1 minute read

Do we need to restrict the amount of information we collect when we monitor workers?

monitoring set out in a policy does not make it lawful, just because it is documented.

Example

Advertisement

An employer has a policy which imposes a ban on personal calls, but in practice, they overlook a limited number of personal calls. The employer cannot rely on the policy to justify carrying out monitoring.

Example

An employer has acceptable usage rules for using the internet. They document these rules in a policy which is made known to and accessible by all workers affected. Either in this policy, or linked to from this policy, the employer sets out privacy information which explains how they monitor these rules, how they use the information obtained from the monitoring, and the safeguards in place for the workers being monitored.

Systems can be set so that workers cannot access the internet or applications without accepting certain conditions. This can reduce the need for some types of monitoring.

Example

An employer minimises the risks of unacceptable usage by blocking some websites – personal email, social media sites and entertainment sites. This means they can minimise unacceptable usage rather than monitor for it.

Yes. The data minimisation principle means you should not collect more data than you need to achieve your purpose. It is closely linked to purpose limitation. Monitoring technologies and methods have the capability to gather wider categories and larger amounts of information than is necessary to achieve your purpose. This risks ‘function creep’, where information is used for wider purposes than the original intention. This can happen gradually over time, so you should review worker monitoring regularly to prevent this. Similarly, you must not collect more than is necessary just in case it might prove useful to you in the future.

This article is from: