Cookies and Privacy  UNISONScotland www
This is our archive website that is no longer being updated.
For the new website please go to
Click here
Home News About us Join Us Contacts Help Resources Learning Links UNISON UK


About the P&I Team Briefings Home | Responses | PFI Index | Policy Guide




Data Protection Code Part 3 Briefing

Monitoring at Work– core principles

The UK Information Commissioner, responsible for ensuring compliance with the 1998 UK Data Protection Act, published the third part of the Employment Practices Data Protection Code entitled 'Monitoring at Work' in June 2003. Part 3 of the Code spells out the basic Do's and Don'ts for employers who monitor the activities of their employees, or who are thinking of doing so. The 'core principles' of the Code are:

  • It will usually be intrusive to monitor workers.
  • Workers have a legitimate expectation that they can keep their personal lives private and that they are entitled to a degree of privacy in the work environment.
  • If employers wish to monitor their workers, they should be clear about the purpose of the monitoring and be satisfied that the particular monitoring arrangement is justified by the real benefits that will be delivered.
  • Workers should be aware of the nature, extent and reasons for any monitoring, unless (exceptionally) covert monitoring is justified.
  • In any event, workers' awareness will influence their expectations.

Monitoring at Work – Good Practice Recommendations

The Code recommends good practice in seven key areas related to monitoring in the workplace. The recommendations are relevant to large and small employers alike and the Code applies to both systematic as well as occasional monitoring. Important points for workers to bare in mind under this section of Part 3 of the Code are;

  1. Managing data protection
  • Employers must attempt to eliminate the collection of personal information that is irrelevant or excessive to the employment relationship.
  • Employers should consult workers, and/or trade unions or other representatives, about the development and implementation of employment practices and procedures that involve the processing of personal information about workers.

2. General approach to monitoring

  • Employers must inform workers what monitoring is taking place and why, and keep them aware of this, unless covert monitoring is justified.
  • If information gathered from monitoring might have an adverse impact on workers, employers must present them with the information and allow them to make representations before taking action.

3. Monitoring electronic communications

  • Employers who wish to monitor electronic communications, must establish a policy on the use of electronic communications and inform workers about its contents.
  • If telephone calls or voice-mails are, or are likely to be, monitored, employers must inform workers about the nature and extent of such monitoring.
  • If e-mails and / or Internet access are, or are likely to be, monitored, employers must inform workers about the nature and extent of all e-mail and Internet access monitoring.

4. Video and audio monitoring

  • Employers must give workers a clear notification that video or audio monitoring is being carried out and where and why it is being carried out.

5. Covert monitoring

  • Senior management should normally authorise any covert monitoring. They should satisfy themselves that there are firm grounds for suspecting criminal activity or equivalent malpractice and that notifying individuals about the monitoring would prejudice its prevention or detection.
  • Employers must not use covert audio or video monitoring in areas, which workers would genuinely and reasonably expect to be private.

6. In-vehicle monitoring

  • Employers should set out a policy that states what private use can be made of vehicles provided by, or on behalf of, the employer, and any conditions attached to use.

7. Monitoring through 3rd parties.

  • Employers must tell workers what information sources are to be used to carry out checks on them and why the checks are to be carried out.
  • Employers must ensure that, if workers are monitored through the use of information held by a credit reference agency, the agency is aware of the use to which the information is put

Information for Branches:

Workers – as well as employers have responsibilities for data protection under the Act. Line managers have responsibility for the type of personal information they collect and how they use it. No one at any level should disclose personal information outside the organisation's procedures, or use personal information held on others for their own purposes. Anyone disclosing personal information without the authority of the organisation may commit a criminal offence, unless there is some other legal justification, for example under 'whistle-blowing' legislation.

Action for Branches:

Branches should read Part 3 of the Code and discuss the implications and responsibilities for members under this part of the Code

Review policies and agreements on monitoring with particular reference to Good Practice Recommendations 1 & 2

Further Info:

Part 3 of the Employment Practices Data Protection Code can be accessed at:


Website of the Information Commissioner can be accessed at:



Contacts List:

Diane Anderson:

@ the P&I Team
14 West Campbell St
G2 6RX
Tel: 0845 355 0845
Fax: 0141 221 8953



Further Information

Part 3 of the Employment Practices Data Protection Code can be accessed at:


Website of the Information Commissioner can be accessed at:


Contacts list:

Dave Watson -

@ The P&I Team
14 West Campbell St
Glasgow G26RX
Tel 0845 355 0845
Fax 0141-307 2572