Workplace Privacy vs Employee Monitoring—What Are Your Rights?

workplace privacy—what are your rights?

According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.

But with data privacy legislation such as Europe’s General Data Protection Regulation (GDPR) and The California Privacy Rights and Enforcement Act (CPRA) in effect, the rights of employers to monitor employees in the workplace aren’t anywhere near as carte-blanche as they used to be.

In this article, I will outline the legal considerations that employers must have when monitoring employees, the best practices for workplace monitoring, and the workplace privacy rights that employees have.

screenshot of a workplace monitoring policy template

Workplace Monitoring
Policy Template

  • Disclose your company’s intent to monitor employees in the workplace
  • Set workplace privacy expectations for employees
  • Meet transparency requirements for compliance with privacy laws

Get started today—Download the FREE template and customize it to fit the needs of your organization.

Disclaimer: The contents of this article convey general information only and should not be construed as legal advice. CurrentWare advises consultation with legal professionals for advice and opinions on legal issues that pertain to your business.

Table of Contents



What Rights Do Employers Have to Monitor Their Employees?

Generally speaking, an employer will have the right to monitor employees that are using company equipment so long as the following are true.

  • Transparency: The employer’s workplace monitoring policies are sufficiently transparent about the intended use of workplace surveillance systems, how employee data will be used, who will have access to their data, and the activities that will be tracked.
  • Purpose Limitation: Employee data is only collected and used for specific and legitimate business purposes and is not retained for longer than is necessary for the purposes in which it was collected.
  • Proportionality: The workplace surveillance methods used to monitor employee activity are as minimally invasive as possible for the business’s legitimate interests.
  • Security: The employer implements reasonable security measures to protect employee data from misuse and unauthorized access.
  • Other Laws: The employer’s right to monitor is not otherwise limited by collective bargaining agreements or laws that are specific to their jurisdiction.

As the data privacy landscape continues to evolve, following these guiding principles will help organizations stay compliant with workplace privacy laws and regulations. 


Ready to start monitoring employee computer activity? Get started today with a FREE trial of the CurrentWare Suite.


Examples of Lawful Data Collection

Note: What is considered lawful employee data collection will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to. The contents of this article convey general information only and should not be construed as legal advice. CurrentWare advises consultation with legal professionals for advice and opinions on legal issues that pertain to your business.

Collecting Employee Computer Usage Data with Monitoring Software

BrowseReporter is a versatile computer user activity monitoring software that helps organizations enforce policies, meet compliance requirements, and understand how their users operate – no matter where they’re located.

BrowseReporter’s detailed user activity reports provide insights like…

  • Are our users following organizational policies? Are there any unwanted activities that need to be addressed?
  • How engaged are our users? Do they spend the majority of their time on-task? And…
  • Are our users making use of the software we’ve invested in? Should we reduce the number of licenses we pay for?

The computer activity data is collected by a software agent that is installed on your computers. The agent connects to a database on your organization’s network, allowing you to maintain complete control over the data.

BrowseReporter’s central console allows you to run reports on your user’s computer activities from the convenience of a web browser. 

There are dozens of reports to choose from, including…

  • User productivity reports with an overview of how much time was spent on websites that are productive, unproductive, or neutral. These classifications can be customized to match what is productive for your users.
  • There are also detailed internet activity reports that show you what websites your users have visited, how long they spent browsing each site, and the amount of bandwidth consumed.
  • And finally, the application usage reports show you what software is being used, how long it was used for, and who was using it.

BrowseReporter’s reports can be generated on-demand, on a set schedule, or automatically sent to your inbox to alert you of specific events.

Using the End-User Reports feature you can even provide your users with on-demand access to their own data. This lets them benefit from the insights that you have.

BrowseReporter can even be deployed with optional privacy-enhancing features.

You can…

  • Display a custom message to notify users that they are being monitored
  • Make the client visible in the system tray
  • Stop monitoring outside of standard operating hours, and…
  • Disable certain types of tracking altogether 

These optional features allow you to customize your BrowseReporter deployment to fit the needs of your organization.

BrowseReporter is best used in tandem with our web filtering software BrowseControl. Using both solutions provides you with the visibility and control you need to ensure that your organization’s computers are being used appropriately

Ready to make data-informed decisions? Get actionable insights into the activity of your users with a free trial of BrowseReporter.

Get started today by visiting CurrentWare.com/Download

If you have any questions during your evaluation our technical support team is available to help you over a phone call, live chat, or email.

