Tag Archive | "security"

EMPLOYEE MONITORING

Tags: , , , ,

EMPLOYEE MONITORING


Employee monitoring methods should be considered carefully

A recent decision by the Grand Chamber of the European Court of Human Rights has brought the question of employee monitoring to the forefront of employers’ minds once again. The Grand Chamber in Bărbulescu v Romania examined the ability of employers to monitor their employees’ work, email accounts and in particular, the extent to which employers can check whether employees are using email accounts for solely work-related purposes.

Mr Bărbulescu was dismissed by his employer for unauthorised personal use of the internet. The dismissal arose as a result of allegation that Bărbulescu had been using a Yahoo messenger account whilst at work. Following various decisions in Romania and in the European courts, the Grand Chamber of the ECHR determined that Bărbulescu’s private life and correspondence had been infringed.

It is worth noting that employers can be found to be vicariously liable for the actions of their employees in the course of their duties. This means that employers may find themselves liable for their employees’ actions if the employee causes damage or loss to a third party. Employers therefore often find that they have a heightened interest in understanding – and keeping tabs on – the activities of their employees.

EMAIL AND INTERNET USE
The Grand Chamber decision in Bărbulescu v Romania highlights the fine balance between an employee’s reasonable expectation of privacy and an employer’s right to check the activities of those working for them. It was not sufficient for the employer to simply inform the employee that there was an internet usage policy in place but instead, the Grand Chamber found the employee should also have been made aware of the extent and nature of the monitoring activities that the employer was putting in place.

In the UK, the monitoring of employees is heavily regulated by existing legislation, which places limitations on the
powers of employers to monitor their employees’ private communications, including the Data Protection Act 1998 (and soon to be the General Data Protection Regulation, which comes into force in May 2018). Employers must provide
legitimate reason to justify the monitoring of an employee’s communications. This requires some form of assessment to be in place in order to decide whether legitimate reasons are in place.

The importance of an assessment can also be found in the Information Commissioner’s Employment Practices Code in the UK. The Code recommends that employers carry out an impact assessment, taking into account factors such as the purpose behind the monitoring arrangement and any benefits or adverse effects that arise from this monitoring.

Ultimately, employers must be satisfied that they have achieved the correct balance between protecting workers’ privacy and the interests of the business. Carrying out an impact assessment in relation to communications monitoring is one way in which employers can demonstrate that they have achieved this. Employers should also ensure they have a communications monitoring policy in place and where possible, this should be backed up with specific training on the use of IT and email systems.

DRUG AND ALCOHOL MISUSE
Employers have a responsibility to look after the wellbeing, health and safety of employees whilst they are in the workplace, and this duty may extend to ensuring that employees are not misusing drugs or alcohol.

The extent to which employers will need to monitor their employees’ use of alcohol or indeed drugs, will depend on the particular environment in which the business is based. For instance, in some circumstances, it may be appropriate for employees to consume alcohol whilst entertaining clients. For other industries, however, employers will need to be much more cautious about their employees’ use of alcohol or drugs. Those whose staff use vehicles as part of their jobs, for instance, will need to maintain a higher level of vigilance in this respect.

Employers may want to consider whether it is necessary to carry out drug screening or alcohol testing. This will – of course – only be relevant in particular industries, however, for those where this is likely to be an issue, then employers should ensure that reference to screening or testing is included in a policy given to all staff.

Even with a drug screening or alcohol testing policy in place, employers will not be able to require staff to submit to testing without their specific consent to do so. One option is to draft the monitoring policy to say that withholding consent is a misconduct offence in itself.

TRACKING
Employers whose staff work ‘off-site’ – say when driving – may find it particularly difficult to know the exact movements of their employees during their working hours. Improvements in technology have, however, made employee accountability in the workplace much easier in recent years. Again, industries which rely on employees driving vehicles may find this kind of technology particularly useful. GPS, for instance, highlights if drivers are deviating from their planned routes or if there is traffic preventing them from reaching their destination.

If employers do intend to monitor vehicles they should ensure that they provide a policy which sets out the nature and extent of the monitoring. Employers should satisfy themselves that their employees are aware of the policy that is in place, what information is recorded and the purpose for that recording. Where the vehicle is used for both private and business use employers, should be particularly wary, as monitoring movements when the vehicle is being used privately will rarely (if ever) be justified.

