According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.
But with data privacy legislation such as Europe’s General Data Protection Regulation (GDPR) and The California Privacy Rights and Enforcement Act (CPRA) in effect, the rights of employers to monitor employees in the workplace aren’t anywhere near as carte-blanche as they used to be.
In this article, I will outline the legal considerations that employers must have when monitoring employees, the best practices for workplace monitoring, and the workplace privacy rights that employees have.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
Disclaimer: The contents of this article convey general information only and should not be construed as legal advice. CurrentWare advises consultation with legal professionals for advice and opinions on legal issues that pertain to your business.
Table of ContentsGenerally speaking, an employer will have the right to monitor employees that are using company equipment so long as the following are true.
As the data privacy landscape continues to evolve, following these guiding principles will help organizations stay compliant with workplace privacy laws and regulations.
Ready to start monitoring employee computer activity? Get started today with a FREE trial of the CurrentWare Suite.
Note: What is considered lawful employee data collection will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to. The contents of this article convey general information only and should not be construed as legal advice. CurrentWare advises consultation with legal professionals for advice and opinions on legal issues that pertain to your business.
In the vast majority of cases, employees that are using company equipment should not expect their computer activity to be private.
This includes internet browsing (social media activity, time spent browsing, web search history, etc), application usage, interactions with company files and systems, and idle/active time.
One potential exemption: Allowing incidental personal use of work-issued computers reinforces an expectation of privacy. For this reason, many companies opt to formally disallow the use of their computers for any personal act.
Generally speaking, employer email monitoring is permitted so long as employees are informed that their work email is strictly for work purposes and thus subject to monitoring.
While the Electronic Communications Privacy Act does extend protections to include email messages, cell phones, and other electronic communications, it does allow for a “legitimate business purposes” exception that protects how the majority of businesses use email monitoring systems.
That said, the topic of email privacy in the workplace is not so clearcut.
One area that is highly contended is the use of employee monitoring systems that track electronic communications such as instant messages and private emails.
While employers typically have the right to archive emails sent via company-owned accounts, the same may not be true when employees send emails from their non-work accounts.
As a general best practice, employees should be thoroughly educated on what electronic communications can be tracked and provided with an acceptable internet use policy that prohibits using business technology for private activities. These tools will help establish employee privacy expectations when using company computers.
Note: What is considered illegal workplace surveillance will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to.
“Video Surveillance” refers to surveillance through a camera that monitors or records visual images of activities on company-owned property.
Video surveillance equipment is used on company premises to ensure that employees, patrons, and company-owned assets are kept secure from theft, vandalism, violence, and other forms of misconduct. Should unlawful activity be discovered, the recordings captured by video surveillance equipment will be used to the fullest extent of the law—including the possibility of disclosure to authorized third parties.
While video surveillance is typically permitted for these purposes, there are instances where companies are not permitted to use video recordings.
Employee telephone monitoring is most often used to monitor the performance of phone-based customer support roles. Calls are often recorded to investigate complaints, assist in employee training, and ensure that employees are adhering to the quality and behavior standards of the organization.
Organizations that use a call monitoring system should notify their employees that they will be recorded and ensure that their employees are explicitly told not to conduct personal conversations on business phones.
But even for those organizations with clear monitoring policies in place, as soon as a phone call is found to be personal in nature they are typically obligated by law to cease their monitoring of the call.
The COVID-19 pandemic has skyrocketed the demand for employees to use their own devices for work purposes. From an ethical and legal standpoint employers are generally not permitted to monitor the activity of their employees’ private devices.
If a company wishes to use monitoring software on private devices, it must get explicit informed consent from each employee, limit how much monitoring is taking place, and consider using thin-client architecture or containerization to reduce the number of personal activities captured by the electronic monitoring systems.
From an ethical standpoint, the use of employee monitoring software may conflict with the privacy desires of employees. When employee monitoring software is used it collects both work-related activities and personal information such as sensitive internet search history.
If a business uses this potentially sensitive information in a context that far exceeds the context the employee originally consented to, it may be considered unlawful employee monitoring.
Employers have a legitimate interest in using employee monitoring tools in the workplace for productivity, security, and the protection of business interests. While the law generally allows for such monitoring, there are instances where employees may have a reasonable expectation of privacy in the workplace.
Employees that work for companies that have a culture of privacy will naturally expect that their employer will limit what they track.
