l If your organisation does not have a policy on the use of electronic communications, decide whether you should establish one.
  • Review any existing policy to ensure that it reflects data protection principles.
  • Review any existing policies and actual practices to ensure that they are not out of line, e.g. whether private calls are banned in the policy but generally accepted in practice.
  • Check that workers are aware of the policy and if not bring it to their attention.

Policy for the use of electronic communications

Employers should consider integrating the following data protection features into a policy for the use of electronic communications:

  • Set out clearly to workers the circumstances in which they may or may not use the employer’s telephone systems (including mobile phones), the e-mail system and internet access for private
    communications.
  • Make clear the extent and type of private use that is allowed, for example restrictions on overseas phone calls or limits on the size and/or type of e-mail attachments that they can send or receive.
  • In the case of internet access, specify clearly any restrictions on material that can be viewed or copied. A simple ban on ‘offensive material’ is unlikely to be sufficiently clear for people to know what is and is not allowed. Employers may wish to consider giving examples of the sort ofmaterial that is considered offensive, for example material containing racist terminology or nudity.
  • Advise workers about the general need to exercise care, about any relevant rules, and about what personal information they are allowed to include in particular types of communication.
  • Make clear what alternatives can be used, e.g. the confidentiality of communications with the company doctor can only be ensured if they are sent by internal post, rather than by e-mail, and are suitably marked.
  • Lay down clear rules for private use of the employer’s communication equipment when used from home or away from the workplace, e.g. the use of facilities that enable external dialling into company networks
  • Explain the purposes for which any monitoring is conducted, the extent of the monitoring and the
    means used.
  • Outline how the policy is enforced and penalties which exist for a breach of policy.

There may, of course, be other matters that an employer also wants to address in its policy.

3.2.2 Ensure that where monitoring involves the interception of a communication it is not outlawed by the Regulation of Investigatory Powers Act 2000.

Key points and possible actions

  • Interception occurs when, in the course of its transmission, the contents of a communication are
    made available to someone other than the sender or intended recipient. It does not include access to stored e-mails that have been opened.
  • The intended recipient may be the business, but it could be a specified individual.
  • Check whether any interception is allowed under the Lawful Business Practice Regulations.
  • Take any necessary action to bring such monitoring in line with RIPA and these Regulations.

See Supplementary Guidance for more information about the Lawful Business Practice Regulations. (Clicking this link opens a new window)

3.2.3 Consider – preferably using an impact assessment – whether any monitoring of electronic communications can be limited to that necessary to ensure the security of the system and whether it can be automated.

Key points and possible actions

  • Automated systems can be used to provide protection from intrusion, malicious code such as viruses and Trojans, and to prevent password misuse. Such systems may be less intrusive than monitoring of communications to or from workers.

3.2.4 If telephone calls or voice-mails are, or are likely to be, monitored, consider – preferably using an impact assessment – whether the benefits justify the adverse impact. If so, inform workers about the nature and extent of such monitoring.

Key points and possible actions

  • If telephone calls or voice-mails are monitored, or will be monitored in the future, consider carrying out an impact assessment.
  • If voice-mails need to be checked for business calls when workers are away, make sure
    they know this may happen and that it may be unavoidable that some personal messages are heard.
  • In other cases, assess whether it is essential to monitor the content of calls and consider the use of itemised call records instead.
  • Ensure that workers are aware of the nature and extent of telephone monitoring.

3.2.5 Ensure that those making calls to, or receiving calls from, workers are aware of any monitoring and the purpose behind it, unless this is obvious.

Key points and possible actions

  • Consider the use of recorded messages, informing external callers that calls may be monitored.
  • If this is not feasible, encourage workers to tell callers that their conversations may be monitored.

3.2.6 Ensure that workers are aware of the extent to which you receive information about the use of telephone lines in their homes, or mobile phones provided for their personal use, for which your business pays partly or fully. Do not make use of information about private calls for monitoring, unless they reveal activity that no employer could reasonably be expected to ignore.

Key points and possible actions

  • Remember that expectations of privacy are likely to be significantly greater at home than in the workplace.
  • If any workers using mobiles or home telephone lines, for which you pay, are currently subjected to monitoring ensure that they are aware of the nature and the reasons for monitoring.

3.2.7 If e-mails and/or internet access are, or are likely to be, monitored, consider, preferably using an impact assessment, whether the benefits justify the adverse impact. If so, inform workers about the nature and extent of all e-mail and internet access monitoring.

Key points and possible actions

  • If e-mails and/or internet access are presently monitored, or will be monitored in the future, consider carrying out an impact assessment.
  • Check that workers are aware of the nature and extent of e-mail and internet access monitoring.

3.2.8 Wherever possible avoid opening e-mails, especially ones that clearly show they are private or personal.

Key points and possible actions

  • Ensure that e-mail monitoring is confined to address/heading unless it is essential for a valid and defined reason to examine content.
  • Encourage workers to mark any personal e-mails as such and encourage them to tell those who write to them to do the same.
  • If workers are allowed to access personal e-mail accounts from the workplace, such e-mails should only be monitored in exceptional circumstances.

3.2.9 Where practicable, and unless this is obvious, ensure that those sending e-mails to workers, as well as workers themselves, are aware of any monitoring and the purpose behind it.

Key points and possible actions

  • It may be practicable – for example when soliciting e-mail job applications – to provide information about the nature and extent of monitoring.
  • In some cases, those sending e-mails to a work-place address will be aware that monitoring takes place without the need for specific information.

3.2.10 If it is necessary to check the e-mail accounts of workers in their absence, make sure that they are aware that this will happen.

Key points and possible actions

  • If e-mail accounts need to be checked in the absence of workers, make sure they know this will
    happen.
  • Encourage the use of a marking system to help protect private or personal communications.
  • Avoid, where possible, opening e-mails that clearly show they are private or personal communications.

3.2.11 Inform workers of the extent to which information about their internet access and e-mails is retained in the system and for how long.

Key points and possible actions

  • Check whether workers are currently aware of the retention period of e-mail and internet usage.
  • If it is not already in place, set up a system (e.g. displaying information online or in a communication pack) that informs workers of retention periods.

3.3. Video and audio monitoring

Some – though not all – of the data protection issues that arise when carrying out video monitoring in public places will arise in the workplace. Employers carrying out video monitoring of workers will therefore find the guidance in the Information Commissioner’s CCTV Code useful. Audio monitoring means the recording of face-to-face conversations, not recording telephone calls.

See www.informationcommissioner.gov.uk and search for the CCTV Code of Practice.

3.3.1 If video or audio monitoring is (or is likely) to be used, consider – preferably using an impact assessment – whether the benefits justify the adverse impact.

Key points and possible actions

  • Where possible, any video or audio monitoring should be targeted at areas of particular risk and confined to areas where expectations of privacy are low.
  • Continuous video or audio monitoring of particular individuals is only likely to be justified in rare circumstances.

3.3.2 Give workers a clear notification that video or audio monitoring is being carried out and where and why it is being carried out.

Key points and possible actions

  • Unless covert monitoring is justified, ensure that workers are informed of the extent and nature of any monitoring that is taking place and the reasons for it.

3.3.3 Ensure that people other than workers, such as visitors or customers, who may inadvertently be caught by monitoring, are made aware of its operation and why it is being carried out.

Key points and possible actions

  • Ensure that there are adequate notices, or other means, to inform such people about the
    monitoring and its purpose(s).

3.4. Covert monitoring

Covert monitoring means monitoring carried out in a manner calculated to ensure those subject to it are unaware that it is taking place. This sub-section is largely directed at covert video or audio monitoring, but will also be relevant where electronic communications are monitored when workers would not expect it.

3.4.1 Senior management should normally authorise any covert monitoring. They should satisfy themselves that there are grounds for suspecting criminal activity or equivalent malpractice and that notifying individuals about the monitoring would prejudice its prevention or detection.

Key points and possible actions

  • Covert monitoring should not normally be considered. It will be rare for covert monitoring of workers to be justified. It should therefore only be used in exceptional circumstances.

3.4.2 Ensure that any covert monitoring is strictly targeted at obtaining evidence within a set timeframe and that the covert monitoring does not continue after the investigation is complete.

Key points and possible actions

  • Deploy covert monitoring only as part of a specific investigation and cease once the
    investigation has been completed.

3.4.3 Do not use covert audio or video monitoring in areas which workers would genuinely and reasonably expect to be private.

Key points and possible actions

  • If embarking on covert monitoring with audio or video equipment, ensure that this is not used in places such as toilets or private offices.
  • There may be exceptions to this in cases of suspicion of serious crime but there should be an intention to involve the police.

3.4.4 If a private investigator is employed to collect information on workers covertly make sure there is a contract in place that requires the private investigator to only collect information in a way that satisfies the employer’s obligations under the Act.

Key points and possible actions

  • Check any arrangements for employing private investigators to ensure your contracts with them impose requirements on the investigator to only collect and use information on workers in accordance with your instructions and to keep the information secure.

3.4.5 Ensure that information obtained through covert monitoring is used only for the prevention or detection of criminal activity or equivalent malpractice. Disregard and, where feasible, delete other information collected in the course of monitoring unless it reveals information that no employer could reasonably be expected to ignore.

Key points and possible actions

  • In a covert monitoring exercise, limit the number of people involved in the investigation.
  • Prior to the investigation, set up clear rules limiting the disclosure and access to information obtained.
  • If information is revealed in the course of covert monitoring that is tangential to the original investigation, delete it from the records unless it concerns other criminal activity or equivalent malpractice.

3.5 In-vehicle monitoring

Devices can record or transmit information such as the location of a vehicle, the distance it has covered and information about the user’s driving habits. Monitoring of vehicle movements, where the vehicle is allocated to a specific driver, and information about the performance of the vehicle can therefore be linked to a specific individual, will fall within the scope of the Data Protection Act.

3.5.1 If in-vehicle monitoring is or will be used, consider – preferably using an impact assessment – whether the benefits justify the adverse impact.

Key points and possible actions

  • Where private use of a vehicle is allowed, monitoring its movements when used privately, without the freely given consent of the user, will rarely be justified.
  • If the vehicle is for both private and business use, it ought to be possible to provide a ‘privacy button’ or similar arrangement to enable the monitoring to be disabled.
  • Where an employer is under a legal obligation to monitor the use of vehicles, even if used privately, for example by fitting a tachograph to a lorry, then the legal obligation will take precedence.

3.5.2 Set out a policy that states what private use can be made of vehicles provided by, or on behalf of, the employer, and any conditions attached to use.

Key points and possible actions

  • Make sure, either in the policy or separately, that details of the nature and extent of monitoring are set out.
  • Check that workers using vehicles are aware of the policy.

3.6 Monitoring through information from third parties

Employers need to take special care when wishing to make use of information held by third parties, such as credit reference or electoral roll information. This section also applies to information held by employers in a non-employment capacity, such as when a bank monitors its workers’ bank accounts. Where an employer wishes to obtain information about a worker’s criminal convictions, a disclosure must be obtained via the Criminal Records Bureau.

See Part 1 – Recruitment and Selection for more information about the Criminal Records Bureau.

3.6.1 Before undertaking any monitoring which uses information from third parties, ensure – preferably using an impact assessment – that the benefits justify the adverse impact.

Key points and possible actions

  • A worker’s financial circumstances should not be monitored unless there are firm grounds to conclude that financial difficulties would pose a significant risk to the employer.

3.6.2 Tell workers what information sources are to be used to carry out checks on them and why the checks are to be carried out.

Key points and possible actions

  • Set up a system to tell workers the nature and extent of any monitoring which uses information from third parties. (This could be via a workers handbook, notice board or on-line.)
  • Where a specific check is to be carried out, the workers should be directly informed, unless to do so would be likely to prejudice the prevention or detection of crime.

3.6.3 Ensure that, if workers are monitored through the use of information held by a credit reference agency, the agency is aware of the use to which the information is put. Do not use a facility provided to conduct credit checks on customers to monitor or vet workers.

Key points and possible actions

  • If your organisation uses a credit reference agency to check customers, make sure this facility is not being used to monitor or vet workers. If such practices are in place, stop them immediately.

3.6.4 Take particular care with information about workers which you have as a result of a nonemployment relationship with them.

Key points and possible actions

  • Check whether your organisation routinely uses information about workers that has been obtained from them because they are also (or have been) your customers, clients or suppliers. If such practices are in place, stop them unless they are justified by a risk you face.

3.6.5 Ensure that workers carrying out monitoring which involves information from third parties are properly trained. Put in place rules preventing the disclosure or inappropriate use of information obtained through such monitoring.

Key points and possible actions

  • Identify who may carry out monitoring using information from third parties.
  • Assess whether the organisation could reduce the number of workers involved in this activity without compromising necessary monitoring.
  • Set up instructions or training for workers involved in this monitoring, making them aware of the data protection principles involved.
  • Consider placing confidentiality clauses in the contracts of relevant staff.

3.6.6 Do not retain all the information obtained through such monitoring. Simply record that a check has taken place and the result of this.

Key points and possible actions

  • Review procedures on retaining information. Unless there is a legal or regulatory obligation, check that information is not normally retained for more than 6 months.