CONCLUSION
Monitoring employees can take place in a variety of ways and employers should carefully consider which form of monitoring is necessary for their business, without being unnecessarily intrusive to the privacy of staff. Carrying out impact assessments are often a useful way of determining whether the monitoring is truly justifiable.

Case law such as Bărbulescu v Romania clearly demonstrates that the courts take the privacy of staff in the workplace very seriously. In order to reduce the risk of employee complaints, employers should try to be transparent and honest with employees about monitoring which they may be subject to.

Getting employee monitoring wrong can have a significant impact. Employers could face discrimination complaints or employees resigning and claiming constructive dismissal. Employees could argue that their rights under the Data Protection Act 1998 – or even the Human Rights Act 1998 – have been infringed. In addition to the cost and time associated with defending a claim, an employer could be found liable by a court, employment tribunal or the Information Commissioner’s Office, and ordered to pay compensation.

Posted in CAT Know-How, Factor & Supplier News, Garage News, News, Retailer NewsComments (0)

NBRA ISSUES SECURITY ADVICE TO MEMBERS

Tags: , ,

NBRA ISSUES SECURITY ADVICE TO MEMBERS


NBRA Director Jason Moseley

The National Bodyshop Repair Association (NBRA) has issued security advice to businesses in a bid to prevent further cyber attacks, following last month’s ICO raids on addresses where computers thought to have been used in the cyber crimes were seized.

“The National Body Repair Association (NBRA) has been focusing heavily on protecting member’s interests related to data security within bodyshops over the past 12 months”, said Jason Moseley, Director of NBRA. “Our latest move following last month’s massive ransomware cyber-attack, the NBRA has communicated some critical IT security advice to our members to protect their business”.

He adds. “The attack hit the NHS, the French carmaker Renault, many banks and companies around the world. The ransomware that hit the contract with Halfords NHS in England and Scotland, known as ‘Wanna Decryptor’ or ‘WannaCry’, has infected 200,000 machines in 150 countries since Friday.”

Some points advised to NBRA members include implementing an actively supported operating system that receives regular updates as well as a ‘disaster recovery plan’ backing up content onto devices kept offline. Moseley also encourages bodyshops to run anti-malware software ensuring they regularly receive signature updates.

Moseley concluded by saying, “We are in a new era of cyber criminality and as a trade association we have a duty of care to assist members to secure their businesses. Being a NBRA member means bodyshops have access to the latest information”. More details can be found on the firm’s website.

Posted in Blogs, Factor & Supplier News, Garage News, News, Retailer News, UncategorisedComments (0)

RMI HAILS SECURITY INFO SCHEME

Tags: , , ,

RMI HAILS SECURITY INFO SCHEME


The Independent Garage Association (IGA) has hailed the new SERMI (Security related Repair and Maintenance Information) scheme as a ‘significant step towards having a level playing field for accessing security manufacturer information;’ calling it a ‘victory’ for its membership.

The SERMI scheme means that independent garages are another step closer towards accessing Manufacturer Security Information. It has been set up to develop, operate and maintain a process which forms a part of the ISO standard for repair information. The scheme sets out the rules and requirements for independent operators who can demonstrate the necessary integrity to be granted access to security related info.

RMI Standards and Certification says it is positioned to be the first organisation in Europe to accredit against this standard, which will keep the UK independent sector competitive and ensure that consumers and fleet operators do not have to make any compromises when choosing an independent garage for service and repair.

Stuart James, IGA Director, who has long been fighting for the rights of independent garages to access manufacturer technical information, called SERMI a huge step forward for the IGA and its members. “The ability to access manufacturer security information takes us ever closer to the ‘level playing field’ promised by EU legislation, and I am delighted that there has been a giant leap towards achieving it,” he said.

Posted in Garage News, Greg Whitaker's diaryComments (0)

Advertisement
  • What do connected cars have in store for the aftermarket?
  • Battery Store: What are suppliers planning this winter?
  • Suspension, spark plug and charger plants visited

more info

    • 'Electric vehicles will disrupt the aftermarket as we know it' Agree?

      View Results

      Loading ... Loading ...
    • Popular
    • Latest
    • Comments
    • Tags
    • Subscribe