25 October 2020

Will monitoring your home-working staff land your business in hot water?

Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits of remote working for their employees.

Others had been wary of it and had felt forced into allowing home working by the unusual circumstances.

Now, many of us have spent months working from home, and some of us are still in official lockdowns.

Some managers and business owners feel the need to check up on home-working staff to ensure they are productive and don’t complete personal tasks and business during work hours.

There have been high-profile cases of business owners and managers using web cams to monitor the activities of employees, such as at Barclays which this year scrapped plans to monitor workers at their banks and offices.

In fact, there are several specialist software providers who are selling software which monitors webcams at various points throughout the day, monitors screenshots, and gives a minute-by-minute account of activities, including Hubstaff, Sneek, and ActiveTrac. Some systems can even include GPS tracking or audio recording.

There are industry reports that demand for such software is 71% up during the pandemic when compared with figures before it.

However, handling this matter in a clumsy fashion could lead to your business getting into hot water legally.

What does the law say?

Article 8 of the European Convention on Human Rights (ECHR) guarantees individuals the right to respect for their home, their private and family life, and their correspondence. 

The case of  FNASS & others v France brought under Article 8 established the principle that an individual is entitled to a space where they can develop relationships with others. It also established a right to live privately, away from any unwanted attention or publicity, and a right to personal development.

A person’s home is also protected under the case of McLeod v United Kingdom which established the right not to have it disturbed by unnecessary or disproportionate searches by state authorities.

Then there’s also Giacomelli v Italy which gives people the right to the peaceful enjoyment of their own homes and property.

This group of cases established that any interference with those rights must be justified as a necessity and to answer a pressing social need as is identified by the European Court of Human Rights.

Often, whether a subject has ‘reasonable expectations of privacy’ will be the central test applied by the court.

How does that apply to home working?

As work and home lives become even more blurred, it’s worth knowing that a person is likely to have ‘reasonable expectations of privacy’ in their own home which would only be infringed by authorities investigating a potential crime, for example.

An employer also has the reasonable right to ensure his or her employees are working effectively.

So, there needs to be a careful balance between those rights.

This is particularly important as the standard of ‘reasonable expectations’ of privacy for home working hasn’t as yet been tested in court.

Whether extending such monitoring into an employee’s home would be seen to be reasonable by a court is likely to depend on the individual circumstances and what the employee and employer had agreed to in their contract.

There are important questions to ask. Does the employee live alone, with family, or with housemates? Is there a danger such surveillance could infringe on someone else’s privacy in the household? Could children’s privacy be put at risk?

If monitoring like this is carried out covertly and without the employee’s consent, however,

there is a substantial risk of a legal action in against the business by the employee, or a possible tribunal for constructive dismissal from a former employee.

What does the law say about holding screenshots, images, and videos?

If these items contain personal information which can identify someone, they are also covered by the General Data Protection Regulation.

Clearly, webcam video or still shots of people’s faces identify them.

Screenshots of work could identify them or someone with whom they are corresponding.

The same can be said for audio recordings and GPS data.

So, it’s important that any data you hold is done so securely and within the legal basis for holding it under GDPR.

They may fall within the scope of a Subject Access Request by the employee, too, so your business must be prepared to fulfil its legal requirements and inform the subject what data it holds on them.

Are there other potential data protection pitfalls in home working?

We recently covered the problematic area of employees using WhatsApp to keep in touch while people are home working. Read about the five serious pitfalls here.

There may also be online conferencing and work collaboration apps which do not meet the GDPR security standards.

So, it’s worth looking carefully at their terms of service and reviewing best practice.

What can you do to avoid legal problems when monitoring staff?

  • Review your contracts with staff and look at what is or isn’t said when it comes to home working and monitoring employees when they’re at home. If data from monitoring is to be used in disciplinary action, for example, that should be written into a contract.
  • The Information Commissioner’s Office says that employers should ensure staff are aware of any monitoring before it starts, and they should be told the reasons for it and how any information collected could be used. The ICO also says employers should consider the potential negative effects on employees and consider using something less intrusive.
  • Review your staff handbook and guidance on home working, re-writing the document if necessary, as the times have changed radically.
  • Carry out a Data Protection Impact Assessment of how you’ll collect, hold, and process any personal data which the monitoring process throws up. Decide how long data will be held and communicate effectively with employees.

Do you need specialist advice on dealing with data protection? Please call us on 029 2000 2339 or email contact@iolis-legal.com.

Recent Posts

5 Things to Remember When Meeting Over Video

As industry and commerce gets used to the ‘new normal’, the use of video conferencing facilities and software is becoming widespread. It is a useful tool and has undeniably been a major factor in bringing teams back together in a virtual way during the pandemic lockdown. There has been a lot of media coverage on […]

Read more
Will monitoring your home-working staff land your business in hot water?

Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits of remote working for their employees. Others had been wary of it and had […]

Read more
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...

I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version of the Monster Mash this Halloween! There are […]

Read more
How could the right to be forgotten affect your amateur rugby or football club?

The General Data Protection Regulation was ground-breaking legislation in several ways. It brought data protection rules to filed paper documents, for example, and gave individuals a standard mechanism to request what data an organisation holds on them. Among the new rights it introduced was the right for individuals to ask to have their personal data […]

Read more
What are the 4 common data protection mistakes which could cost your business dearly?

Every business has a duty of care for the personal data of its customers, suppliers, and staff. The law enshrines it in the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the PECR, and any data breach must be reported to the relevant authorities, generally within 72 hours. In the UK, that’s […]

Read more

Does your UK business need a mediator or support with data protection and GDPR? Tell us how we can help you.

Call us to start the conversation on 029 2000 2339 or email contact@iolis-legal.com

Contact us
9 November 2020
5 Things to Remember When Meeting Over Video
As industry and commerce gets used to the ‘new normal’, the use of video conferencing facilities and software is becoming widespread. It is a useful tool and has undeniably been a major factor in bringing teams back together in a virtual way during the pandemic lockdown.…
Read More
25 October 2020
Will monitoring your home-working staff land your business in hot water?
Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits…
Read More
25 October 2020
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...
I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version…
Read More
20 October 2020
How could the right to be forgotten affect your amateur rugby or football club?
The General Data Protection Regulation was ground-breaking legislation in several ways. It brought data protection rules to filed paper documents, for example, and gave individuals a standard mechanism to request what data an organisation holds on them. Among…
Read More
13 October 2020
What are the 4 common data protection mistakes which could cost your business dearly?
Every business has a duty of care for the personal data of its customers, suppliers, and staff. The law enshrines it in the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the PECR, and any data breach must be reported to the relevant authorities,…
Read More
25 September 2020
Five Reasons you should not use WhatsApp in your business
As a business, it is very convenient to use WhatsApp to communicate with your staff and to allow staff teams to communicate with each other. But could this easy and flexible communication tool land you in hot water? In short, the answer is yes, let’s look at some of the…
Read More
© 2020 IOLIS Ltd. Reg. in England & Wales Num.11968202 For reg. address see contact details | Website designed, hosted, and maintained by Jötnar Systems