Tuesday 12 December 2017

'Shop worker sacked for putting paper bag over CCTV while colleague gave her new hairdo' - Employers spying on staff part of 900 data watchdog complaints

Data Protection Commissioner Helen Dixon. Photo: Frank McGrath
Data Protection Commissioner Helen Dixon. Photo: Frank McGrath
Adrian Weckler

Adrian Weckler

Irish employers may not use CCTV cameras to keep an eye on staff in work canteens or other places of ‘work privacy’, according to the Irish Data Protection Commissioner.

Launching her office’s annual report, Helen Dixon said that “certain situations, such as staff canteens and changing rooms”, should be beyond the scope of bosses checking on their staff.

The remarks come as the Data Protection Commissioner’s annual report revealed a number of cases where Irish companies have overstepped the mark monitoring their staff.

In one case, a supermarket worker was fired when she placed a paper bag over a CCTV camera in her workplace staff canteen during her break. The employee blocked the camera because she wanted privacy while a colleague styled her hair, she told the Commissioner.

The supermarket said she wasn’t allowed block the CCTV because it was there to prevent staff pilfering and bullying. But the Commissioner ruled that the surveillance was unjustified.

“In our view, there was no justification from a security perspective for having a camera installed in the canteen area,” said the Commissioner’s report.

CCTV cameras
CCTV cameras

Bosses have some rights to monitor staff for security purposes, Ms Dixon’s office said. But employees also have “fundamental rights to privacy at work in certain situations, such as staff canteens and changing rooms.”

The case was one of a series of decisions decided in the last year by the Office of the Data Protection Commissioner.

In another CCTV-related case, an Aircoach bus driver successfully argued that use by the company in a disciplinary action of CCTV footage showing her using her mobile phone while driving was a violation of her privacy. The Commissioner upheld the driver’s argument that there had not been sufficient notice of CCTV warnings for the driver at the time.

Meanwhile, a complaint about covert surveillance on staff at Letterkenny General Hospital using CCTV was also upheld by the Commissioner. The staff said that a secret camera had been installed by two maintenance foremen. While maintaining that the action had not been authorised by senior personnel, the HSE apologised to the staff involved and destroyed the CCTV footage.

“Recognisable images captured by CCTV systems are personal data and are therefore subject to the provisions of the Data Protection Acts,” said the Commissioner’s annual report. “The presence of a CCTV system should also be properly indicated. Notification of CCTV usage can usually be achieved by placing easily read and well-lit signs in prominent positions. CCTV should only be used for the purpose or purposes for which it is in operation, for example, security or health and safety. In general, it should not be used for other purposes: for example, staff monitoring.”

Elsewhere, the Commissioner upheld a complaint by a member of the Defence Forces that his personal data was not kept secure by the Defence Forces. It turned out that the data involved had been brought home by an officer and subsequently “damaged or lost” when the officer’s house was flooded and burgled during an overseas mission.

The Commissioner warned about the rising incidence of company managers emailing sensitive files to their own personal email accounts to continue working on the files after hours.

“It is critical that employees are prohibited from emailing official files from their workplace email account to their personal email account for afterhours work or for any other reason,” she said. “In such situations, data controllers lose control of personal data that they are obliged by law to protect.”

The Commissioner also upheld a number of complaints about unsolicited marketing activities from a range of big companies.

In one case, Eir (previously known as Eircom) was forced to pay a €35,000 fine for a series of illegal marketing calls and text messages to customers who thought they had opted out of Eircom’s systems.

Other cases involved prosecutions of Imagine Communications and the waste management company Greyhound.

Online Editors

Promoted Links

Business Newsletter

Read the leading stories from the world of Business.

Promoted Links

Also in Business