Workplace Privacy vs Employee Monitoring—What Are Your Rights?

According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.

But with data privacy legislation such as Europe’s General Data Protection Regulation (GDPR) and The California Privacy Rights and Enforcement Act (CPRA) in effect, the rights of employers to monitor employees in the workplace aren’t anywhere near as carte-blanche as they used to be.

In this article, I will outline the legal considerations that employers must have when monitoring employees, the best practices for workplace monitoring, and the workplace privacy rights that employees have.

Workplace Monitoring
Policy Template

Disclose your company’s intent to monitor employees in the workplace
Set workplace privacy expectations for employees
Meet transparency requirements for compliance with privacy laws

Get started today—Download the FREE template and customize it to fit the needs of your organization.

Get the FREE Template

Disclaimer: The contents of this article convey general information only and should not be construed as legal advice. CurrentWare advises consultation with legal professionals for advice and opinions on legal issues that pertain to your business.

Table of Contents

Click to Show / Collapse

What Rights Do Employers Have to Monitor Their Employees?

Examples of Lawful Data Collection
What Is Considered Illegal Workplace Surveillance?

Do Employees Have a Reasonable Expectation of Privacy in the Workplace?

Factors That Influence Employee Privacy Expectations

Best Practices When Monitoring Employees in the Workplace
Workplace Privacy & Employee Monitoring FAQ

What Rights Do Employers Have to Monitor Their Employees?

Generally speaking, an employer will have the right to monitor employees that are using company equipment so long as the following are true.

Transparency: The employer’s workplace monitoring policies are sufficiently transparent about the intended use of workplace surveillance systems, how employee data will be used, who will have access to their data, and the activities that will be tracked.
Purpose Limitation: Employee data is only collected and used for specific and legitimate business purposes and is not retained for longer than is necessary for the purposes in which it was collected.
Proportionality: The workplace surveillance methods used to monitor employee activity are as minimally invasive as possible for the business’s legitimate interests.
Security: The employer implements reasonable security measures to protect employee data from misuse and unauthorized access.
Other Laws: The employer’s right to monitor is not otherwise limited by collective bargaining agreements or laws that are specific to their jurisdiction.

As the data privacy landscape continues to evolve, following these guiding principles will help organizations stay compliant with workplace privacy laws and regulations.

Ready to start monitoring employee computer activity? Get started today with a FREE trial of the CurrentWare Suite.

Get My Free Trial

Chat With CurrentWare

Back to Table of Contents

Examples of Lawful Data Collection

Note: What is considered lawful employee data collection will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to. The contents of this article convey general information only and should not be construed as legal advice. CurrentWare advises consultation with legal professionals for advice and opinions on legal issues that pertain to your business.

Collecting Employee Computer Usage Data with Monitoring Software

In the vast majority of cases, employees that are using company equipment should not expect their computer activity to be private.

This includes internet browsing (social media activity, time spent browsing, web search history, etc), application usage, interactions with company files and systems, and idle/active time.

One potential exemption: Allowing incidental personal use of work-issued computers reinforces an expectation of privacy. For this reason, many companies opt to formally disallow the use of their computers for any personal act.

Get My Free Trial

Get a Quote

Email Monitoring in the Workplace

Yellow email letters flying out of a laptop computer.

Generally speaking, employer email monitoring is permitted so long as employees are informed that their work email is strictly for work purposes and thus subject to monitoring.

While the Electronic Communications Privacy Act does extend protections to include email messages, cell phones, and other electronic communications, it does allow for a “legitimate business purposes” exception that protects how the majority of businesses use email monitoring systems.

That said, the topic of email privacy in the workplace is not so clearcut.

One area that is highly contended is the use of employee monitoring systems that track electronic communications such as instant messages and private emails.

While employers typically have the right to archive emails sent via company-owned accounts, the same may not be true when employees send emails from their non-work accounts.

As a general best practice, employees should be thoroughly educated on what electronic communications can be tracked and provided with an acceptable internet use policy that prohibits using business technology for private activities. These tools will help establish employee privacy expectations when using company computers.

