According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.
But with data privacy legislation such as Europe’s General Data Protection Regulation (GDPR) and The California Privacy Rights and Enforcement Act (CPRA) in effect, the rights of employers to monitor employees in the workplace aren’t anywhere near as carte-blanche as they used to be.
In this article, I will outline the legal considerations that employers must have when monitoring employees, the best practices for workplace monitoring, and the workplace privacy rights that employees have.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
Disclaimer: The contents of this article convey general information only and should not be construed as legal advice. CurrentWare advises consultation with legal professionals for advice and opinions on legal issues that pertain to your business.Table of Contents
Generally speaking, an employer will have the right to monitor employees that are using company equipment so long as the following are true.
As the data privacy landscape continues to evolve, following these guiding principles will help organizations stay compliant with workplace privacy laws and regulations.
Ready to start monitoring employee computer activity? Get started today with a FREE trial of the CurrentWare Suite.
Note: What is considered lawful employee data collection will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to.
In the vast majority of cases, employees that are using company equipment should not expect their computer activity to be private.
This includes internet browsing (social media activity, time spent browsing, web search history, etc), application usage, interactions with company files and systems, and idle/active time.
One potential exemption: Allowing incidental personal use of work-issued computers reinforces an expectation of privacy. For this reason, many companies opt to formally disallow the use of their computers for any personal act.
Generally speaking, employer email monitoring is permitted so long as employees are informed that their work email is strictly for work purposes and thus subject to monitoring.
While the Electronic Communications Privacy Act does extend protections to include email messages, cell phones, and other electronic communications, it does allow for a “legitimate business purposes” exception that protects how the majority of businesses use email monitoring systems.
That said, the topic of email privacy in the workplace is not so clearcut.
One area that is highly contended is the use of employee monitoring systems that track electronic communications such as instant messages and private emails.
While employers typically have the right to archive emails sent via company-owned accounts, the same may not be true when employees send emails from their non-work accounts.
As a general best practice, employees should be thoroughly educated on what electronic communications can be tracked and provided with an acceptable internet use policy that prohibits using business technology for private activities. These tools will help establish employee privacy expectations when using company computers.
Note: What is considered illegal workplace surveillance will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to.
“Video Surveillance” refers to surveillance through a camera that monitors or records visual images of activities on company-owned property.
Video surveillance equipment is used on company premises to ensure that employees, patrons, and company-owned assets are kept secure from theft, vandalism, violence, and other forms of misconduct. Should unlawful activity be discovered, the recordings captured by video surveillance equipment will be used to the fullest extent of the law—including the possibility of disclosure to authorized third parties.
While video surveillance is typically permitted for these purposes, there are instances where companies are not permitted to use video recordings.
Employee telephone monitoring is most often used to monitor the performance of phone-based customer support roles. Calls are often recorded to investigate complaints, assist in employee training, and ensure that employees are adhering to the quality and behavior standards of the organization.
Organizations that use a call monitoring system should notify their employees that they will be recorded and ensure that their employees are explicitly told not to conduct personal conversations on business phones.
But even for those organizations with clear monitoring policies in place, as soon as a phone call is found to be personal in nature they are typically obligated by law to cease their monitoring of the call.
The COVID-19 pandemic has skyrocketed the demand for employees to use their own devices for work purposes. From an ethical and legal standpoint employers are generally not permitted to monitor the activity of their employees’ private devices.
If a company wishes to use monitoring software on private devices, they must get explicit informed consent from each employee, limit how much monitoring is taking place, and consider using thin-client architecture or containerization to reduce the number of personal activities captured by the electronic monitoring systems.
From an ethical standpoint, the use of employee monitoring software may conflict with the privacy desires of employees. When employee monitoring software is used it collects both work-related activities and personal information such as sensitive internet search history.
If a business uses this potentially sensitive information in a context that far exceeds the context the employee originally consented to, it may be considered unlawful employee monitoring.
Employers have a legitimate interest in using employee monitoring tools in the workplace for productivity, security, and the protection of business interests. While the law generally allows for such monitoring, there are instances where employees may have a reasonable expectation of privacy in the workplace.
Employees that work for companies that have a culture of privacy will naturally expect that their employer will limit what they track.
In addition, workplace privacy expectations will vary based on the cultural background of each team member—for example, the majority of the United States is laxer in employee privacy laws than Europe. This may result in differences in culturally engrained views of privacy.
When a business emphasizes transparency about what is being monitored, why it’s being monitored, and how it’s being monitored it helps employees understand the privacy expectations they should have at work.
