There is a difficulty with the distinction which Michelle seeks to make in that s26 refers to " ... likely to result in the obtaining of private information about a person (WHETHER OR NOT one specifically identified for the purposes of the investigation ... ) . So looking at CCTV to see if Fred (known) is a malingerer and looking at CCTV to discover who (unknown) carried out graffiti are equally directed surveillance.
The real issue I suggest is whether it is covert. In both cases I believe it is proper to regard the use of CCTV as not being covert, because if set up properly public CCTV is not covert - in DP terms fair processing notice has presumably been given in the form of suitable notices. This is not the same as monitoring social media where no FPN may have been given, and reasonable expectation of privacy is not the only issue and can be a red herring.
For example checking or monitoring social media as part of recruitment is clearly not going to get a RIPA authorisation - it is either irrelevant or not covert..
In DP terms, to a large extent people have a very limited reasonable expectation of privacy in respect of their public social media. Nevertheless an employer doing this 'covertly' is, I suggest, in clear breach of DPA if the activity is not clearly communicated. Simple application of SCHEDULE ! Part II : "for the purposes of the first principle personal data are NOT to be treated as processed fairly unless—
... the data controller ensures so far as practicable that ... the data subject has, is provided with, or has made readily available to him, ... the purpose or purposes for which the data are intended to be processed". Remember that processing includes obtaining. So to monitor social media for any routine staff management purpose you need to be open and transparent.
Of course in the OP situation you may well need RIPA authorisation to monitor social network, just as you would for a bespoke CCTV surveillance and if you can get this properly than you will also be DP compliant, usually using s29 to avoid the FPN issue.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|