ENFR

Employee Surveillance and Biometric Technologies

New technologies can help to protect staff and secure assets, but it is important to remember that employees do not lose their privacy rights when they arrive at work. The same rules apply to data of employees as to the data of members of the public. If you are considering using biometric technologies, the data protection requirements are even more extensive. These technologies can provide effective solutions to real problems, but it is important to conduct a proper analysis to ensure that they provide the right solution to the right problem.

In cases where there have been documented incidents of violence against employees by members of the public, CCTV has allowed for the identification of offenders and has acted as a deterrent to others. This does not mean, however, that CCTV is necessary in every workplace. CCTV is highly privacy intrusive and the benefit of using it must outweigh the loss of privacy. The key risk is that it collects personal data on everyone within its field of vision, including individuals who are not the intended targets.

Employers should use it only as a last resort, once less invasive alternatives have failed to resolve the problem, such as physical barriers or additional security staff. Before you implement it, employers should have documented evidence of a continuing risk to the business and/or their employees. They will need to consult their employees beforehand, as surveillance can affect their psychological well-being as well as their human rights. It is also necessary to post signs informing the public of the existence of the surveillance, the purpose of the surveillance and the contact information of an office they may contact if they have questions. There needs to be policies and procedures in place indicating where the technology will be installed, who will have access to the data, how long it will be retained, and what technical safeguards will be in place.

Biometric technologies offer convenience of use and greater certainty of identification. However, they also require the collection of special category data on users, and this requires additional protection. Employers will probably need to conduct a data protection impact assessment prior to implementation. This involves examining the reasons why they think they need this technology and whether these reasons are compelling enough to warrant the invasion of privacy involved. For example, what is the security concern that requires the replacement of a pass card with a fingerprint scan or iris scan? There needs to be a good answer to that question.

Generally, employers should not use CCTV or other surveillance technologies, such as keystroke capturing software on computers, to put their employees under surveillance surreptitiously. The technology is not a replacement for proper in-person management supervision. They should not use it to enforce policy. They should not use it to measure employment performance and make decisions about an employee without an employee being made aware that they are going to be monitored in this way.

The only case where it would be acceptable to monitor employees without making them aware of it would be for the purposes of investigating incidents of wilful damage or theft of assets including data, when employers have exhausted other less-intrusive options. Any actions that could lead to employee discipline should follow standard human resources policies and procedures. Resorting to surveillance technologies precipitously can lead to employment tribunals finding against employers, even in cases where the employers’ suspicions are valid. Always consult a human resources advisor prior to implementing surveillance technologies in the workplace. If you were in the employee’s shoes, how would you feel if you were under surveillance and what would you expect from your employer in such a situation?

Surveillance and biometric technologies can provide innovative solutions to some intractable problems, but they involve their own risks and can create new problems. The transparency principle in data protection laws require notifying people when they are under surveillance. However, the sense of being watched can be unnerving and stressful for employees, and this can adversely affect their work performance. Some may make data protection complaints, and the entire situation could cause conflict and undermine positive working relationships unnecessarily and for no tangible benefit to the business.

Surveillance and biometric technologies, like marriages, should not be entered into unadvisedly or lightly; but reverently, discreetly, advisedly, and soberly.