Workplace monitoring: Striking the balance between oversight and trust

Monitoring in the workplace is here to stay. For HR professionals, the challenge is not simply one of legal compliance – it is about managing the delicate balance between oversight and trust. Handled poorly, monitoring can create legal risks, erode employee confidence and damage culture. Handled well, it can protect business interests, promote fairness and reassure both staff and management.

Technology has changed the way we work and the way organisations oversee their people.

Hybrid and remote working have increased reliance on digital platforms, and heightened concerns about data security and productivity which have prompted many employers to adopt systems for monitoring staff activity.

From timesheet software and call recording to keystroke trackers and webcam surveillance, the tools available are both powerful and, in some cases, controversial.

Recent ADP research found that almost one-third (32%) of employees around the globe felt they were under constant surveillance by their employer. “Such surveillance practices have left their mark on the employee-employer dynamic, whether staff work on site, remotely or a mixture of the two,” the researchers concluded.

For HR professionals, workplace monitoring raises complex questions: What is legally permissible, what is proportionate, and how can oversight be balanced with employee trust and engagement?

The legal framework

Monitoring in the UK is not unlawful in itself, but it sits within a complex web of obligations that have developed alongside the different methods of monitoring. In short, monitoring is lawful if it’s justified, proportionate, limited in scope and communicated openly to employees

1. UK GDPR and the Data Protection Act 2018

Monitoring involves processing personal data. This must be done lawfully, transparently and proportionately. Employers must be able to justify why monitoring is necessary and demonstrate that no less-intrusive alternative would meet the same aim.

For instance, Serco Leisure were recently issued with an enforcement notice from the Information Commissioner’s Office (ICO) that required them to halt the use of fingerprint scanning and facial recognition technology that was being used to monitor staff attendance. Serco were unable to demonstrate why these methods of monitoring were proportionate in light of the myriad less intrusive measures available.

Employers in the UK who mishandle staff data can face significant penalties of up to 2% of their global turnover.

2. European Convention on Human Rights

Employees have the right to respect for their private and family life, which extends to the workplace. This doesn’t make monitoring impossible, but it does mean that intrusion must be limited and justified. This is a delicate balancing act and the question of whether an employee has a reasonable expectation of privacy in any given case is a key consideration.

3. Employment law principles

The implied term of mutual trust and confidence means that employers must act reasonably. Introducing heavy-handed or covert monitoring can undermine that relationship and expose employers to grievance and costly employment tribunal claims.

4. Sector-specific regulatory frameworks

In some sectors, such as financial services, monitoring may be required for compliance reasons (eg recording calls). Even here, proportionality and transparency still matter.

Pitfalls to avoid

Employers need to be aware that some monitoring practices can damage employee trust and lead to legal issues. For instance:

• Secret or undisclosed monitoring is a major red flag. Not only is it likely to breach data protection law, it can also cause lasting damage to employee trust.
• Disproportionate monitoring can cause difficulties for businesses. Employers must demonstrate that the need for and benefits of monitoring outweigh the intrusion into privacy.
• Failure to notify staff about monitoring is likely to cause legal problems and rolling out new monitoring systems without consultation can fuel suspicion.
• Monitoring that spills into an employee’s personal life risks being seen as unfair.
• When data is presented without proper context, it risks leading to flawed or misleading decision-making.
• If monitoring data is not stored securely and retained only for as long as necessary, an employer may further breach their data protection obligations.

Best practice for HR

HR departments should review their organisation’s current monitoring practices. The following points should be borne in mind:

• If monitoring is going to be used, start by carrying out a Data Protection Impact Assessment, looking at what monitoring is envisaged, what data will be collected, why it’s necessary and how any risks will be mitigated. The ICO have helpful guidance about what to consider when reflecting on different ways to monitor staff.
• Avoid repurposing data collected for one purpose for another without justification.
• Limit the scope of monitoring and only collect data that is genuinely needed.
• Always be transparent with staff. Employees should never be surprised to discover monitoring is in place. Consulting and communicating with staff at an early stage is vital.
• Ensure that data obtained through monitoring informs, rather than dictates, outcomes.
• Review processes regularly to ensure monitoring remains necessary and proportionate.
• Ensure your policies are up to date and are being adhered to, particularly those around data retention.

The cultural dimension

Excessive surveillance can erode trust, fuel disengagement and increase attrition.

Conversely, transparent and proportionate monitoring can protect business interests and reassure employees. HR’s role is to position monitoring as part of a culture of accountability, not suspicion.

Conclusion

Remember – in workplace monitoring, how you do it is just as important as what you do. Be proportionate, be transparent and always consider the human impact.