Bm.ge reports that in a recent data privacy investigation, the Personal Data Protection Service found that one of the ministries had been collecting and monitoring employee computer data without proper justification or employee consent. The technical support program installed on around 3,000 computers not only managed IT requests and temporary dismissals but also gathered data on employee computer usage. This included information on software used, active windows, and specific keywords.
While the Ministry claimed the data was for employee self-monitoring and information security, the inspection revealed that only the head of the IT department utilized the collected data.
The Personal Data Protection Service determined that the data collection violated employees’ right to privacy, as it involved the processing of personal information without their knowledge or consent. Furthermore, the data obtained through the technical support program was not essential for the Ministry’s information security.
Consequently, the Ministry was declared a violator of Article 17 (data security) of the Law of Georgia “On Personal Data Protection.” This case serves as a reminder that organizations must ensure transparency and legal justification when collecting and processing employee data.