ICO Publishes Guidance to Ensure Lawful Monitoring in the Workplace

The Information Commissioner’s Office (ICO) is calling on organisations to consider both their legal obligations and their workers’ rights before they implement any monitoring in the workplace.

With the rise of remote working and developments in the technology available, many employers are looking to carry out checks on workers. The ICO has, therefore, published guidance to help employers fully comply with data protection law if they wish to monitor their workers.

New research commissioned by the ICO reveals that almost one in five (19%) people believe that they have been monitored by an employer. If monitoring becomes excessive, it can easily intrude into people’s private lives and undermine their privacy. Over two-thirds (70%) of people surveyed by the ICO said they would find monitoring in the workplace intrusive and fewer than one in five (19%) people would feel comfortable taking a new job if they knew that their employer would be monitoring them.

This new guidance from the ICO provides clear direction on how monitoring can be conducted lawfully and fairly. As well as outlining legal requirements, it also includes good practice advice to help employers build trust with their workers and respect their rights to privacy.

Monitoring can include tracking calls, messages and keystrokes, taking screenshots, webcam footage or audio recordings, or using specialist monitoring software to track activity.  If an organisation is looking to monitor workers, it must take steps including: 

  • making workers aware of the nature, extent and reasons for monitoring;
  • having a clearly defined purpose and using the least intrusive means to achieve it;
  • having a lawful basis for processing workers data – such as consent or legal obligation;
  • telling workers about any monitoring in a way that is easy to understand;
  • only keeping the information which is relevant to its purpose;
  • carrying out a Data Protection Impact Assessment for any monitoring that is likely to result in a high risk to the rights of workers; and
  • making the personal information collected through monitoring available to workers if they make a Subject Access Request (SAR).

The guidance provides an overview of how data protection law applies to the processing of personal data for monitoring workers. It also considers specific types of monitoring practices, including the use of biometric data to monitor timekeeping and attendance.

For all the information mentioned in this article, take a look at our helpful infographic here.

About the author

A compliance technical expert, Al is UKGI's Senior Technical Resources Consultant providing 'back-room' technical support which includes everything from assisting Consultant colleagues with challenging or unusual queries, to updating UKGI's compliance manual, to writing and delivering training, workshops and webinars.

Al Haughton UKGI

Get UKGI Insight In Your Inbox

Regular business news and commentary delivered direct to your inbox each week. Sign up here