I Spy? Covert monitoring of employees

Employees iStock 000005305116XSmall 146x219Covert monitoring of employees is always a tricky area. Sarah Lamont and Sarah Maddock look at the key considerations for public bodies, in the light of a recent EAT ruling.

The recent case of the City and Council of Swansea v Gayle looked at whether secretly ‘spying’ on an employee leaving a sports centre when he should have been working, made his subsequent dismissal for misconduct unfair. Helpfully, the Employment Appeal Tribunal said that the Council had fairly dismissed Mr Gayle, even though the Council’s covert surveillance of him was unnecessary.  

Legal background

Several aspects of law and guidance come into play when looking at covert surveillance of employees, and the key areas which in-house solicitors and employers in the public sector must navigate are:

  • The European Convention on Human Rights.
  • The Data Protection Act 1998 and accompanying non-statutory guidance, the Information Commissioner's Employment Practices Data Protection Code (‘the Code’).
  • The Regulation of Investigatory Powers Act 2000.

Article 8 of the European Convention on Human Rights (ECHR) sets out that “[e]veryone has the right to respect for his private and family life, his home and his correspondence,” and goes on to state that there shall be no interference with that right by a public body. This is not, however, an unqualified right. A public body may interfere with the exercise of the right to privacy if it “is in accordance with the law and is necessary in a democratic society",

  • in the interests of national security, public safety or the economic well-being of the country.
  • For the prevention of disorder or crime.
  • For the protection of health or morals.
  • For the protection of the rights and freedoms of others.

So, public bodies must undertake a balancing act: protection of privacy vs. general societal interests. Another way of putting this is that their actions must be proportionate. And in accordance with the principle of proportionality, a public authority contemplating covert monitoring in possible breach of privacy, should:

  • identify a legitimate aim.
  • ensure that the aim is sufficiently important to justify limiting the ECHR right: in other words, balance the aim against the effects.
  • ensure that the method of surveillance chosen goes no further than is necessary.

Monitoring employees also involves the processing of personal data, so the Data Protection Act 1998 (DPA) must be considered. The eight data protection principles under the DPA and the Information Commission's Office Employment Practices Code (Monitoring at Work) should be taken into account.

The Regulation of Investigatory Powers Act 2000 (RIPA) may be relevant when considering employee monitoring. Under RIPA, it is unlawful, in certain circumstances, to intercept a communication in the course of its transmission in the UK.

In the employment field, if covert monitoring is being used in a misconduct dismissal context, then the general requirements of a fair dismissal under section 98 of the Employment Rights Act and BHS v Burchell should be considered. Finally, contractual law may also be engaged if covert monitoring could amount to a breach of the obligation of mutual trust and confidence that is implied into employment contracts.

City and Council of Swansea v Gayle

In this recent case, Mr Gayle, was seen playing squash when he should have been working.  Swansea Council looked into the allegations and, even though there was no reason to doubt the veracity of what was alleged, it engaged a private investigator who took video footage of Mr Gayle leaving the sports centre during working hours. Mr Gayle was dismissed for misconduct and he brought a claim for unfair dismissal (amongst other claims).  An Employment Tribunal held that the dismissal of Mr Gayle was unfair because:

  • the covert monitoring undertaken by the Council went further than was necessary; the Council had sufficient evidence to justify the dismissal of Mr Gayle without conducting video surveillance – the Council had been ‘too thorough’; and
  • as a public body subject to the obligations under Article 8 of the ECHR, the Employment Tribunal found that the Council had interfered with Mr Gayle’s right to a private life, and had no justification for doing so; and
  • notwithstanding the above, the tribunal said that the dismissal would have been unfair because of the Council’s “inexcusable ignorance” of its data protection obligations.

However, the Employment Appeal Tribunal (EAT) overturned the tribunal’s decision and held that the dismissal of Mr Gayle was fair. Specifically, the fact that the Council had gone over and above what was necessary – i.e. had been ‘too thorough’ – did not render the investigation unreasonable.

In respect of the arguments regarding Mr Gayle’s right to privacy, the EAT made the following useful points:

  • the video surveillance took place in a public place, where Mr Gayle could not have any reasonable expectation of privacy;
  • employers are entitled to know where someone is and what they are doing in the employer’s time;
  • a ‘wrongdoer’ is not entitled to expect privacy in respect of data which reveals their wrongdoing.

