Guide

Staff security and monitoring employees

Monitor staff correctly and lawfully

In order to ensure that any staff monitoring you carry out is lawful and proper, you need to follow the principles of the Data Protection Act.

Ensuring staff monitoring is lawful

You must:

  • Make sure that any monitoring is justified - eg to ensure compliance with regulatory requirements, prevent or detect crime, and check whether communications are relevant to the business if a worker is away from work. See staff monitoring: deciding if it is justified.
  • Ensure that monitoring is proportionate - eg place CCTV surveillance only where necessary or only spot check emails rather than monitor them continuously.
  • Notify staff if they are being monitored and what data you are collecting.
  • Inform staff why you are monitoring them - if it's not clear why you are monitoring workers, they may feel you don't trust them.
  • Strictly target and limit covert monitoring only to cases where you suspect criminal or other serious malpractice and where telling the individuals about the monitoring would be likely to prejudice its prevention or detection.
  • Consider staff privacy at work - it's importnat to take into consideration how to balance the necessary intrusion with expectations of staff privacy at work. Take into account issues such as suitable notification and the purpose of the monitoring.

However you must not:

  • use information for any purpose other than that for which it was collected
  • access the content of clearly marked personal emails except in exceptional circumstances
  • routinely check workers' phone messages, emails, etc - you should only do so if you have made all reasonable efforts to inform users that you may intercept messages
  • carry out continuous video or audio monitoring, other than usual CCTV surveillance measures
  • film or make sound recordings in private places - eg toilets or staff changing rooms
  • physically search an employee, unless their contract of employment provides for this and they consent to it

You should consider putting together appropriate workplace policies on staff monitoring - eg covering the use of internet, email and business vehicles. See set up staff workplace monitoring policies.