In addition, workplace privacy expectations will vary based on the cultural background of each team member—for example, the majority of the United States is laxer in employee privacy laws than Europe. This may result in differences in culturally engrained views of privacy.
When a business emphasizes transparency about what is being monitored, why it’s being monitored, and how it’s being monitored it helps employees understand the privacy expectations they should have at work.
When a business fails to be transparent with their workers they risk having them believe that their computer activities are private.
By being forthcoming about the data logging methods used employees will understand that they should limit their non-work-related computer usage to activities that they are comfortable having reviewed for the protection and performance of the business.
In the vast majority of cases, using tracking tools on employee-owned devices will run afoul of workplace privacy laws. Employees that use their own devices for work-related tasks will reasonably expect that off-the-clock behavior on their computers will not be subject to tracking.
Employers that wish to allow employees to use personal technology for work purposes (BYOD) will need to limit the tracking that takes place. Any tracking that is done must be clearly outlined in their BYOD policy.
Employee monitoring is an excellent tool for understanding how your workforce operates.
Unfortunately a history of overly-invasive deployments has caused serious concerns among employees, like:
Is my employer spying on me?
They’re just doing this to find an excuse to fire me
If they’re monitoring what I do at work, they obviously don’t trust me
This is not what you want your employees to feel.
In this video I’m going to guide you through the best practices for monitoring employees so you can avoid these mistakes and concerns from your employees
Hello and welcome to the CurrentWare YouTube channel.
My name is Neel Lukka and I am the managing director here at CurrentWare.
After watching this video you can learn more about this topic by reading our new white paper “Employee Monitoring: Best practices for balancing productivity, security and privacy”
You can find the link for that in the description below.
Before we start, I just want to give a quick disclaimer here.
I’m not a lawyer and this is not legal advice. These tips are for informational purposes only. If you want to use employee monitoring software in your company be sure to consult with a legal professional first.
Alright, let’s jump in
First up is the very best tip I can give you.
If you want to succeed, you have to let your employees know that they are being monitored.
Employees that do not know if they are being monitored, why they are being monitored, and how they are being monitored are more likely to have negative reactions to being monitored,
such as
Having higher rates of stress and anxiety
Being less likely to accept being monitored
And, ironically, becoming less productive
That’s not to say that transparency is going to negate each and every concern that your employees may have.
But if you start with transparency from the very beginning you have a far better chance of proving to your employees that these tools aren’t being used to spy on them.
By being transparent you’re also giving the chance to hear about their concerns from the start. This lets you work with them to make an employee monitoring strategy that is fair and minimally invasive.
Here are 4 transparency boosting tips:
Involve a representative sample of employees when you start planning your goals and the metrics you want to capture
Tell your employees what metrics are being captured, how they’ll be used, and what is being used to capture them
Have your staff read and sign policies that disclose your intended use of the employee monitoring software
and finally, give them access to their own data so they can see exactly what’s being captured. They can even use this data to manage their own productivity, which is a major bonus
The second tip I have for you is don’t use employee monitoring to micromanage
One of the reasons that monitoring can be perceived negatively is that it feels like it’s being used to punish employees. They worry that it’s the software equivalent of a micromanaging boss staring over their shoulder while they work, just waiting for them to slip up.
Some employers do monitor internet use to make sure employees aren’t getting carried away, but did you know that so-called “unproductive” internet browsing has actually been found to have a positive impact on productivity?
It’s true! But only if that browsing doesn’t take up more than 12% of their work time.
Employees feel far better about being monitored when they’re given the autonomy to self-manage first. Managers can step in if things are getting carried away or if their employees are visiting clearly inappropriate websites.
The third and final tip I have for you today is to not monitor more than you have to.
Think about it this way – if I told you that I wanted to make sure that employee’s weren’t visiting not safe for work websites, you’d think I was crazy for asking for a direct feed into their webcams.
The bottom line is this:
If you can meet your company’s goals with a less invasive method of monitoring, do it that way.
For example, if you want some backup for your acceptable use policies you can use internet monitoring software to see what sites are being visited.
But there’s no need to track individual keystrokes
Or maybe you want to protect data from being stolen. You can monitor the flow of data without recording audio clips of private conversations
Finally, maybe you want to track the work habits of employees that are working remotely or from home. Give them a company-provided device rather than monitoring their personal computers
That’s it for now.
