Welsh council rapped for covert spying on sick leave worker

A council that ordered covert surveillance of a sick employee has been ordered to review its practices following an investigation by data privacy watchdogs.

An Information Commissioner’s Office (ICO) investigation found that Caerphilly Council breached the Data Protection Act when it ordered the surveillance of an employee suspected of fraudulently claiming to be sick.

The surveillance was only authorised on anecdotal evidence and began only four weeks into the employee’s sickness absence. Caerphilly Council went straight to snooping on its worker using a private investigation firm without properly considering other options. The covert surveillance was used to compile a report, which was ultimately shelved having gone unused.

The ICO determined the council did not have sufficient grounds to undertake the surveillance, especially at such an early stage of the employee’s absence, as an agreed data protection undertaking (PDF) explains.

The employee had only been off work with a sick note for anxiety and stress for four weeks at the time the surveillance was authorised. The surveillance was authorised on the basis that the employee had told a few people that she felt housebound and the data controller believed the employee would use the absence to avoid attending meetings she was required to attend.

However there was no medical indication that the employee was housebound and no other measures were taken to discuss the employee’s sickness absence and potential attendance at meetings before resorting to covert surveillance at such an early stage.

The data controller has accepted that there had been no evidence to suggest that the employee would use the sickness policy as a basis for not attending the meetings she was required to attend. In fact the employee attended a meeting which took place shortly after the surveillance had been carried out without being aware that the surveillance had been conducted.

Anne Jones, assistant information commissioner for Wales, commented: “It shouldn’t need to be said that spying on employees is incredibly intrusive and must only be done as the last resort.”

“Organisations need to be absolutely clear why they need to carry out covert surveillance and consider all other alternatives first. If it cannot be completely justified, it shouldn’t be done,” she added in a statement on the case.

The ICO accepts covert surveillance of employees can be justified in some exceptional circumstances, such as suspicions the employee is engaged in criminal activity or equivalent malpractice. Covert surveillance should be used as a last resort when alternatives which respect the employee’s privacy have been considered and ruled out as inappropriate. The ICO’s Employment Practices Code, which covers monitoring of employees at work, can be found here (PDF). ®