Author: Adrian Ramdat BA Ed, PGCE – Specialist Trainer
Jul 2022
Surveillance of employees is a contentious area of business in any organisation. Often employees feel that they can be the subject of surveillance by an employer that is acting as ‘Big Brother’, potentially watching their every move and not needing any justification to do so.
However, in my experience this has not been the case, employers (generally) only resort to surveillance if they have some form of reasonable suspicion that particular employees are acting in a manner that meets the threshold for misconduct or a criminal offence.
What I have found though, is that far too often some employers don’t understand the rules surrounding employee surveillance and sadly, they all too often don’t record their justification for doing surveillance.
No one can dispute that in the last decade surveillance has moved from being an activity that predominantly meant that the ‘errant’ employee would be followed covertly by others conducting the surveillance (in fact I have, in the past, worked as part of a team deployed on such cases) to now include the use of telematics fitted to company vehicles, using access control systems in buildings to surveillance the movements of employees and latterly, online monitoring of staff activities.
It doesn’t matter what form the surveillance takes, what does matter is that it is conducted lawfully.
Public sector organisations often wrestle with the question about whether they need an authorisation under RIPA (or in Scotland RIPSA) for directed surveillance or at what stage do they need one.
An organisation that I have recently worked with have decided that they will no longer obtain RIPA authorisations as they will only be looking to ‘reduce the risk to the organisation’ by dismissing the employee concerned. That, of course, is their prerogative but again they need to be on solid ground lawfully and ensure their decisions and justifications are recorded.
In the case of C v The Police and the Secretary of State for the Home Office, which was decided by the Investigatory Powers Tribunal in 2006, we were introduced to the terms of ‘core functions’ and ‘ordinary functions’.
This meant that these ‘core functions’ referred to by the Investigatory Powers Tribunal (IPT) are the ‘specific public functions’, undertaken by particular public authorities, as opposed to the ‘ordinary functions’ which are those undertaken by all authorities (e.g. employment issues, contractual arrangements etc.). So, for example, the investigation of crime is a ‘core function’ of the police and the investigation of fraud is a ‘core function’ of the Serious Fraud Office; where as they all share the same requirement to perform ‘ordinary functions’ such as, employing staff, paying them and staff discipline etc.
These “ordinary functions” are covered by the Data Protection Act 2018 and the Information Commissioner’s Employment Practices Code, so it is important that employers don’t just think that RIPA (or RIPSA) don’t apply but are able to act in accordance with UKGDPR etc.
The Code of Practice for Covert Surveillance and Property Interference issued in August 2018 tell us that it is possible to start in a ‘core function’ and move to an ‘ordinary function’, ‘For example, the disciplining of an employee is not a ‘core function’, although related criminal investigations may be. As a result, the protection afforded by an authorisation under the 2000 Act may be available in relation to associated criminal investigations, so long as the activity is deemed to be necessary and proportionate.’
In 2022, this was again scrutinised by the IPT when two members of staff (Sally Bartram and Steven James Howe) from the British Transport Police (BTP) had subject to surveillance by their employer for suspected misconduct matters in 2018. As a result of this surveillance activity the employees took their case to the IPT to seek redress and as part of the submission it was suggested that the investigation was actually a criminal one but the BTP acted in bad faith to try to avoid the RIPA regime.
This case looked again, very closely, at the judgement in ‘C’ and the areas of ‘core functions’ and ‘ordinary functions’ were considered. The outcome of this case reinforced the case of ‘C’ and gave us some more guidance in that:
- Surveillance conducted by the police as part of an investigation into suspected non-criminal misconduct by a police officer does not constitute “directed surveillance” within the meaning of Part II of RIPA.
- Investigating non-criminal misconduct, however important, is not a ‘core function’ of the police.
- The IPT is not the body to consider complaints regarding surveillance not conducted under RIPA for misconduct matters but this does not mean that claimants are left without a remedy as they can be pursued through ordinary courts such as the High Court or County Court (and potentially an Employment Tribunal).
Our RIPA courses all ensure that the delegates understand the difference between their ‘core functions’ and their ‘ordinary functions’ and we can deliver sessions regarding the surveillance of employees to ensure that employers are as equipped as they can be when considering this type of activity and we now offer a bite-sized event that looks at RIPA & Employee Surveillance. Further details can be found on our ‘Bitesized RIPA Training’ course page, or drop us an email at info@thesignaturebrand.co.uk