The Data Protection Act 1998 does not prohibit monitoring, but any monitoring of staff or students needs to be carried out in accordance with the Act. Since monitoring has the capacity to intrude or interfere in the private lives of individuals, it must be justified. Monitoring is recognised as sometimes being a necessary part of the employment relationship. Monitoring is also a necessary part of crime or fraud detection and ensuring that the University estate, facilities, telecommunications and IT systems are used appropriately. Any benefits to the University of monitoring staff or students must be weighed up against any possible adverse impact on them.
This policy sets out the University’s approach to monitoring staff and students, the responsibilities of managers with respect to that monitoring and the individual rights of staff and students.
Where all staff or students, or groups of staff or students are monitored as a matter of routine. An example might be to establish patterns of use or demand for a service. This may or may not identify individuals.
Short term measure in response to a particular problem or need. This does not include occasional access to records which contain information on individuals but which were not collected primarily to keep a watch on their performance or conduct.
Monitoring which is 'carried out in a manner calculated to ensure those subject to it are unaware it is taking place'.
This is not an exhaustive list.
Unauthorised monitoring is not permitted. Attempts by any member of staff to implement unauthorised monitoring will be in breach of this policy and may result in disciplinary action. The following is a list of those members of staff, in addition to the Vice Chancellor, who may authorise monitoring, together with their areas of responsibility
They may also designate a nominee to authorise monitoring.
Some examples of monitoring activity are
This is not an exhaustive list. See supporting documentation for examples of some of the types of monitoring conducted in the University, its purpose, how it is carried out, on whose authority and who it affects. Sometimes, monitoring may be carried out, but the data collected is only viewed retrospectively to investigate an incident.
Any monitoring information that is collected in relation to a student or member of staff may be used in a disciplinary investigation, for example where there is inappropriate use of the internet or e-mail.Monitoring information may be used for training purposes, for example telephone training.Information collected may also be passed to relevant authorities if there are any criminal proceedings to which it relates.It will also be used to plan and deliver IT and telecommunications services.
The Monitoring at Work Code (see section 15) suggests that in all but the most minor cases, an ‘impact assessment’ is carried out to decide if and how to use monitoring. This involves measuring the benefits monitoring may bring, any adverse impact on individuals, whether comparable benefits can be obtained with a lesser impact, and the techniques available for carrying out monitoring. A decision will be made as to whether the monitoring is a proportionate response to the problem it seeks to address.
Personal data collected in the course of monitoring activities will be processed fairly and lawfully in accordance with the Data Protection Act 1998, eg it will be:
Staff and students are notified of the nature of any monitoring that is taking place. Relevant policies in relation to monitoring are available via the intranet, from your manager or Faculty office, or from the University Secretary’s office or the Human Resources Department.
If any changes are made in regard to monitoring, staff and students will be notified. The exception to this is covert monitoring activity, eg for crime detection, which is allowed for by the Regulation of Investigatory Powers Act 2000.
Managers with responsibility for authorising monitoring are required to record the authorisation with reasons. An annual report on the policy, while not revealing personal details, will be published outlining the nature and extent of the monitoring that has taken place during the year.
The Data Protection Act 1998 confers on individuals various rights including the right to find out what information a Data Controller holds about them – the right of subject access. Personal data collected or kept by the University for the purposes of monitoring will be made available if a subject access request is made, unless an exemption applies.
Information can also be obtained from the Information Commissioner’s Office which enforces the Data Protection Act http://www.informationcommissioner.gov.uk.
Examples of some of the types of monitoring conducted in the University, its purpose, how it is carried out, on whose authority and who it affects.
|Category of monitoring||Type of monitoring||Purpose||By whom||Affecting whom||On whose authority|
|Occasional/ covert(signage alerts people to CCTV use)||CCTV||Prevention of crime||Security||Cameras are directed at areas rather than at individuals, but may be focused on individuals where there is suspicious behaviour. May include staff, students, visitors, contractors, members of the public.||Head of Security|
|Occasional/covert||Observations by security staff in the University||Prevention of crime (especially theft)||Security||Observations are general, but may include staff, students, visitors, contractors, members of the public.||Head of Security|
|Occasional/covert||Monitoring of compliance with financial regulations and procedures||Anti-fraud||Finance||Any member of staff, team of staff, student or group of students suspected of possible fraud||Director of Finance|
|Occasional||Telephones||Staff training purposes||Telecoms||Any member of staff. Used for training purposes.||Director of Estates and Facilities|
|Occasional||Telephones||Prevention of crime and telephone misuse||Telecoms||Any member of staff. There is also the facility to record abusive or threatening phone calls that come through the switchboard.||Director of Estates and Facilities|
|Occasional||Telephones including mobiles||Budgetary purposes and prevention of misuse||Telecoms||Any member of staff with a telephone extension or using a University mobile phone.||Director of Estates and Facilities|
|Occasional||IT use||Prevention of crime and IT misuse||CIS||Monitoring of staff or students may be carried out if misuse of IT or criminal activity is suspected. Internet sites may be blocked by JANET.||Chief Information Officer|
Issuing Authority: University Secretariat Version 1 - December 2004