What Is Considered Illegal Workplace Surveillance?

Note: What is considered illegal workplace surveillance will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to.

Certain Forms of Video Surveillance

A wall of multiple security cameras pointed at two people

“Video Surveillance” refers to surveillance through a camera that monitors or records visual images of activities on company-owned property.

Video surveillance equipment is used on company premises to ensure that employees, patrons, and company-owned assets are kept secure from theft, vandalism, violence, and other forms of misconduct. Should unlawful activity be discovered, the recordings captured by video surveillance equipment will be used to the fullest extent of the law—including the possibility of disclosure to authorized third parties.

While video surveillance is typically permitted for these purposes, there are instances where companies are not permitted to use video recordings.

When video surveillance includes the capture of audio it may run afoul of wiretapping laws.
A video capture system cannot be used in private areas such as bathrooms and changing rooms
Using hidden cameras without adequate disclosure to employees; employers are typically expected to provide notices that inform employees of cameras in the workplace.
Video surveillance may infringe upon a worker’s right to privacy if cameras are used to target a specific employee or group of employees without a legal obligation to do so.

Monitoring Personal Phone Calls

Employee telephone monitoring is most often used to monitor the performance of phone-based customer support roles. Calls are often recorded to investigate complaints, assist in employee training, and ensure that employees are adhering to the quality and behavior standards of the organization.

Organizations that use a call monitoring system should notify their employees that they will be recorded and ensure that their employees are explicitly told not to conduct personal conversations on business phones.

But even for those organizations with clear monitoring policies in place, as soon as a phone call is found to be personal in nature they are typically obligated by law to cease their monitoring of the call.

Monitoring Employee-Owned Devices & Activities

The COVID-19 pandemic has skyrocketed the demand for employees to use their own devices for work purposes. From an ethical and legal standpoint employers are generally not permitted to monitor the activity of their employees’ private devices.

If a company wishes to use monitoring software on private devices, it must get explicit informed consent from each employee, limit how much monitoring is taking place, and consider using thin-client architecture or containerization to reduce the number of personal activities captured by the electronic monitoring systems.

Using Employee Monitoring Software to Spy on Employees

Computer Spy, Shadowy Figure with digital background

From an ethical standpoint, the use of employee monitoring software may conflict with the privacy desires of employees. When employee monitoring software is used it collects both work-related activities and personal information such as sensitive internet search history.

If a business uses this potentially sensitive information in a context that far exceeds the context the employee originally consented to, it may be considered unlawful employee monitoring.

Back to Table of Contents

Do Employees Have a Reasonable Expectation of Privacy in the Workplace?

Employers have a legitimate interest in using employee monitoring tools in the workplace for productivity, security, and the protection of business interests. While the law generally allows for such monitoring, there are instances where employees may have a reasonable expectation of privacy in the workplace.

Factors That Influence Employee Privacy Expectations

Company & Cultural Norms

Employees that work for companies that have a culture of privacy will naturally expect that their employer will limit what they track.

In addition, workplace privacy expectations will vary based on the cultural background of each team member—for example, the majority of the United States is laxer in employee privacy laws than Europe. This may result in differences in culturally engrained views of privacy.

Company Policies & Transparency

When a business emphasizes transparency about what is being monitored, why it’s being monitored, and how it’s being monitored it helps employees understand the privacy expectations they should have at work.

When a business fails to be transparent with their workers they risk having them believe that their computer activities are private.

By being forthcoming about the data logging methods used employees will understand that they should limit their non-work-related computer usage to activities that they are comfortable having reviewed for the protection and performance of the business.

Device Ownership

young employee in a business suit working on a laptop

In the vast majority of cases, using tracking tools on employee-owned devices will run afoul of workplace privacy laws. Employees that use their own devices for work-related tasks will reasonably expect that off-the-clock behavior on their computers will not be subject to tracking.

Employers that wish to allow employees to use personal technology for work purposes (BYOD) will need to limit the tracking that takes place. Any tracking that is done must be clearly outlined in their BYOD policy.

