The Information Commissioner's Office (ICO) has confirmed that it is in the process of updating its Employment Practices Code by developing new "employer-focused guidance". This confirmation follows calls by Prospect and the Labour party for the update, in light of concerns about digital surveillance of employees. But in the meantime, employers are being encouraged to undertake Data Protection Impact Assessments if they intend to monitor staff in this way.
The current Employment Practices Code, with supplementary guidance, was issued by ICO as far back as 2011. It has long been a key reference for HR professionals, data protection officers and lawyers, but is clearly in need of revision to reflect the massive advances in technology in the last ten years. COVID-19 has, of course, led to a massive (and unforeseeable) increase in home working, with many employers being faced with the twin issues of ensuring employee well-being and being able to monitor performance and conduct in a remote working context.
The ICO told this Firm;
People expect that they can keep their personal lives private and that they are also entitled to a degree of privacy in the workplace.
The ICO has published guidance to help employers who are using or planning to use both systematic and occasional monitoring of their employees to comply with their data protection obligations. The ICO’s guidance makes clear that, in all but the most straightforward of cases, employers should carry out a Data Protection Impact Assessment (DPIA) to decide if and how to carry out monitoring and whether the monitoring is justified.
The ICO is at the early stages of developing new employer-focused guidance. As this work develops, we will be engaging with organisations and seeking their views.