The 23rd Annual Report of the Data Protection Commissioner contains more insight into the Commissioners looking at unlawful CCTV use in an employee/employer context.
In October 2010, the Commissioner received a complaint from an employee who stated that he considered that his personal privacy was being affected in his workplace through the
inappropriate use of a CCTV system which his employer had installed.
The employee was employed by Westwood Swimming Ltd in Leopardstown as an administrator.
He cited two separate occasions, three months apart, when he received phone calls from his employer who was not on the premises at the time. In both of these phone calls the employer allegedly described to him what he had been doing at a particular time, i.e. that he was conversing with and working on a computer used by an individual from the office next door (who had a different employer).
He stated that subsequent to these incidents he had received two separate written warnings.
He also stated that the CCTV system was installed without prior staff notification as to the reason for its installation or its purpose.
Westwood Swimming Ltd were informed by the Commissioner it of its obligations under the Acts in respect of CCTV usage, and that any monitoring must be a proportionate response by an employer to the risk he or she faces taking into account the legitimate privacy and other interests of workers.
They were further advised that in terms of meeting transparency requirements, staff must be informed of the existence of the CCTV surveillance and also of the purposes for which personal data are to be processed by CCTV systems.
Westwood Swimming Ltd stated that the CCTV system was installed with the priority focus being security of the office due to the amount of cash and credit card slips with customer information on hand. It informed the Commissioner that a secondary purpose for the CCTV was the fact that it had received numerous complaints from its customers stating that the office was not open or that the office was open and unattended which gave it further concern for the security of cash/credit cards. It confirmed that its staff had not been informed in writing of the installation and purpose of the CCTV.
However, it indicated that staff were well aware of the reasons behind the new system as the cameras were overt and the recorder and screen showing views and recordings were in the office in full view of both staff and clients. It also referred to having signage in place informing people of CCTV being in operation. In this regard, it provided us with a copy of a notice posted at its main entrance listing the various services available at the centre.
The Commissioner informed Westwood Swimming Ltd that such monitoring of an employee was in breach of the Data Protection Acts and were asked to immediately confirm that it would cease the practice of monitoring employees by remotely accessing the system from a live feed or by any other means.
This case highlights the Commissioners view that the processing of CCTV images about employees i.e. to monitor employee performance, images which were stated to have been obtained for security purposes, is incompatible with the stated purpose and in contravention of the Data Protection Acts.
Source: 23rd Annual Report of the Data Protection Commissioner 2011 – Case Study 9