Controversy around technologies used to monitor employees is not new. However, against the backdrop of COVID-19 with office-based workforces operating remotely, businesses have struggled with how to effectively manage staff and have hastily deployed surveillance technologies. This knee-jerk reaction is perhaps understandable, but employers must be wary. The backlash can be severe, unexpected, and sometimes public.
If implemented correctly, the law does not prohibit employee monitoring, but there has always been a fine line between monitoring to protect a legitimate business interest, and employee surveillance that invades an individual’s privacy.
For example, in 2016, The Telegraph withdrew devices that monitored the time employees spent at their desks after much criticism. In February 2020, Barclays launched a monitoring system that tracked the amount of time employees spent at desks, recorded toilet breaks as “unaccounted activity” and sent warnings to those who had not been “active” enough during the day; software that was scrapped a week later after widespread backlash amongst staff.
Software providers are also understandably keen to promote the capabilities of data analysis offered by their products, but there is an increasing sense that just because technology enables businesses to monitor their employees in new ways, it doesn’t mean they necessarily should. Microsoft’s Productivity Score tool within Office 365 recently came under sufficient criticism that Microsoft had to change how the tool collects data about employee users.
In this new virtual world of work, it may be essential for some businesses to ‘keep tabs’ on employees to protect trade secrets and prevent compliance breaches. Whilst it is not unlawful, many are rushing into surveillance systems without considering the pitfalls. Is there a solution for achieving that delicate balance between company security and invasion of privacy? Yes, but successful monitoring only comes with a combination of a robust assessment of the impact on workers’ privacy and transparent communications.
Firstly, think personal data
The public has generally never been more aware of their right to privacy and scathing of that privacy being invaded. Heightened awareness of privacy rights under the GDPR (General Data Protection Regulation) and the Data Protection Act 2018 mean that employers must consider privacy issues at every stage of a new project, from conception to implementation to daily usage.
Businesses must carry out a privacy impact assessment before implementing any monitoring system. When doing so, they must consider whether the reasons for monitoring employees can justify the intrusion into their private lives and whether less invasive methods could achieve the same objective.
As ever, limiting the amount of identifiable personal data that is collected, and restricting access to that data to those who are adequately trained on how to use it lawfully, is crucial.
Transparency has never been more important
With remote workforces scattered across the country and limited ‘face time’ with bosses, transparency is more important than ever.
All contracts of employment include an implied term of trust and confidence. Employers must therefore understand that implementing any monitoring system may not only create feelings of resentment amongst employees who feel they are being ‘spied’ on, but it could also constitute a breach of that implied term.
Given that many employees are juggling the difficulties of homeworking with various pressures caused by home-schooling, other caring responsibilities and mental health pressures, business mustn’t forget the vulnerability of their workforce and the heightened impact that any new form of monitoring could have on them.
As is the case for much of this new era we find ourselves in, the answer isn’t straightforward. Lawful monitoring of employees is complex, so it is critical that employers consider whether it is truly necessary for their business needs and, if installed, that they have a valid business need that cannot be met through other means and introduce appropriate safeguards and policies to comply with their legal obligations.
Yet, above all – and perhaps the piece of the puzzle most often forgotten – they must ensure through transparent communications that employee trust will not be undermined. That damage can be hard to repair.