Back to Table of Contents

Best Practices When Monitoring Employees in the Workplace

Employee monitoring is an excellent tool for understanding how your workforce operates.

Unfortunately a history of overly-invasive deployments has caused serious concerns among employees, like:

Is my employer spying on me?

They’re just doing this to find an excuse to fire me

If they’re monitoring what I do at work, they obviously don’t trust me

This is not what you want your employees to feel.

In this video I’m going to guide you through the best practices for monitoring employees so you can avoid these mistakes and concerns from your employees

Hello and welcome to the CurrentWare YouTube channel.

My name is Neel Lukka and I am the managing director here at CurrentWare.

After watching this video you can learn more about this topic by reading our new white paper “Employee Monitoring: Best practices for balancing productivity, security and privacy”

You can find the link for that in the description below.

Before we start, I just want to give a quick disclaimer here.

I’m not a lawyer and this is not legal advice. These tips are for informational purposes only. If you want to use employee monitoring software in your company be sure to consult with a legal professional first.

Alright, let’s jump in

First up is the very best tip I can give you.

If you want to succeed, you have to let your employees know that they are being monitored.

Employees that do not know if they are being monitored, why they are being monitored, and how they are being monitored are more likely to have negative reactions to being monitored,

such as

Having higher rates of stress and anxiety

Being less likely to accept being monitored

And, ironically, becoming less productive

That’s not to say that transparency is going to negate each and every concern that your employees may have.

But if you start with transparency from the very beginning you have a far better chance of proving to your employees that these tools aren’t being used to spy on them.

By being transparent you’re also giving the chance to hear about their concerns from the start. This lets you work with them to make an employee monitoring strategy that is fair and minimally invasive.

Here are 4 transparency boosting tips:

Involve a representative sample of employees when you start planning your goals and the metrics you want to capture

Tell your employees what metrics are being captured, how they’ll be used, and what is being used to capture them

Have your staff read and sign policies that disclose your intended use of the employee monitoring software

and finally, give them access to their own data so they can see exactly what’s being captured. They can even use this data to manage their own productivity, which is a major bonus

The second tip I have for you is don’t use employee monitoring to micromanage

One of the reasons that monitoring can be perceived negatively is that it feels like it’s being used to punish employees. They worry that it’s the software equivalent of a micromanaging boss staring over their shoulder while they work, just waiting for them to slip up.

Some employers do monitor internet use to make sure employees aren’t getting carried away, but did you know that so-called “unproductive” internet browsing has actually been found to have a positive impact on productivity?

It’s true! But only if that browsing doesn’t take up more than 12% of their work time.

Employees feel far better about being monitored when they’re given the autonomy to self-manage first. Managers can step in if things are getting carried away or if their employees are visiting clearly inappropriate websites.

The third and final tip I have for you today is to not monitor more than you have to.

Think about it this way – if I told you that I wanted to make sure that employee’s weren’t visiting not safe for work websites, you’d think I was crazy for asking for a direct feed into their webcams.

The bottom line is this:

If you can meet your company’s goals with a less invasive method of monitoring, do it that way.

For example, if you want some backup for your acceptable use policies you can use internet monitoring software to see what sites are being visited.

But there’s no need to track individual keystrokes

Or maybe you want to protect data from being stolen. You can monitor the flow of data without recording audio clips of private conversations

Finally, maybe you want to track the work habits of employees that are working remotely or from home. Give them a company-provided device rather than monitoring their personal computers

That’s it for now.

If you want learn more, check out our new white paper “Employee Monitoring: Best practices for balancing productivity, security and privacy”

You can find the link for that in the description below.

If you’d like to try out employee monitoring in your company, visit CurrentWare.com/Download for a free trial of BrowseReporter, our computer monitoring software.

And as always stay tuned to our YouTube channel for more videos about employee monitoring, cyber security, and CurrentWare’s workforce management software.

Want to start monitoring employees in the workplace? In today’s privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. These tips will reduce impacts on privacy so employers can maximize the benefits of their employee monitoring strategy.

