際際滷

際際滷Share a Scribd company logo

Privacy & Data Protection: Staff Monitoring

Download as PPT, PDF
Peppe Santoro
Peppe Santoro

Presentation given at Legal-Island seminar in Dublin, Ireland on 07 October 2010. Accompanied by detailed notes which are available from the author on request.

1 of 10
Data Protection & Compliance Update Staff Monitoring Peppe Santoro Thursday 7 October 2010
Introduction General principles still apply Fair obtaining and processing One or more specified, explicit and lawful purposes Use and disclose only in compatible ways Keep secure Keep accurate, complete and up to date Adequate, relevant, not excessive Keep for no longer than necessary Give a copy to data subject on request Privacy and consent in the employment context Guidance notes Case Studies
CCTV and other recording Legitimate (security, safety, anti-fraud, compliance verification) vs. illegitimate (inappropriate location, improper ancillary uses) purposes Expansion of CCTV usage in the UK an Irish vista Covert vs. overt recording when is covert recording acceptable? Private use of CCTV
Biometrics Types of biometric data (fingerprints, retinal scans, face recognition, others). Unencrypted data, encrypted data and partial data Uses of biometric data Access control Time management Proportionality Security aspects
Vehicle tracking Not apparently personal data but almost always involves personal data by association Typical primary purposes of vehicle tracking systems Fair collection and primary and secondary purposes Non-work-related usage
Surveillance outside the workplace Generally problematic Other applicable laws (fraud, anti-stalking and similar, human rights) Necessity and proportionality a difficulty in almost all cases Significant practical compliance issues (HP case) Criminal issues/Garda involvement
Telecommunications monitoring Other applicable laws (telecommunications, specific data protection regime, criminal aspect) Purposes of monitoring mandatory compliance, recording of obligations, customer service, training Work vs. private communications Human rights and practical realities
Case Studies CCTV Biometrics Other case studies Practical experience of a trusted advisor
Five key points to remember Irish laws generally permissive of staff monitoring provided its done properly Incomplete or improper deployment of monitoring systems will result in them failing to achieve their objectives Beware additional legislation (eg telecommunications laws) Consider privacy impact statements as part of planning and deployment Consider available guidance and precedent
Thank you Peppe Santoro, Commercial Partner Eversheds ODonnell Sweeney One Earlsfort Centre Earlsfort Terrace Dublin 2 +353 1 6644200 [email_address] www.linkedin.com/in/psantoro www.eversheds.ie

More Related Content

Privacy & Data Protection: Staff Monitoring

  • 1. Data Protection & Compliance Update Staff Monitoring Peppe Santoro Thursday 7 October 2010
  • 2. Introduction General principles still apply Fair obtaining and processing One or more specified, explicit and lawful purposes Use and disclose only in compatible ways Keep secure Keep accurate, complete and up to date Adequate, relevant, not excessive Keep for no longer than necessary Give a copy to data subject on request Privacy and consent in the employment context Guidance notes Case Studies
  • 3. CCTV and other recording Legitimate (security, safety, anti-fraud, compliance verification) vs. illegitimate (inappropriate location, improper ancillary uses) purposes Expansion of CCTV usage in the UK an Irish vista Covert vs. overt recording when is covert recording acceptable? Private use of CCTV
  • 4. Biometrics Types of biometric data (fingerprints, retinal scans, face recognition, others). Unencrypted data, encrypted data and partial data Uses of biometric data Access control Time management Proportionality Security aspects
  • 5. Vehicle tracking Not apparently personal data but almost always involves personal data by association Typical primary purposes of vehicle tracking systems Fair collection and primary and secondary purposes Non-work-related usage
  • 6. Surveillance outside the workplace Generally problematic Other applicable laws (fraud, anti-stalking and similar, human rights) Necessity and proportionality a difficulty in almost all cases Significant practical compliance issues (HP case) Criminal issues/Garda involvement
  • 7. Telecommunications monitoring Other applicable laws (telecommunications, specific data protection regime, criminal aspect) Purposes of monitoring mandatory compliance, recording of obligations, customer service, training Work vs. private communications Human rights and practical realities
  • 8. Case Studies CCTV Biometrics Other case studies Practical experience of a trusted advisor
  • 9. Five key points to remember Irish laws generally permissive of staff monitoring provided its done properly Incomplete or improper deployment of monitoring systems will result in them failing to achieve their objectives Beware additional legislation (eg telecommunications laws) Consider privacy impact statements as part of planning and deployment Consider available guidance and precedent
  • 10. Thank you Peppe Santoro, Commercial Partner Eversheds ODonnell Sweeney One Earlsfort Centre Earlsfort Terrace Dublin 2 +353 1 6644200 [email_address] www.linkedin.com/in/psantoro www.eversheds.ie