Staff security and monitoring employees

In order to ensure that any staff monitoring you carry out is lawful and proper, you need to follow the principles of the Data Protection Act.

Ensuring staff monitoring is lawful: what you must do

You must:

Make sure that any monitoring is justified

For example, to ensure compliance with regulatory requirements, prevent or detect crime, and check whether communications are relevant to the business if a worker is away from work. See staff monitoring: deciding if it is justified.

Ensure that monitoring is proportionate

For example, place CCTV surveillance only where necessary or only spot check emails rather than monitor them continuously.

Inform staff

Notify staff if they are being monitored and what data you are collecting.

Explain why you are monitoring staff

Inform staff why you are monitoring them - if it's not clear why you are monitoring workers, they may feel you don't trust them.

Covert monitoring

Strictly target and limit covert monitoring only to cases where you suspect criminal or other serious malpractice and where telling the individuals about the monitoring would be likely to prejudice its prevention or detection.

Consider staff privacy at work

It's important to take into consideration how to balance the necessary intrusion with expectations of staff privacy at work. Take into account issues such as suitable notification and the purpose of the monitoring.

Ensuring staff monitoring is lawful: what you must not do

However you must not:

Use information unlawfully

Use information for any purpose other than that for which it was collected.

Access personal emails

Access the content of clearly marked personal emails except in exceptional circumstances.

Make routine inspections

Routinely check workers' phone messages, emails, etc - you should only do so if you have made all reasonable efforts to inform users that you may intercept messages.

Continuous monitoring

Carry out the continuous video or audio monitoring, other than usual CCTV surveillance measures.

Recording in private places

Film or make sound recordings in private places - eg toilets or staff changing rooms.

Physical searches

Physically search an employee, unless their contract of employment provides for this and they consent to it.

You should consider putting together appropriate workplace policies on staff monitoring - eg covering the use of internet, email, and business vehicles. See set up staff workplace monitoring policies.