Want Transparent Monitoring?

Learn about BrowseReporter’s privacy-enhancing features

Avoid Sharing Personal Information

Employee monitoring software may track activities that are considered personal or sensitive. An employer that shares personal information with other employees without a legitimate business reason to do so is highly likely to be breaking a law.

Keep Employee Monitoring Data Safe

When monitoring employees in the workplace, employers are accountable for storing, transferring, and processing the data they collect compliantly. Implementing employee data protection technology is crucial for ensuring the confidentiality and integrity of the data.

Employee Monitoring Policies

Workplace Monitoring
Policy Template

Disclose your company’s intent to monitor employees in the workplace
Set workplace privacy expectations for employees
Meet transparency requirements for compliance with privacy laws

Get started today—Download the FREE template and customize it to fit the needs of your organization.

Get the FREE Template

Note: Employee monitoring policies may reduce, but do not eliminate, the expectation of privacy. While these policies are an integral component of lawful employee monitoring, companies must understand that it does not give them carte blanche in the eyes of the law.

Back to Table of Contents

Workplace Privacy & Employee Monitoring FAQ

Can My Employer Monitor My Personal Computer?

It depends. If your employer allows you to use your personal devices for work purposes they may require you to install corporate applications that could feasibly capture details such as internet browsing, applications used, geolocation, etc.

That said, from a legal perspective employers are seldom justified in monitoring the computer activity of employee-owned devices.

Furthermore, under the vast majority of circumstances, an employer will not be justified in secretly monitoring your personal computer. They will be required to notify you through a workplace monitoring policy, acceptable use policy, or similar company policy.

There are times where your personal activity may be logged:

When using employer-owned devices
When using your employer’s WiFi or VPN
When participating in a BYOD program where you consent to the monitoring

As a best practice, you should consider all activity on employer-owned assets to be monitored. If participating in a BYOD program you should use a virtual machine or a container to keep all company software and files separate from your personal activity.

Can My Employer Give Out My Personal Information Without My Consent?

“The employer should normally use or disclose personal information only for the purposes that it collected it for, and keep it only as long as it’s needed for those purposes, unless it has the employee’s consent to do something else with it, or is legally required to use or disclose it for other purposes.”
– Office of the Privacy Commissioner of Canada

“Statutes, both federal and state, place limits on what employee information employers can disclose. For example, the Americans with Disabilities Act requires employers to keep information about an employee’s medical condition separate from the employee’s personnel file and treat it as a confidential medical record.”
– Wiley Wheeler, P.C. (USA)

Generally speaking, your employer can only disclose private information about you if the disclosure is required by law or if there is a legitimate business need.

That said, if you gave your employer consent to collect, process, and store your personal information for a specific purpose they may be justified in sharing it with others—so long as there is a legitimate business reason to do so and the use of your data is compatible with the purpose for which it was originally collected.

Note: Employee privacy and data protection laws will vary depending on your jurisdiction. Please consult with a professional for legal advice.

Is Monitoring Employee Computers Legal?

Yes. According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.

In the majority of cases, companies are allowed to use software to track how workplace technology is used. The data collected by these tools are used to protect the legitimate business interests of the employer.

These interests include managing productivity, ensuring the security of networks and data, and tracking the performance of corporate assets.

Can Employers Monitor Employees Who Work From Home?

Yes. Monitoring employees who work from home is a common practice among businesses that want to ensure the productivity and security of their hybrid and remote workers. In the majority of cases, workers must be notified in advance that their technology usage will be tracked.

The monitoring software used to manage remote workers will track a number of activities including internet browsing (social media browsing, search history, active/idle time), software usage, and bandwidth consumption.

These tools are used to manage job productivity, ensure that each worker is following the company’s rules, and protect business assets against insider threats.

Employees with concerns about being tracked while working from home should consult with their employer or a legal professional.

Do Employers Have to Tell Employees They Are Being Monitored?

It depends. While being transparent about employee monitoring is the recommended best practice, giving notice to employees is not always required.

The majority of jurisdictions require each worker to be made aware of their employer’s intent to monitor. Some jurisdictions with greater rules and laws will further dictate that employees must be made explicitly aware of what data is captured, how it will be used (such as productivity management), and who will have access to it.

As a best practice, you should consider all activity on employer-owned assets to be tracked.

Back to Table of Contents

Conclusion & Further Reading

Companies around the world rely on monitoring worker activity to secure their business, ensure that rules are being followed, and collect data on how software tools are being used in the workplace.

The best method to address worker privacy concerns is to be as transparent as possible, consult with a representative sample of workers as early as possible, give each worker access to their data, and ensure that the monitoring tools used only track what is relevant to the company’s goals.

FREE WHITE PAPER

Best Practices for Monitoring Employees

In today's privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy

Read this white paper to learn the best practices for monitoring employees in the workplace.

Other Resources:

Sai Kit Chu

Sai Kit Chu is a Product Manager with CurrentWare. He enjoys helping businesses improve their employee productivity & data loss prevention efforts through the deployment of the CurrentWare solutions.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmp	session	Zoho sets this cookie for the login function on the website.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	2 months 11 days 7 hours 3 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_GY6RPLBZG0	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_opt_expid	past	Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_dc_gtm_UA-6494714-6	1 minute	No description
_gaexp_rc	past	No description available.
34f6831605	session	No description
383aeadb58	session	No description available.
663a60c55d	session	No description available.
6e4b8efee4	session	No description available.
c72887300d	session	No description available.
cookielawinfo-checkbox-tracking	1 year	No description
crmcsr	session	No description available.
currentware-_zldp	2 years	No description
currentware-_zldt	1 day	No description
et_pb_ab_view_page_26104	session	No description
gaclientid	1 month	No description
gclid	1 month	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	1 month	No description available.
handl_ref	1 month	No description available.
handl_ref_domain	1 month	No description
handl_url	1 month	No description available.
handl_url_base	1 month	No description
handlID	1 month	No description
HandLtestDomainName	session	No description
HandLtestDomainNameServer	1 day	No description
isiframeenabled	1 day	No description available.
m	2 years	No description available.
nitroCachedPage	session	No description
organic_source	1 month	No description
organic_source_str	1 month	No description
traffic_source	1 month	No description available.
uesign	1 month	No description
user_agent	1 month	No description available.
ZCAMPAIGN_CSRF_TOKEN	session	No description available.
zld685336000000002056state	5 minutes	No description

Workplace MonitoringPolicy Template

What Rights Do Employers Have to Monitor Their Employees?

Examples of Lawful Data Collection

Collecting Employee Computer Usage Data with Monitoring Software

Email Monitoring in the Workplace

What Is Considered Illegal Workplace Surveillance?

Certain Forms of Video Surveillance

Monitoring Personal Phone Calls

Monitoring Employee-Owned Devices & Activities

Using Employee Monitoring Software to Spy on Employees

Do Employees Have a Reasonable Expectation of Privacy in the Workplace?

Factors That Influence Employee Privacy Expectations

Company & Cultural Norms

Company Policies & Transparency

Device Ownership

Best Practices When Monitoring Employees in the Workplace

Want Transparent Monitoring?

Avoid Sharing Personal Information

Keep Employee Monitoring Data Safe

Employee Monitoring Policies

Workplace MonitoringPolicy Template

Workplace Privacy & Employee Monitoring FAQ

Can My Employer Monitor My Personal Computer?

Can My Employer Give Out My Personal Information Without My Consent?

Is Monitoring Employee Computers Legal?

Can Employers Monitor Employees Who Work From Home?

Do Employers Have to Tell Employees They Are Being Monitored?

Conclusion & Further Reading

Sai Kit Chu

Related posts

How to Use enPowerManager—PC Power Manager & Employee Login Tracker

How CurrentWare Safeguards the Integrity of State and Local Elections

Workplace Monitoring
Policy Template

Workplace Monitoring
Policy Template