The EAT also went on to say that, although it did not find that there was a breach of Mr Gayle’s Article 8 rights, even if it had done so, it said it would have held that the Council’s actions were justified because:

  • they were preventing a crime (fraud against the Council); and
  • protecting their rights under their contract with Mr Gayle.

So, in the context of the Employment Rights Act, faults in covert monitoring are only relevant to the fairness of the dismissal to the extent that those faults actually affect the fairness of the decision to dismiss. The fact that the Council had been ‘too thorough’ by undertaking unnecessary surveillance did not made the dismissal unfair.

That said, even though the dismissal of Mr Gayle was fair, and the employment tribunal’s decision was overturned, its criticisms of the way in which the Council handled the covert monitoring remained valid.

The Employment Appeal Tribunal noted that the Council paid no regard to the guidance in the Employment Practices Data Protection Code. Although this is non-statutory guidance only, it is a matter of good practice to take the Code into account when undertaking surveillance of employees. The Code highlights that it will be rare for covert monitoring of employees to be justified and that it should only be done in exceptional circumstances - for example, as part of a specific investigation into suspected criminal activity. In addition, the ‘core principles’ of the Code suggest that employers considering covert surveillance should:

  • undertake an impact assessment;
  • ensure that the proportionality test is met;
  • if possible, warn employees that the monitoring is to take place;
  • limit the number of staff who have access to information obtained through monitoring;
  • ensure that data obtained through monitoring is kept secure.

The Code sets out (at page 57) that the impact assessment should cover the following:

  • The purpose behind the monitoring or testing and the benefits likely to be delivered.
  • The adverse impact of the arrangement.
  • Alternatives to monitoring or testing or different ways in which it might be carried out.
  • Consideration of the obligations arising from the monitoring.
  • An assessment of whether the monitoring is justified.

Further guidance can be found in the Code on what each of these steps requires (pages 57-59). 

Beyond the Code, employers considering covert monitoring of employees should:

  • issue a written policy and ask employees to indicate that they have read the policy and accept its terms;
  • train managers about the operation of the DPA and its relevance to their responsibilities, including security of personal data in the workplace;
  • remind employees about the monitoring policy and publicise any changes.

If the monitoring involves:

  • the interception of communications
  • in the course of transmission
  • by the owner / controller of a communication system.

then RIPA may apply. This means that if an employer's internal telephone or computer systems are attached to public telecommunication systems (as most will be), the employer's interception (as the system controller) of employees' telephone calls or e-mails would be likely to fall within the ambit of RIPA. If the interception is unlawful, the sender, recipient or intended recipient of the communication can claim damages against the employer.

However, the employer will not be liable if it intercepts communications "with lawful authority” – in the employment context, this means obtaining the employee’s express consent to possible interception. This may be a viable option for employers for internal e-mails and telephone calls. It is more problematic in the case of external e-mails, as the employer must be able to show that it has reasonable grounds to believe both the sender and the recipient have consented – but it is generally accepted that intercepting emails which have already been opened by the intended recipient would not fall foul of RIPA.

If you are considering monitoring under RIPA, it may be helpful to consult your organisation's 'Single Point of Contact' responsible for RIPA. Additionally, ensure that request forms for RIPA authorisation set out specific reasons, method and timescales for the proposed monitoring and demonstrate that the proposed monitoring is proportionate to achieve the organisation's aims – errors in this paperwork are a common pitfall for organisations monitoring under RIPA.

In summary

Information protection law is a complex topic, which engages several overlapping pieces of legislation and non-statutory guidance, so if you are in doubt advice should be sought. However, three key themes are:

  1. Although, in the case outlined above, covert monitoring did not render Mr Gayle's dismissal unfair, this does not represent carte blanche for employers to undertake surveillance on their employees. Covert monitoring will be lawful only in rare circumstances so, if you are considering this, it would be prudent to seek advice and follow the steps set out above.
  2. If considering covert monitoring, check which legislation might apply, and review the ICO’s Code. The Information Commissioner’s website publishes a wealth of resources for employers.
  3. Up to date and well publicised policy documentation will help to maximise flexibility regarding proposed surveillance.

Sarah Lamont is a partner and Sarah Maddock is a professional support lawyer at Bevan Brittan