Data Privacy at Work and Anton Piller Orders

Data Privacy at Work and Anton Piller Orders

Privacy is a right. But like a majority of such is not absolute. There are usually a slew of other rights (several hundred according to Eric Posner's "Twilight of human rights") which need be balanced. Thus at work the employer has a measured right as well to monitor employees, within a reasonable limit.

The cases of Halford v UK (1997) 24 EHRR 523 and Copland v UK (2007) 45 EHRR 37  suggest there also has to be reasonable expectation of privacy at work to balance this. So if there was a credible threat of larceny involved it would seem to be correct to monitor, provided the employees were informed clearly and in good time. This type of data is also a resource so has a measure of value: for instance if companies are being merged, then up to a certain point it would be sensible not to swap employee personal data or at least make real efforts to anonymise the records in a commercial context.

Thus from an IT perspective, how does this relate to company supplied mobile devices such as smart phones? The data found within these, both in internal or external storage thanks to Moore's law, is always expanding. Even if no personal data or apps were permitted, the fact that geo-location data is captured during non-core office hours means not only is personal data being stored, but the protected class known as sensitive data could be viewed by employers. For instance, that an employee is going to a specialist doctor or at a rival's place of business would not be facts that the employee would wish to share.

These are not the only non-state actor that could view the personal data. There is the civil search warrant present in Common law countries known as the Anton Piller order. This is basically a search and seize order. This has been called the "Stealthbomber" of litigation. However, given that Data Protection is of EU Directive origin, would suggest that such orders need to modified to respect the personal information of the employee.

If there were to be shown the existence of procedural problems with the safety of this data, this would call into question the proportionality of any such order and would likely result in the designated Data Protection office becoming involved. The adverse publicity and possible fines could then apply as core individual EU rights are not lightly breached.