Ch 14.6 - Monitoring overview
Workplace monitoring: principles, background checks, DLP
An employee does not lose their right to privacy at work; their private sphere is protected but balanced against the employer's right to run its business. Lawful monitoring must satisfy four principles: necessity, legitimacy, proportionality and transparency. Background checks must avoid illegal blacklists, and data loss prevention (DLP) tools count as a form of employee monitoring even when their aim is to protect company data.
| Principle | What it demands |
|---|---|
| Necessity | Monitoring must be really necessary; consider less-intrusive methods first |
| Legitimacy | There must be a lawful basis (often legitimate interests) and the processing must be fair |
| Proportionality | Monitoring must be proportionate to the issue being addressed |
| Transparency | Employees must be clearly informed of the monitoring carried out |
- Background checks are increasingly common because the weak link is often human, not technical; an employer must not compile blacklists or identify people it will not employ.
- Blacklists are a significant privacy intrusion and are generally illegal.
- DLP tools inevitably process employee and third-party data and are a form of employee monitoring, even though their aim is to prevent loss of the organisation's data.
- Data collected by monitoring must be held securely, accessed only by those with a legitimate reason, and deleted when no longer needed (with limited exceptions, e.g. a dismissal that may be challenged).
Privacy survives at work
An employee does not lose their right to privacy in the workplace. That right is balanced against the employer's legitimate right to operate its business and guard against rogue actions.
Key terms - quick answers
What is “Necessity”?
The employer must show the monitoring is really necessary and consider less-intrusive options first.
What is “Legitimacy”?
There must be a lawful basis (often the legitimate-interests balancing test) and the processing must be fair.
What is “Proportionality”?
Monitoring must be proportionate to the issue, a reasoned and realistic response to a real threat.
What is “Transparency”?
Employees must be clearly informed of the monitoring that will be carried out.