When a business fails to be transparent with their workers they risk having them believe that their computer activities are private.
By being forthcoming about the data logging methods used employees will understand that they should limit their non-work-related computer usage to activities that they are comfortable having reviewed for the protection and performance of the business.
In the vast majority of cases, using tracking tools on employee-owned devices will run afoul of workplace privacy laws. Employees that use their own devices for work-related tasks will reasonably expect that off-the-clock behavior on their computers will not be subject to tracking.
Employers that wish to allow employees to use personal technology for work purposes (BYOD) will need to limit the tracking that takes place. Any tracking that is done must be clearly outlined in their BYOD policy.
Want to start monitoring employees in the workplace? In today’s privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. These tips will reduce impacts on privacy so employers can maximize the benefits of their employee monitoring strategy.
Employee monitoring software may track activities that are considered personal or sensitive. An employer that shares personal information with other employees without a legitimate business reason to do so is highly likely to be breaking a law.
When monitoring employees in the workplace, employers are accountable for storing, transferring, and processing the data they collect compliantly. Implementing employee data protection technology is crucial for ensuring the confidentiality and integrity of the data.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
Note: Employee monitoring policies may reduce, but do not eliminate, the expectation of privacy. While these policies are an integral component of lawful employee monitoring, companies must understand that it does not give them carte blanche in the eyes of the law.
It depends. If your employer allows you to use your personal devices for work purposes they may require you to install corporate applications that could feasibly capture details such as internet browsing, applications used, geolocation, etc.
That said, from a legal perspective employers are seldom justified in monitoring the computer activity of employee-owned devices.
Furthermore, under the vast majority of circumstances, an employer will not be justified in secretly monitoring your personal computer. They will be required to notify you through a workplace monitoring policy, acceptable use policy, or similar company policy.
There are times where your personal activity may be logged:
As a best practice, you should consider all activity on employer-owned assets to be monitored. If participating in a BYOD program you should use a virtual machine or a container to keep all company software and files separate from your personal activity.
“The employer should normally use or disclose personal information only for the purposes that it collected it for, and keep it only as long as it’s needed for those purposes, unless it has the employee’s consent to do something else with it, or is legally required to use or disclose it for other purposes.”– Office of the Privacy Commissioner of Canada
“Statutes, both federal and state, place limits on what employee information employers can disclose. For example, the Americans with Disabilities Act requires employers to keep information about an employee’s medical condition separate from the employee’s personnel file and treat it as a confidential medical record.”– Wiley Wheeler, P.C. (USA)
Generally speaking, your employer can only disclose private information about you if the disclosure is required by law or if there is a legitimate business need.
That said, if you gave your employer consent to collect, process, and store your personal information for a specific purpose they may be justified in sharing it with others—so long as there is a legitimate business reason to do so and the use of your data is compatible with the purpose for which it was originally collected.
Note: Employee privacy and data protection laws will vary depending on your jurisdiction. Please consult with a professional for legal advice.
Yes. According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.
In the majority of cases, companies are allowed to use software to track how workplace technology is used. The data collected by these tools are used to protect the legitimate business interests of the employer.
These interests include managing productivity, ensuring the security of networks and data, and tracking the performance of corporate assets.
Yes. Monitoring employees who work from home is a common practice among businesses that want to ensure the productivity and security of their hybrid and remote workers. In the majority of cases, workers must be notified in advance that their technology usage will be tracked.
The monitoring software used to manage remote workers will track a number of activities including internet browsing (social media browsing, search history, active/idle time), software usage, and bandwidth consumption.
These tools are used to manage job productivity, ensure that each worker is following the company’s rules, and protect business assets against insider threats.
Employees with concerns about being tracked while working from home should consult with their employer or a legal professional.
It depends. While being transparent about employee monitoring is the recommended best practice, giving notice to employees is not always required.
The majority of jurisdictions require each worker to be made aware of their employer’s intent to monitor. Some jurisdictions with greater rules and laws will further dictate that employees must be made explicitly aware of what data is captured, how it will be used (such as productivity management), and who will have access to it.
As a best practice, you should consider all activity on employer-owned assets to be tracked.
Companies around the world rely on monitoring worker activity to secure their business, ensure that rules are being followed, and collect data on how software tools are being used in the workplace.
The best method to address worker privacy concerns is to be as transparent as possible, consult with a representative sample of workers as early as possible, give each worker access to their data, and ensure that the monitoring tools used only track what is relevant to the company’s goals.
Free White Paper
Best Practices for Monitoring Employees
In today's privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy.
Read this white paper to learn the best practices for monitoring employees in the workplace.