CCTV surveillance

Jo Seery examines the legal framework around the use of CCTV surveillance in the workplace by employers and the implications for employees

Surveillance in the workplace has become more sophisticated with the development of digital recording technology and, as Martin Cornforth points out in his article (Social media and the employment relationship) employers are increasingly monitoring the use of electronic systems by employees such as emails and the internet.

Like social media, CCTV can be stored and relied on years after the event but, unlike social media, it is much more sophisticated and can pick out more detail. Generally, employers use CCTV as a means of monitoring or recording the activities of workers in their workplace, but in some cases it is used externally, for instance to monitor a worker’s sickness absence.

Employees, who use smart phones and other portable devices to make recordings of meetings with managers, are also increasingly relying on surveillance footage.

The legal framework

Although the law does not prevent employers from monitoring workers in the workplace, the Information Commissioner’s Office (ICO) has warned that CCTV should only be used as a necessary and proportionate response to a real and pressing need. Monitoring employees by use of CCTV amounts to processing personal data and is governed by the Data Protection Act 1998 (DPA).

The ICO has also published an updated Code of Practice for Surveillance Cameras and Personal Information (known as the CCTV Code) to help ensure that employers comply with the provisions of the DPA when operating CCTV and other surveillance camera devices.

The ICO’s Employment Practices Data Protection Code also applies where CCTV is used to monitor employees in the workplace.

The excessive and disproportionate use of CCTV as a way of monitoring workers in the workplace by public authorities can lead to a breach of an individual’s right to privacy under the Human Rights Act (HRA) 1998. Monitoring may also amount to a breach of the implied term of trust and confidence under an employee’s employment contract.

The ICO has used its enforcement powers to limit the use of CCTV. For example, it issued an enforcement notice to stop Southampton City Council from requiring taxis to carry out continuous audio and video recordings in order to be given a licence to operate in the city.

The Information Rights Tribunal ruled that the use of this type of surveillance was excessive and not justified under Article 8 of the European Convention on Human Rights which provides for an individual’s right to privacy and is enacted in the UK by the HRA.

Compliance with the DPA

The CCTV Code sets out how employers should approach the use of CCTV to ensure compliance with the DPA. The code refers to the 12 principles in the Protection of Freedoms Act 2012 (Surveillance Camera Code of Practice) issued by the Home Office which provides advice and guidance on the operational requirements and technical standards that apply to public spaces for local authorities and the police in England and Wales (Scotland has its own separate CCTV strategy).

Privacy impact assessment

To ensure surveillance is justified, the ICO recommends that employers conduct a privacy impact assessment to judge whether the benefits justify the adverse impact on employees. This should take into account:

the nature of the problem the use of CCTV surveillance is seeking to address
whether CCTV surveillance is justified
whether CCTV surveillance is effective – does it actually address the problem?
what effect it might have on individuals
if there is a better solution than using CCTV
whether it is proportionate.

A failure to carry out a privacy impact assessment is not a breach of the DPA and employers may choose an alternative method of assessing compliance with the Act. However, if the employer does nothing at all then this may be considered as evidence in the event of a complaint to the ICO. The CCTV Code also recommends that private sector employers carry out a privacy impact assessment even though they are not subject to the HRA.

Positioning of CCTV

The guiding principles set out in the CCTV Code is that the information collected by CCTV must be adequate for the purpose and that:

Where possible, any video or audio monitoring should be targeted at areas of particular risk and confined to areas where expectations of privacy are low
Continuous video or audio monitoring of particular individuals is only likely to be justified in rare circumstances
Employees should be given a clear indication when, where and why CCTV surveillance is being carried out
Employers should give adequate notices informing others of the monitoring and its purpose (which should be in alternative formats for people with a disability and in languages other than English).

Surveillance should not generally be used in changing rooms or toilets.

Effective administration

The CCTV Code states that there should be a clear basis for processing personal information and how it is collected. Procedures should therefore set out:

what is to be recorded
how the information should be used
how disclosure, consistent with its purpose, is to be controlled
what processes have been put in place to ensure that the information is stored securely and made accessible for law enforcement agencies
the responsibilities of the bodies that have control of the information.

The ICO should be notified who the data controller is, the purposes for which the information is used and the disclosures that are made.

Live images should be restricted to authorised personnel in limited circumstances, although they can be released to law enforcement agencies for the prevention and detection of a crime. So if someone outside the organisation is editing the images, they must have a contract that specifies how they store the images and keep them secure. Perhaps not surprisingly, surveillance taken by CCTV cameras should not be placed on the internet or posted on social media sites.

The CCTV Code does not set out any minimum or maximum periods for retaining images, but it does recommend that they should only be retained for as long as is necessary to achieve the purpose for which they were collected. Finally, employers should carry out a periodic review (at least once a year) to check that the systems in place are effective.

Covert surveillance

Covert monitoring (when employers use hidden cameras that employees do not know about) should only be used in exceptional circumstances and where authorised by senior management for the prevention or detection of a crime.

The Employment Code states that it should only be used as part of a specific investigation and should never be used in areas that workers would genuinely and reasonably expect to be private.

If the employer hires a private investigator to covertly collect information on a worker, they should ensure that the investigator only collects information in a way that satisfies the employer’s obligations under the Act. The employer also has to disregard and (if feasible) delete any other information collected in the course of monitoring unless no reasonable employer could reasonably be expected to ignore it.

Employers are entitled to undertake covert surveillance if they have suspicions about an employee’s sickness absence and can use this in evidence against the employee at a disciplinary hearing. If the employee subsequently lodges an unfair dismissal claim, it is then up to the tribunal to decide whether it was reasonable for the employer to use that evidence in those particular circumstances.

In City and County of Swansea -v- Gayle (weekly LELR 328), for instance, the EAT held that it was not unreasonable for the employer to use covert surveillance of an employee playing squash in a public place when he should have been at work.

That was the case even though the employer’s decision to organise covert surveillance was disproportionate because there was other evidence of the employee’s misconduct. The key issue, according to the EAT, was whether the investigation supported the reasons underpinning the employer’s belief.

In another case, Pacey -v- Caterpillar Logistics Services (UK) Ltd, the tribunal held that it was unreasonable for the employer not to have the covert evidence assessed by a medical professional. Note though that this decision is not binding on other tribunals.

Subject access requests

Employees whose information is recorded have a right to be provided with a copy of it, or at least to view it. Employers can charge a maximum of £10 to provide a copy, which must be made available within 40 days. When requesting information, the employee should provide sufficient details (such as date, time and place, or at least an approximate time of year) to enable the employer to locate the data.

Use of covert surveillance by employees

The general rule is that, if an employee secretly records any part of an internal meeting or hearing with the employer, the employee must be present and a tribunal must consider whether the evidence is relevant for it to be admissible as evidence at a tribunal. Covert recordings of private discussions when the employee is not present will not therefore usually be admissible on the grounds of public policy.

Conclusion

Where an employer either proposes to introduce CCTV or already has CCTV, trade union reps should request a copy of the privacy impact assessment and check to ensure it complies with the ICO guidance.

Services

Personal Injury Claims

Road Traffic Accident Claims

Serious Injury Claims

Asbestos Disease Claims

Medical Negligence

Industrial Disease Claims

Accident at Work Claims

Employment Matters

More Legal Services

Trade Unions

Support and Advice

How to Make a Claim

Our Clients

Charities and Support Groups

About

About Thompsons

Our People

Our Offices

News

News Releases

Commentary

Newsletters

Campaigns

Employment Law Review