The Information Commissioner's Office ("ICO") has completed an investigation into Caerphilly Council (the "Council") after it ordered covert surveillance on a sick employee. The Council must review its approach for employee surveillance policies and procedures in the future.
Covert surveillance can be used to monitor employee behaviour if it can be justified. s3.4.1 of the Commissioner's Employment Code of Practice sets out that such action by the employer can be taken if it is satisfied that there are grounds for suspecting criminal activity or an equivalent malpractice, and that by notifying the individual about the monitoring would prejudice its prevention or detection. Covert surveillance should only be used in exceptional circumstances, and as a last resort, when alternatives that respect the employee's privacy have been considered and are found to be not viable or appropriate.
In this case, the Council authorised the use of covert surveillance, only four weeks into the employee's sickness absence. The employee was signed off sick for anxiety and stress and had mentioned to a few people that she felt housebound, although there was no medical indication that the employee was housebound. The Council was suspicious that the employee was off sick to avoid attending work meetings; however it did not carry out any other measures to discuss the employee's absence prior to it instigating covert surveillance.
The ICO considered the circumstances in this matter and concluded that there was insufficient grounds, at such an early stage of the employee's sickness, to justify the use of covert surveillance. Therefore, the ICO reflected that the use of covert surveillance was a breach of the First Data Protection Principle which is set out in Schedule 1 Part I to the Data Protection Act.
It is worth remembering that although certain actions or procedures are authorised under the Data Protection Act, some, like covert surveillance, should only be used in exceptional circumstances and should have sufficient evidence to justify their use.
If you are considering the use of some of the non-standard procedures or actions under the Data Protection Act and are unsure if you can justify its use, please contact Chris Coughlan who would be happy to help in your review of the information.