Caerphilly has been ordered to rethink its approach after an investigation found it breached the Data Protection Act when it undertook covert surveillance on a sick employee.
The Information Commissioner’s Office (ICO) said the surveillance was only authorised on anecdotal evidence and began four weeks into the employee’s sickness absence.
No other measures were taken to discuss the employee’s absence before the decision to use the covert surveillance and the report, which was produced by a third-party company, was never used.
The ICO said the council did not have sufficient grounds to undertake the surveillance, especially at such an early stage of the employee’s absence.
Anne Jones, assistant commissioner for Wales, said: ‘It shouldn’t need to be said that spying on employees is incredibly intrusive and must only be done as the last resort.
‘Organisations need to be absolutely clear why they need to carry out covert surveillance and consider all other alternatives first. If it cannot be completely justified, it shouldn’t be done.’
A spokesperson for Caerphilly County Borough Council said: ‘The authority accepts the findings of the Information Commissioner's Office and has signed an undertaking to ensure full compliance in the future.
‘The council has publicly stated previously that the surveillance of council employees is on hold pending a thorough review of its policies and procedures. This remains the position. The findings of the Information Commissioner will inform the review to be undertaken’.