Home / Updated Guidance and legislative changes
27th November 2023
The Information Commissioner’s Office (ICO) published guidance on 3 October 2023 on how employers can monitor workers lawfully, transparently and fairly.
Employers often monitor a myriad of employee activities, ranging from the less intrusive, such as monitoring employee access to their premises, to more invasive monitoring such as using productivity tools to log employee keystrokes and monitor their internet use. The latter type of processing being much more common now that home working is more ubiquitous.
In circumstances where any monitoring takes place, the ICO has set out in this new guidance the steps employers must follow before monitoring its employees. All employers should, as a minimum follow, this checklist to ensure compliance with data protection legislation:
None of this is new, and merely sets out what businesses should already be doing. One slight change in emphasis is on the use of DPIAs, something that will be key where more intrusive monitoring is taking place. A DPIA is an important document that demonstrates that a business has considered the impact of the processing activity and its compliance with relevant legislation and documents its reasoning if ever queried by the ICO.
Given the fines the ICO can levy, and the enforcement powers that it possesses, organisations should ensure that they have DPIAs in place. You need to be able to demonstrate data protection compliance, and that your processes are proactive and by design rather than a defensive response to events.
Flexible contracts, such as zero hours contracts can benefit businesses and individuals where they meet the needs of both parties. That being said, some workers, working under these contracts may want to seek a more permanent working pattern, as by their very nature, they tend to be varied and unpredictable.
As such, the Workers (Predictable Terms and Conditions) Act 2023 was designed to offer a solution for workers who are seeking a more stable working pattern. Once it comes into force, likely at some point next year, it will introduce a statutory right for workers to request a predictable working pattern.
Given this new legislation, it is likely that businesses will receive many of these requests, certainly in sectors where flexible working is more common, such as the leisure sector. Ahead of this upcoming legislation, ACAS has produced a new draft statutory Code of Practice setting out a suggested procedure to be followed when dealing with predicable working requests.
Although this guidance is currently only a draft, it does outline a detailed suggested procedure. The process is similar to when an employee makes a flexible working request.
The Code will not be legally binding but will be taken into account by courts and employment tribunals when considering relevant cases.
Under the Rehabilitation of Offenders Act 1974, job applicants must disclose certain convictions on job applications. However, if enough time has elapsed after the sentence has been served – the rehabilitation period – then the conviction will be considered ‘spent’ and will no longer be disclosable.
From 28 October 2023, under the Police, Crime, Sentencing and Courts Act 2022, the Government has decided to shorten the period before certain criminal offences can be considered ‘spent’, which means a reduction to the length of time job applicants must declare certain criminal convictions in job applications. For example, a custodial sentence of less than 1 year will be spent 1 year after the sentence has been served. Up to 4 years, it is spent after a further 4 years, and finally custodial sentences of over 4 years are spent after another 7 years.
There are exceptions to these new rehabilitation periods, where the crime involved serious sexual, violent or terrorist offences. These offences are never spent and will always be disclosable.
There are also excepted occupations, offices and professions (of which there are many) which are not subject to the general principle on rehabilitation which require the disclosure of spent and unspent convictions. The work types fall into five broad categories which are:
Employers must inform prospective employees at the time when the questions are asked that they are obliged to disclose spent convictions.
Employers should consider the above during their recruitment processes, and also remember that criminal record checks should only be undertaken on job applicants in limited circumstances. Employee and applicant criminal record data is akin to special category personal data under data protection legislation in the UK, and there needs to be appropriate safeguards in place to allow for the processing of this category of data, as well as a coherent and demonstratable lawful bases to undertake this type of check.
If you would like to discuss employee monitoring, data protection compliance or the proposed predictable working changes, please contact – email@example.com.