MANILA, Philippines – The National Privacy Commission (NPC) says ‘yes’ to employers who would want to install monitoring software in company-issued devices to monitor their work-from-home (WFH) employees.
However, the NPC clarifies that such a decision must adhere to the provisions of the Data Privacy Act (DPA) which ensures that the rights and freedom of WFH employees remain protected.
The agency explains that “monitoring employee activities when he or she is using an office-issued computer may be allowed under the DPA, provided the processing falls under any of the criteria for lawful processing under Sections 12 and/or 13 of the law.”
Specifically, the NPC details the following obligations of employers in monitoring their WFH employees without breaching their privacy:
- Employers must notify their employees that they are being monitored and why it is necessary.
- Employers should conduct a privacy impact assessment of the monitoring software to determine potential risks and to be able to find ways on how to mitigate them.
- Employers should also have clear guidelines on monitoring procedures.
- Excessive and disproportionate mechanisms in monitoring are discouraged such as tracking mouse movements, recording keystrokes, taking random photos of the computer screen, enabling webcams to take a picture of the employee, etc.
- Employers can not require employees to stay on video during office hours or even during overtime work as this is considered excessive and there are other available means of ensuring that employees are doing their assigned tasks.
- Employers must provide proper ICT equipment, support facilities and mechanisms to the employees to ensure that personal data processing systems being used during WFH are secured.
Meanwhile, the NPC noted that both employers and employees must be guided by data protection and privacy policies at all times.
“We expect employers, whether in the government or the private sector, to process personal data responsibly and with accountability in order to address existing health threats brought by COVID-19,” said Privacy Commissioner Raymund Liboro.
“We also expect employees to cooperate to reasonable and appropriate collection of their information to mitigate COVID-19 related risks and keep their co-workers and visitors safe,” he added.
Liboro hopes that the guidelines will be able to produce best practices not only in the workplace but also in homes of employees working remotely.