Privacy watchdog the Information Commissioner’s Office has ruled that Caerphilly County Borough Council breached the Data Protection Act when it spied on a worker it suspected of fraudulently claiming to be sick.
The ICO said the surveillance was only authorised on anecdotal evidence and began only four weeks into the employee’s sickness absence. No other measures were taken to discuss the employee’s absence before the decision to use the covert surveillance and the report, which was produced by a third-party company, was never used.
The ICO determined the council did not have sufficient grounds to undertake the surveillance, especially at such an early stage of the employee’s absence.
Anne Jones, Assistant Commissioner for Wales, said: “It shouldn’t need to be said that spying on employees is incredibly intrusive and must only be done as the last resort.
“Organisations need to be absolutely clear why they need to carry out covert surveillance and consider all other alternatives first. If it cannot be completely justified, it shouldn’t be done.”
The ICO has said it accepts that in exceptional circumstances covert surveillance of employees can be justified, but the employer however must be satisfied there are grounds for suspecting criminal activity or equivalent malpractice.
Covert surveillance should be used, it said, as a last resort when alternatives which respect the employee’s privacy have been considered and determined as not appropriate.
A spokesperson for Caerphilly County Borough Council said: “The authority accepts the findings of the Information Commissioner’s Office and has signed an undertaking to ensure full compliance in the future.
The council has publicly stated previously that the surveillance of council employees is on hold pending a thorough review of its policies and procedures. This remains the position. The findings of the Information Commissioner will inform the review to be undertaken.”