In its judgment in the case of Mr M Rakib v Mitie Limited, the Employment Tribunal found that Mitie had unfairly dismissed its employee following his unauthorised viewing of CCTV footage. The tribunal published its written reasons for this decision earlier this year - in this article we provide a background to the case and highlight key takeaways for employers.
Mr Rakib worked for Mitie as a duty security manager, responsible for a team of security officers at the BBC’s Cardiff site.
Off the back of a grievance being raised against Mr Rakib, it became apparent that Mr Rakib may have unnecessarily accessed and reviewed CCTV footage at the BBC site without a Data Protection Act (DPA) request, without holding a suitable Security Industry Authority licence.
Mitie was concerned that Mr Rakib’s conduct could have put it in breach of Information Commissioner's Office regulations and data protection legislation, so it took disciplinary action in relation to this and in relation to an allegation of bullying which was ultimately not upheld.
Mr Rakib confirmed that he had undertaken a review of CCTV footage, at one point saying he was trying to help someone find a lost bag, and at another point saying that he couldn’t remember for definite the reason why he had done it. Another security officer reported that Rakib had told him he had been reviewing 12 hours of footage in order to find out who had made a mess in the kitchen, but Mr Rakib denied this was true. He stated that he was not the only security manager to review CCTV footage from time to time, and that none of the managers held an appropriate licence but they had been told by a security manager from the BBC that they didn’t need one to review internal footage.
Mitie found that Mr Rakib had breached data protection legislation, gone beyond the scope of his training and authority and had damaged the trust the BBC had in Mitie. He was summarily dismissed for gross misconduct.
Mr Rakib internally appealed against the decision, but the decision to dismiss him was upheld. He went on to bring a claim in the Employment Tribunal.
The Employment Tribunal found that Mitie had genuinely believed that Mr Rakib had committed misconduct, but that it did not have reasonable grounds for that belief based on the facts it had gathered and the level of investigation Mitie had carried out.
The tribunal pointed out that an employee should be on notice, through a policy or similar, of actions its employer would consider to be gross misconduct, especially where the conduct in question does not obviously fall into this category. In this case, Mitie had no internal policy setting out what a security manager such as Mr Rakib could or could not do when it came to CCTV. There were assignment instructions relevant to the work and CCTV footage, but these did not state that reviewing CCTV was not permitted or would be considered gross misconduct.
In conducting its investigation, Mitie had failed to look at whether other security managers at the site were also reviewing CCTV and in what circumstances. Further, it had failed to speak to an individual at the BBC who Mr Rakib said had informed himself and other security managers that a licence was not needed for internal reviewing and had signed off DPA requests for such reviewing. Mitie hadn’t even attempted to track this individual down or make contact.
Mitie hadn’t spoken to other individuals Mr Rakib named as having instructed him to review footage, nor looked at the DPA records to see whether CCTV reviews were being carried out by any other security managers, all of which would have gone towards Mr Rakib’s understanding of what he could and couldn’t do, as well as consistency of treatment between him and the other managers.
Mitie had not given Mr Rakib any training nor did it have any standard operating procedures on CCTV usage. Ultimately, it failed to properly look into the wider picture of what was going on in practice in Cardiff, which Mr Rakib had raised as mitigation for his actions. Instead, it had just jumped to the conclusion that Mr Rakib’s experience meant that he should have known he should not be reviewing CCTV footage.
As such, the tribunal found that Mitie had not acted reasonably in treating their misconduct reason as a sufficient reason to dismiss Mr Rakib, particularly taking into account their substantial size and administrative resources as an organisation. It was an unfair and wrongful dismissal and Mr Rakib was awarded over £31,000 of compensation.
Appropriate handling of CCTV footage, as well as any other personal data which is processed as part of an employee’s duties, is important for an organisation to manage, so as to ensure it does not find itself in breach data protection legislation and liable for fines or other remedial action by the ICO.
Employers should of course therefore take any potential mishandling of personal data, including CCTV footage, by its employees seriously.
The failing in this case was that the process which led to the dismissal decision had not been thorough enough, so it's worth noting the steps Mitie didn’t take during its disciplinary investigation, as explained above, which led to this finding. Mitie’s position was also made more difficult in the fact that it did not have a policy which it could point to so as to clearly identify the breach Mr Rakib had committed, and which could have shown that he should have known better.
Most organisations will have a data protection policy, highlighting the key principles about how employees should be handling any personal data they come into contact with during their employment. However, in light of this case it's worth reflecting on such policies and considering if they're detailed enough for the specific systems and types of data your organisation handles.
If video surveillance is something your employees come into contact with, we would certainly recommend having a specific CCTV policy. Equally, if your employees regularly use data-heavy programmes or systems in the course of their duties, we would recommend specifically addressing in a policy any actions which, although they may be possible to carry out on that system, are not permitted for data protection or other reasons.
Our employment and data protection teams will be happy to assist you with drafting or reviewing any such policies, so please get in touch for further advice.
We produce a range of insights and publications to help keep our clients up-to-date with legal and sector developments.
Sign up