If you want learn more, check out our new white paper “Employee Monitoring: Best practices for balancing productivity, security and privacy”
You can find the link for that in the description below.
If you’d like to try out employee monitoring in your company, visit CurrentWare.com/Download for a free trial of BrowseReporter, our computer monitoring software.
And as always stay tuned to our YouTube channel for more videos about employee monitoring, cyber security, and CurrentWare’s workforce management software.
Want to start monitoring employees in the workplace? In today’s privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. These tips will reduce impacts on privacy so employers can maximize the benefits of their employee monitoring strategy.
Employee monitoring software may track activities that are considered personal or sensitive. An employer that shares personal information with other employees without a legitimate business reason to do so is highly likely to be breaking a law.
When monitoring employees in the workplace, employers are accountable for storing, transferring, and processing the data they collect compliantly. Implementing employee data protection technology is crucial for ensuring the confidentiality and integrity of the data.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
Note: Employee monitoring policies may reduce, but do not eliminate, the expectation of privacy. While these policies are an integral component of lawful employee monitoring, companies must understand that it does not give them carte blanche in the eyes of the law.
It depends. If your employer allows you to use your personal devices for work purposes they may require you to install corporate applications that could feasibly capture details such as internet browsing, applications used, geolocation, etc.
That said, from a legal perspective employers are seldom justified in monitoring the computer activity of employee-owned devices.
Furthermore, under the vast majority of circumstances, an employer will not be justified in secretly monitoring your personal computer. They will be required to notify you through a workplace monitoring policy, acceptable use policy, or similar company policy.
There are times where your personal activity may be logged:
As a best practice, you should consider all activity on employer-owned assets to be monitored. If participating in a BYOD program you should use a virtual machine or a container to keep all company software and files separate from your personal activity.
“The employer should normally use or disclose personal information only for the purposes that it collected it for, and keep it only as long as it’s needed for those purposes, unless it has the employee’s consent to do something else with it, or is legally required to use or disclose it for other purposes.”
– Office of the Privacy Commissioner of Canada
“Statutes, both federal and state, place limits on what employee information employers can disclose. For example, the Americans with Disabilities Act requires employers to keep information about an employee’s medical condition separate from the employee’s personnel file and treat it as a confidential medical record.”
– Wiley Wheeler, P.C. (USA)
Generally speaking, your employer can only disclose private information about you if the disclosure is required by law or if there is a legitimate business need.
That said, if you gave your employer consent to collect, process, and store your personal information for a specific purpose they may be justified in sharing it with others—so long as there is a legitimate business reason to do so and the use of your data is compatible with the purpose for which it was originally collected.
Note: Employee privacy and data protection laws will vary depending on your jurisdiction. Please consult with a professional for legal advice.
Yes. According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.
In the majority of cases, companies are allowed to use software to track how workplace technology is used. The data collected by these tools are used to protect the legitimate business interests of the employer.
These interests include managing productivity, ensuring the security of networks and data, and tracking the performance of corporate assets.
Yes. Monitoring employees who work from home is a common practice among businesses that want to ensure the productivity and security of their hybrid and remote workers. In the majority of cases, workers must be notified in advance that their technology usage will be tracked.
The monitoring software used to manage remote workers will track a number of activities including internet browsing (social media browsing, search history, active/idle time), software usage, and bandwidth consumption.
These tools are used to manage job productivity, ensure that each worker is following the company’s rules, and protect business assets against insider threats.
Employees with concerns about being tracked while working from home should consult with their employer or a legal professional.
It depends. While being transparent about employee monitoring is the recommended best practice, giving notice to employees is not always required.
The majority of jurisdictions require each worker to be made aware of their employer’s intent to monitor. Some jurisdictions with greater rules and laws will further dictate that employees must be made explicitly aware of what data is captured, how it will be used (such as productivity management), and who will have access to it.
As a best practice, you should consider all activity on employer-owned assets to be tracked.
Companies around the world rely on monitoring worker activity to secure their business, ensure that rules are being followed, and collect data on how software tools are being used in the workplace.
The best method to address worker privacy concerns is to be as transparent as possible, consult with a representative sample of workers as early as possible, give each worker access to their data, and ensure that the monitoring tools used only track what is relevant to the company’s goals.
FREE WHITE PAPER
Best Practices for Monitoring Employees
In today's privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy
Read this white paper to learn the best practices for monitoring employees in the workplace.
Other Resources:
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |