PRIVACY IN THE WORKPLACE
Overview
Issues for employer
Abuse of IT system
Sending out hundreds or thousands of defamatory e-mails; R
Risk of money-laundering or other criminality.
The law balances the employee’s rights to privacy and the employer’s legitimate business interests.
Clearly stated policies are particularly important in enabling the employer
to establish and operate monitoring in the workplace.
Monitoring and intercepting e-mails or calls is caught by the Regulation
of Investigatory Powers Act 2000 (RIPA). To intercept any communication
“in the course of its transmission” may be a criminal offence. RIPA applies
to the private sector as well as the public sector and Government agencies.
There is a balance between staff personal privacy and the proper lawful
interests of the employer. Employers must make their position plain in
their contracts, policies or handbooks.
The employer needs to be able to show why it needs to carry out surveillance
or monitoring and therefore be able to identify some proper justification
and benefit. The scope, duration and nature of the activity must be properly
related to the circumstances and – as the 1998 Data Protection Act (DPA)
applies – the employer must strive to preserve employee’s privacy.
Quick Summary
Employers who have public and clear policies and conduct monitoring
in a proportionate manner for a proper and legitimate purpose, making
proper use of the data obtained, should be able to defend complaints from
aggrieved workers.
Employers can
* monitor internet use : but must adhere to DPA principles. The contract or IT and mail policy should make it plain that browsing may be observed. It is quite lawful for an employer to install browsing rules at work that make it impossible or difficult to use the web for non-work purposes.
* monitor correspondence, phone calls and e-mails to check for compliance with regulatory procedures ~ see the Telecommunication Regulations 2000 ~ but not for ulterior motives (e.g. because the employee has bought a discrimination claim).
* must have clear policies and procedures : RIPA criminalises interception of communications without consent of the worker, unless the employer has taken reasonable steps to inform the employee that their communications might be monitored
* An employer with reasonable and honest grounds to believe that a criminal offence is being committed can use CCTV , phone recording, check call logs, monitor e-mail and browser activity and even track car activity.
Although any monitoring could be a breach of the first data principle in the DPA and possibly the Human Rights Act 1998 there does not appear to be a simple unqualified right not to be monitored. The position of the employer is made easier if he warns staff in advance that monitoring may take place. Activity in this area is regulated by The Information Commissioner.The Data Protection Code
The Information Commissioner has published an Employers Practices Code
: Part 3 deals with Workplace monitoring. These guidelines are not actually
the law as such. Importantly it balances the competing rights of workers
and the employer’s needs.
Confusingly in the same way as employers can improve their position by policies and contract terms, employees can add impact to the legally recognised expectation of a some privacy in the workplace by labelling their communications as private.
If monitoring has any adverse impact there must be legitimate benefit to the employer. The mere intrusion into an individual’s privacy that is an automatic and inevitable aspect of monitoring is inevitably such an adverse impact. Employers should monitor for a reason and ask themselves if the monitoring will achieve the desired result (“does the means serve the end” so to speak). An employer should try to keep a record of the decision making process. In a large organisation that will be likely to involve a formal manager or company secretary, perhaps a specific compliance officer and there should be a proper paper trail. It is not necessary to tell a particular individual but it is necessary to publish workplace wide information about monitoring : on a notice board; on the intranet etc. Monitor for a purpose and do not use information obtained for one purpose for another purpose. For instance information obtained by monitoring for the purpose of a specific compliance audit should not be used in a general annual assessment of a worker. If however monitoring reveals a wrongdoing that can be followed up.
The Information Commissioner says secret monitoring “can rarely be justified” and must be authorised at the highest level in the business, because of criminal activity or equivalent malpractice when telling people about the monitoring would make it difficult to prevent or detect such wrongdoing. It should be for a specific investigation, and stop when the investigation has been completed. It should not extend to "private areas” e.g. toilets or “private offices” unless the employer suspects serious crime and intends to involve the police. Secret/covert monitoring is therefore exceptional.
Other issues identified in the Code are continuous video and audio monitoring
- this is very intrusive and only justifiable in special employments (e.g.
dealing with very high risk or vulnerable individuals) or in extreme circumstances
( e.g. where security is a particular issue). Opening workers’ personal
e-mails is especially intrusive : workers should be told if their e-mails
are to be opened and checked in their absence. If workers are to be monitored
on their use of telephones, e-mails and internet, there should be a clear
policy as to the permitted use of such systems (e.g. how much personal
use is allowed; what kind of use is prohibited) and the penalties for
breaching the policy.
Under RIPA and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, interception of electronic communications (eg telephone eavesdropping, checking e-mail before it is read or sent, internet use) without consent is generally unlawful. Section E of the Commissioner’s of the Information Commissioner’s ‘Supplementary Guidance’ gives a useful explanation of the issues.
Interception may be legitimate e.g. to see if an e-mail to an absent employee is business-related, or to audit or monitor the operation and integrity of a telecommunications service or network e.g. if an employee is clogging they system with spam or heavy downloads.
The European Convention on Human Rights Articles 8 (respect for private
and family life) may be relevant. Interception of calls made on a worker’s
office telephone without his/her prior knowledge is a breach of the right
to privacy. In the leading and well publicised case of Halford v UK ,
a senior police officer successfully argued that her Article 8 rights
were breached when her phone line was tapped (i.e. monitored) because
she had brought sex discrimination claims against the employer police
force. In the less well known case of Copland v The United Kingdom a college
worker was monitored for excessive e-mail, phone and internet use. The
European Court of Human Rights considered this to be an improper interference
with her privacy : she recovered € 3,000.
There is nothing to stop an employee covertly recording a disciplinary hearing (Chairman & Governors of Amwell View School v Dogherty) . The issues from this case are peculiar. The Court separated out the parts of the hearing that the employee was present at and where the recording could be used from the parts where the Governors were deliberating in private when the recording should not be used.
Practical Point
An employer conducting a disciplinary hearing should issue a suitable written record of the hearing as soon as is practicable to the employee and ask the employee to confirm it is agreed, alternatively offer any corrections.
Covert Investigations
Personal injury case Jones v University of Warwick the Court of Appeal upheld the admissibility of a video tape of an employee in her own home which had been obtained covertly by an enquiry agent posing as a market researcher. The Court strongly criticised the invasion of the individual’s privacy but allowed the tape to be seen.The University was ordered to pay the costs of the hearing into the admissibility of the evidence.
Covert surveillance
McGowan v Scottish Water SW became suspicious that M had been falsifying timesheets and engaged private investigators to film him. Evidence gathered during this exercise showed that the company's suspicions were justified and M was subsequently dismissed for dishonesty.
M argued that the covert surveillance of his home breached his rights, rendering the investigation procedure, and consequently the dismissal, unfair. The EAT held that covert surveillance of a person's home raises a strong presumption that the right to respect for private life under the European Convention on Human Rights (respect for private and family life) has been infringed. However, the key issue was the question of proportionality. SW was a “public corporation” and was effectively investigating criminal activity regarding potentially fraudulent timesheets.
Sources :
The Regulation of Investigatory Powers Act 2000 (RIPA)
The Data Protection Act
The Human Rights Act
The Information Commissioner
The Employment Practices Code
Other seminar papers
- Discipline & Grievance Rules April 2009
- Privacy in work place
- Sickness in the Workplace March 2009
- Stress at work
- Variation of Terms by Employer
.......................................................................................................................................................
By Peter Miller, Head of Employment Law at Bowling
& Co
62 Broadway, Stratford, London E15 1NG
Tel: 020 8221 8000 Fax: 020 8519 5504
Direct Telephone: 020 8221 8065
Email: Peter.Miller@bowlinglaw.co.uk
Website: www.bowlinglaw.co.uk
This Article is written as a general guide and is not a substitute for
professional advice.
You are strongly recommended to obtain specific professional advice
before you take any action.