Can you monitor employees without consent

Employer monitoring of employees and surveillance is legal. In many cases there is a legal duty to monitor employees. However, there are boundaries employers should operate within.

We specialise in keeping employers within the legal framework of permitted employer monitoring and able to successfully defend themselves against claims. 

Can you monitor employees without consent?

Most employers do not want to invade the privacy of employees. But on the other hand employers do have legal responsibilities to monitor employers and prove they have taken monitoring seriously. We advise employers on the many grey areas that arise concerning legal monitoring of employees and guide on the judgement calls often needed.

Monitoring employees working remotely

Remote monitoring may range from random spot checks of emails and internet use to installing more invasive software that records laptop screens and calls, tracks keyboard use.

Under the GDPR and DPA, any processing of personal data must have a specific, explicit and legitimate purpose. A legitimate purpose for monitoring employees may be, for example, to safeguard the security of personal data while employees are working remotely, to ensure compliance with legal obligations or to ensure an employee is performing their obligations under an employment contract.

Legal responsibility of employers to monitor

Employers can be held legally responsible for their employees’ actions. This is termed vicarious liability. This means an employer could be liable for comments made about another employee or a competitor.

Defamation, discrimination and data protection laws all make employers responsible. Even if the employee was not at work the employer can still be liable.

Even if vicarious liability does not apply, employers often need to know what employees actually do.  Firstly, employers require disciplinary and investigatory procedures which allow swift action.

Expectation placed on employers to monitor

Any authority expects employers to implement and police appropriate policies relating to surveillance and monitoring.  We ensure our clients comply. Our clients thus mitigate some liability. Many offences carry criminal sanctions plus sizeable fines.

Liability of directors who fail to operate monitoring

The directors can be held to account, if the company fails to monitor employees activities. Directors who fail to properly manage employees face regulatory authorities and shareholders.

Legal powers for the employer to operate monitoring

The technology available to employers is rapidly developing.  Unfortunately, the law has not kept up.  The legal powers available to employees is in a state of development. However the employer may be on firm legal ground if it can rely on the employment contract.  Modern employment contracts should include provisions detailing the monitoring that will take place.

Ways around uncertainty on the legal position concerning employer monitoring permitted

Employers will be helped if their employment documentation permits monitoring on a general scale.  A good surveillance policy will set boundaries, inform employees what they can and cannot do, and highlight activities detrimental to the business.  Preservation of data is quicker and easier in dealing with ex-employees if the employer can rely on a policy.

As the scope of intellectual property rights develops, your employment contracts need to be updated and reviewed to reflect these developments, regardless of your business’s size or operations.

Example of the benefits of an effective employment contract

An employee who loads company information onto a personal account may find their conduct amounts to a misuse of the business’ confidential information.  The employment contract should contain provisions requiring that confidential information is kept confidential.  On a worst case scenario the court is more likely to grant an injunction.

Overcoming the legal risks of employee monitoring

Employees could object to employer monitoring under “human rights” legislation.  Furthermore, an employer has a responsibility to store the information obtained via monitoring.  The responsibility extends to:

  • The employer must collect only the information necessary for a specific purpose(s);
  • The employer should only hold as much data as required, for as long as required;
  • The employer must allow the employee to see it on request; and
  • The  employee must keep the information secure.

Reduction of legal risks

The legal risks can be limited by including in the employment contract provisions such as:

  • Prevent disparagement of your business, clients and customers;
  • Restrict use of confidential information;
  • Restrict employee’s use of social media following termination, e.g. Employers commonly include clauses specifying the removal of any reference to the business from an employee’s social media sites.

Powers of access employers need to retain

In addition, employers should ensure they have the power to access:

  • Private accounts where there are reasonable grounds for the employer to require access;
  • Third party accounts if there are potential security risks.

Exposure for employers who do not monitor effectively

There are numerous examples where the employer who does not monitor and reserve the power needed will be vulnerable.  Two such examples relate to copyright breaches and taking bribes as we explain below.

Legal duty to stop copyright breaches by employees

The risk for employers if there is a breach of copyright by an employee is that the employer is accused of facilitating the breach.  Employers can be liable for secondary infringement of intellectual property such as copyright. Thus employers do need to monitor this and act quickly if there is a suspected breach of copyright.

Areas where employers find themselves liable for breach of copyright

Copyright breaches could include employees whilst at work:

  • Selling copies of copyright works;
  • Supplying fake goods;
  • Using company equipment to upload infringing content to the internet;
  • Using the company’s intranet to sell infringing products to workplace colleagues;
  • Employees might use counterfeit or unlicensed software on a company computer.  Such software can be a security risk.
  • The employer is also liable for infringing other business’ IP.

Data protection obligations

When monitoring employees, consider data protection laws. The laws are complex, and encompass EU regulations and regulatory bodies’ practice guides and procedures. Generally, there are two types of data:

  • Personal data: names, addresses, telephone numbers and dates of birth; and
  • Sensitive personal data: race, religion, health records and memberships, e.g. trade unions.

Extent of employee monitoring required

The employer is responsible for:

  • Data protection assurance;
  • Records management;
  • Information security;
  • Data sharing and subject access; and
  • Direct marketing.

Legal duty to monitor employees to help prevent bribery

Employers cannot ignore bribery. The Serious Fraud Office successfully prosecutes companies for failing to prevent bribery.  Bribery is a criminal offence, unlike much of employment law.

It may be impossible to completely prevent an employee bribing someone.  However, employers won’t have a defence unless they show adequate systems and controls are in place for employee monitoring and surveillance.

Investigations into bribery

Importantly, your company must define a timeline for reporting suspected acts of bribery, and an investigation process. In practice employers undertake investigations into allegations internally.  The investigation process is easier if employers have established contractual rights to monitor and seek co-operation in their employment documentation.

Alex Kennedy

I know that when the noise dies down there is a solution to be found. I set about that task as quickly as possible.

Let us take it from here

Call us on 020 7438 1060 or complete the form and one of our team will be in touch.