What are the legal implications of using CCTV in the workplace?
According to recent research, the average person is estimated to be caught on CCTV surveillance systems up to 70 times per day. This can be far higher for those living in the capital.
A fair chunk of this footage is usually caught at a persons place of work, with many companies having cameras installed as part of security and compliance efforts for the business. However, this topic is becoming more and more controversial, as some workers feel CCTV in the workplace is moving away from it’s primary motivation for security to that of monitoring staff and what they are up to.
Employers are entitled to install CCTV within the workplace for various reasons, these include:
- Security – to prevent theft or breaking and entering;
- Health and Safety – to ensure that health and safety procedures are being abided by;
- Business interests – to ensure misconduct or gross misconduct is prevented;
- Assessment and improvement of processes and productivity;
- Compliance – for instance in the financial sector.
It is also becoming more prevalent for organisations such as the police and the NHS, for staff to have body-worn cameras. This is primarily for staff safety but footage from these cameras is also used as evidence in court cases
The main issue surrounding surveillance cameras in any form, is that of consent.
Employers need to understand the legal obligations and codes of practice that should be adhered to when using CCTV in the workplace. They must meet the legal requirements on the use of any data recorded as stated by the Data Protection Act 1998 (DPA) and the right to privacy as stated by the Human Rights Act 1998.
In May 2015, the Information Commissioner’s Office (ICO), updated and published the new code of practices of use of CCTV and personal data.
The key points relating to employers use of surveillance are as follows:
- If an employer wishes to install surveillance in the workplace, they are obliged, to inform the ICO as to why they are installing it. Under the Data Protection Act, this is part of the registration process for a data controller and must be adhered to. Once registered, the employer is not allowed to use the information collected for any other reason than that stated to the ICO. For example, if a company installed a CCTV system for security to prevent crime, for instance in a shop, they cannot then use it to monitor their staff instead.
2. Employers should carry out an impact assessment to ensure that other alternatives are not possible and they should only go ahead with installation if the cameras have a legitimate aim, for instance to prevent theft.
3. All staff should be informed that surveillance is in operation, it’s purpose and where all cameras are located within the premises. This should be supported by clear and visible signage.
4. Positioning and levels of CCTV usage should be proportionate to the reasonable expectations of privacy in certain areas of the workplace. For instance, in and around toilets, changing rooms and break areas, it is unlikely that such surveillance should be used and therefore would be deemed unacceptable.
Subject access reports
Staff are able to make subject access requests allowing them to see recordings of them kept by the employer. The employer must provide this data within 40 days of the request.
Use of CCTV as evidence
If CCTV is used to monitor staff secretly this does not mean that it can automatically be used as evidence in an employment tribunal. It is down to the judge to take into account all the circumstances relating to the case including whether or the employees privacy has been breached.
Employers should ensure that they have policies in place which cover all aspects of CCTV in the workplace.