Are You Being Watched? Surveillance of employees and the disciplinary process
Employers should have a clear written policy for any lawful surveillance of employees. Surveillance should only be carried out to give effect to a stated purpose. Surveillance of employees at work involves “data processing” and is covered by the Data Protection legislation.
Employees have privacy rights and those rights are protected under the European Convention of Human Rights and the Constitution. Monitoring an employee’s email, telephone and internet use may breach an employee’s rights to privacy. Employers do so with the expectation that they can use any information obtained against an employee with impunity. But can they do so lawfully? And what of social networking sites? Users putting information on social networks like Facebook do so at their peril. Employers can and do access social network sites for information on employees and prospective employees. Access is open to all unless the user restricts access. What of employees who harass co-employees on the company’s intranet, e-mail/mobile and the networks? Clear written policies on acceptable use of IT resources by staff are essential. Spelling out the consequences for unauthorised usage is a “no brainer” for employers unless they wish to fall foul of privacy rights, Employment and Data Protection legislation and to leave themselves exposed to claims for damages for breach of their duty of care to employees.
An employer is a Data Controller under the Data Protection Acts and must abide by the requirements of the legislation if it wishes to use personal data such as CCTV footage of an employee in the course of a disciplinary process. If a dispute arises in relation to such data gathered and used for disciplinary purposes, an employee could lodge a complaint with the Data Protection Commissioner and seek to obtain an enforcement notice preventing the use of such information. Caution therefore must be exercised in ensuring that CCTV footage has been fairly gathered, retained and used correctly in accordance with the legislation, particularly if the footage is to be used as grounds for dismissal.
The use of recording mechanisms to obtain data without an employee’s knowledge is unlawful. Thus the taping of meetings without an individual’s knowledge and agreement would be unlawful. The recent case involving the use of a private investigator by a school Principal to carry out surveillance work and follow the plaintiff teacher in a car to ascertain what she was doing during her working day, albeit that it was without the consent or knowledge of the employer Board of Management, was criticised by the High Court as inappropriate and constituting serious harassment. The employer in that case was ordered to pay €75,000 in damages to the employee for breach of its duty of care as a prudent employer, of which €5,000 represented aggravated damages.
Aside from the good sense and practical protection which having a written policy provides, the specific purpose for which any surveillance is being used must be clearly stated. If employees are told cameras are being installed for the purpose of preventing theft in the workplace, the employer cannot subsequently use footage from such surveillance as evidence in an unrelated disciplinary matter. If surveillance material is to be used to identify disciplinary issues relating to employees, the employees must be informed of this before the cameras are used for these purposes. Employers/ Data Controllers cannot use personal information captured on CCTV systems for just any purpose or a broad range of purposes. The use of CCTV has continued to give rise to regular complaints before the Data Protection Commissioner. In a case involving the use of CCTV installed in the students’ toilets of a secondary school, the Commissioner ordered their removal and also commented on the complaints by staff about use of the CCTV to monitor their movements. He indicated that such monitoring was “rarely proportionate” under the Data Protection legislation.
Are you an exposed employer? Are you running risks using unlawfully obtained surveillance data to discipline employees? Are you leaving yourself open to being prosecuted by the Data Protection Commissioner? As an employee are you aware that your rights to privacy are being breached? What protections and safeguards are in place? Whatever about the workplace where clear policies can provide direction and obviate problems arising, what about the collection of surveillance data via the social networks? Cyberstalking on the internet is a growing phenomenon. Unfortunately the law lacks the tools to address rapid technological change and does not always provide effective remedies. Witness the recent ineffectiveness of the super-injunction in the Ryan Giggs case. It is equally unclear for example how an Employment Appeals Tribunal today will deal with information obtained by an employer in breach of Data Protection legislation or an employee’s rights to privacy, and lifestyle in particular. Proactive steps such as adapting and implementing clear policies in the workplace will assist in alleviating problems and providing some protection and safeguards for both employer and employee.
Carol Fawsitt