The Information Commissioner’s Office (“ICO”) has issued guidance to employers to ensure lawful monitoring of workers to reflect the rise of remote working and advancements in surveillance technologies.

Workplace monitoring includes tracking calls, internet activity and keystrokes, hidden audio recordings, camera surveillance and monitoring timekeeping or access to premises. Workplace monitoring could apply at the office or at home.

The guidance confirms that data protection law does not prevent employers from monitoring workers, but it must be done in a way that complies with data protection law and considers workers’ rights.

When deciding if the proposed monitoring is appropriate, employers must balance their legitimate interests and the necessity of the monitoring against the interests, rights and freedoms of workers. The guidance highlights that excessive monitoring is likely to intrude into workers’ private lives and undermine their privacy and mental wellbeing, particularly given the difficulty in distinguishing between workplace and private information, especially when workers are based at home or using personal devices for work.

Employers must be clear and inform workers about the purpose of monitoring, select the least intrusive means to achieve the purpose and document why monitoring is necessary. The guidance highlights that monitoring workers may often include capturing sensitive information (“special category data”). If the nature of the monitoring means employers will collect special category data, they need to identify a special category processing condition as well as a lawful basis for processing. The guidance recommends employers complete data protection impact assessments (“DPIAs”) with respect to workplace monitoring activities even when not specifically required under data protection law, and DPIAs should factor in anyone else captured by the monitoring, such as household members.

The guidance indicates that covert monitoring (i.e., where workers are unaware of the monitoring taking place) is unlikely to be justifiable in most circumstances, and generally will only be appropriate in cases of criminal activity or gross misconduct.

Employers should seek their workers’ views if they plan on introducing monitoring into the workplace, unless there is a good reason not to.