Skip to content

Legal Considerations for Employee IT Monitoring

A set of reports designed to better inform UK and UK-based multinational organisation's security personnel when engaging in conversations with their legal teams on employee monitoring.

Last Updated 25 February 2023

NPSA commissioned work by Dentons UK and Middle East LLP to complete a three-phased report:

  1. To review and summarise case law across 12 global jurisdictions where employee monitoring has featured in employment law and data protection cases;
  2. To assess this case law in combination with existing and future legislation in order to identify any trends or direction of travel for employee monitoring; and
  3. To review new and emerging technologies in relation to Information System's monitoring from a legal perspective.  This includes user behaviour analytics, Bring Your Own Device and social media monitoring.

Each of these are designed to better inform UK and multinational organisation's security personnel when engaging in conversations with their legal teams, as well as allowing for improved decision-making on employee monitoring and wider personnel assurance strategy.  The law on data privacy is fast-moving, particularly in Europe, and this forms a key element of this report.

At the bottom of this page you will find the main report, and a set of short reports summarising elements of the main report.


Employee IT Monitoring Insider Threat Report

Organisations must be aware that legal considerations for employee monitoring will vary from organisation to organisation and specific issues will arise depending on the nature of the organisation undertaking monitoring and the risks it is trying to mitigate. 

Dentons UK and Middle East LLP (Dentons) prepared a report for NPSA on Employee IT Monitoring in March 2018 (the Report), to serve as a legal resource only, it is not a substitute for professional advice. These documents provide a snapshot of some of the information contained in the full Report and must not be read in isolation. Neither the Report nor these documents are designed to provide legal or other advice and you should not take, or refrain from taking, action based on their content.

Employee IT Monitoring report front page

The Report and the documents are not a comprehensive report of all the information or materials that are relevant to this area of law, and do not address any particular concerns, interests, value drivers or specific issues you may have. This is a complex area of law that is changing rapidly. If you require assistance with a specific issue, you should seek legal advice from an appropriately qualified professional. Organisations planning to implement or review existing employee monitoring should seek their own professional advice. The Report (and therefore the information contained in these documents) was current as of the date of the Report publication (being March 2018).

Neither NPSA nor Dentons owe any duty to you to update the content of the Report or these document at any time for any reason. Please note the Report and these documents do not represent the views of NPSA or Dentons. Neither NPSA nor Dentons UK and Middle East LLP accept any responsibility for any loss which may arise from reliance on the Report and/or these documents.

Crown copyright 2018

We are keen to receive feedback from organisations with a presence in global jurisdictions not covered in this report who have experience to share on employee monitoring in those areas.  This will help us to continually improve our information for the critical national infrastructure.  please contact us via our enquiries form to offer such information or for further detail on the reports.

Did you find this page useful? Yes No