Applying Hong Kong's Personal Data (Privacy) Ordinance to Employee Monitoring
Privacy & Data Protection: Staff Monitoring
-
Upload
peppe-santoro -
Category
Business
-
view
740 -
download
2
description
Transcript of Privacy & Data Protection: Staff Monitoring
![Page 1: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/1.jpg)
Data Protection & Compliance Update
Staff Monitoring
Peppe Santoro Thursday 7 October 2010
![Page 2: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/2.jpg)
Introduction
General principles still apply• Fair obtaining and processing• One or more specified, explicit and lawful purposes • Use and disclose only in compatible ways • Keep secure• Keep accurate, complete and up to date• Adequate, relevant, not excessive• Keep for no longer than necessary• Give a copy to data subject on request
Privacy and consent in the employment context
Guidance notes
Case Studies
![Page 3: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/3.jpg)
CCTV and other recording
Legitimate (security, safety, anti-fraud, compliance verification) vs. illegitimate (inappropriate location, improper ancillary uses) purposes
Expansion of CCTV usage in the UK – an Irish vista
Covert vs. overt recording – when is covert recording acceptable?
Private use of CCTV
![Page 4: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/4.jpg)
Biometrics
Types of biometric data (fingerprints, retinal scans, face recognition, others).
Unencrypted data, encrypted data and partial data
Uses of biometric data• Access control• Time management
Proportionality
Security aspects
![Page 5: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/5.jpg)
Vehicle tracking
• Not apparently personal data but almost always involves personal data by association
• Typical primary purposes of vehicle tracking systems
• Fair collection and primary and secondary purposes
• Non-work-related usage
![Page 6: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/6.jpg)
Surveillance outside the workplace
• Generally problematic
• Other applicable laws (fraud, anti-stalking and similar, human rights)
• Necessity and proportionality a difficulty in almost all cases
• Significant practical compliance issues (HP case)
• Criminal issues/Garda involvement
![Page 7: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/7.jpg)
Telecommunications monitoring
• Other applicable laws (telecommunications, specific data protection regime, criminal aspect)
• Purposes of monitoring – mandatory compliance, recording of obligations, customer service, training
• Work vs. private communications
• Human rights and practical realities
![Page 8: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/8.jpg)
Case Studies
• CCTV
• Biometrics
• Other case studies
• Practical experience of a trusted advisor
![Page 9: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/9.jpg)
Five key points to remember
1. Irish laws generally permissive of staff monitoring provided it’s done properly
2. Incomplete or improper deployment of monitoring systems will result in them failing to achieve their objectives
3. Beware additional legislation (eg telecommunications laws)
4. Consider privacy impact statements as part of planning and deployment
5. Consider available guidance and precedent
![Page 10: Privacy & Data Protection: Staff Monitoring](https://reader036.fdocuments.us/reader036/viewer/2022062418/555ec98ed8b42a74708b558e/html5/thumbnails/10.jpg)
Thank you
Peppe Santoro, Commercial PartnerEversheds O’Donnell Sweeney
One Earlsfort CentreEarlsfort Terrace
Dublin 2+353 1 6644200
[email protected]/in/psantoro
www.eversheds.ie