Thank you!

In the vast majority of cases, employees that are using company equipment should not expect their computer activity to be private. 

This includes internet browsing (social media activity, time spent browsing, web search history, etc), application usage, interactions with company files and systems, and idle/active time. 

One potential exemption: Allowing incidental personal use of work-issued computers reinforces an expectation of privacy. For this reason, many companies opt to formally disallow the use of their computers for any personal act.

Email Monitoring in the Workplace

Yellow email letters flying out of a laptop computer.

Generally speaking, employer email monitoring is permitted so long as employees are informed that their work email is strictly for work purposes and thus subject to monitoring.

While the Electronic Communications Privacy Act does extend protections to include email messages, cell phones, and other electronic communications, it does allow for a “legitimate business purposes” exception that protects how the majority of businesses use email monitoring systems.

That said, the topic of email privacy in the workplace is not so clearcut. 

One area that is highly contended is the use of employee monitoring systems that track electronic communications such as instant messages and private emails. 

While employers typically have the right to archive emails sent via company-owned accounts, the same may not be true when employees send emails from their non-work accounts.

As a general best practice, employees should be thoroughly educated on what electronic communications can be tracked and provided with an acceptable internet use policy that prohibits using business technology for private activities. These tools will help establish employee privacy expectations when using company computers.

What Is Considered Illegal Workplace Surveillance?

Note: What is considered illegal workplace surveillance will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to.

Certain Forms of Video Surveillance

A wall of multiple security cameras pointed at two people

Video Surveillance” refers to surveillance through a camera that monitors or records visual images of activities on company-owned property. 

Video surveillance equipment is used on company premises to ensure that employees, patrons, and company-owned assets are kept secure from theft, vandalism, violence, and other forms of misconduct. Should unlawful activity be discovered, the recordings captured by video surveillance equipment will be used to the fullest extent of the law—including the possibility of disclosure to authorized third parties.

While video surveillance is typically permitted for these purposes, there are instances where companies are not permitted to use video recordings.

  • When video surveillance includes the capture of audio it may run afoul of wiretapping laws.
  • A video capture system cannot be used in private areas such as bathrooms and changing rooms
  • Using hidden cameras without adequate disclosure to employees; employers are typically expected to provide notices that inform employees of cameras in the workplace.
  • Video surveillance may infringe upon a worker’s right to privacy if cameras are used to target a specific employee or group of employees without a legal obligation to do so.

Monitoring Personal Phone Calls

Employee telephone monitoring is most often used to monitor the performance of phone-based customer support roles. Calls are often recorded to investigate complaints, assist in employee training, and ensure that employees are adhering to the quality and behavior standards of the organization.

Organizations that use a call monitoring system should notify their employees that they will be recorded and ensure that their employees are explicitly told not to conduct personal conversations on business phones.

But even for those organizations with clear monitoring policies in place, as soon as a phone call is found to be personal in nature they are typically obligated by law to cease their monitoring of the call. 

Monitoring Employee-Owned Devices & Activities

Cybersecurity Risks of Remote Workers

The COVID-19 pandemic has skyrocketed the demand for employees to use their own devices for work purposes. From an ethical and legal standpoint employers are generally not permitted to monitor the activity of their employees’ private devices.

If a company wishes to use monitoring software on private devices, it must get explicit informed consent from each employee, limit how much monitoring is taking place, and consider using thin-client architecture or containerization to reduce the number of personal activities captured by the electronic monitoring systems. 

Using Employee Monitoring Software to Spy on Employees

Computer Spy, Shadowy Figure with digital background

From an ethical standpoint, the use of employee monitoring software may conflict with the privacy desires of employees. When employee monitoring software is used it collects both work-related activities and personal information such as sensitive internet search history. 

If a business uses this potentially sensitive information in a context that far exceeds the context the employee originally consented to, it may be considered unlawful employee monitoring. 

Do Employees Have a Reasonable Expectation of Privacy in the Workplace?

Employers have a legitimate interest in using employee monitoring tools in the workplace for productivity, security, and the protection of business interests. While the law generally allows for such monitoring, there are instances where employees may have a reasonable expectation of privacy in the workplace.

Factors That Influence Employee Privacy Expectations

Company & Cultural Norms

A group of employees reviewing reports

Employees that work for companies that have a culture of privacy will naturally expect that their employer will limit what they track. 

In addition, workplace privacy expectations will vary based on the cultural background of each team member—for example, the majority of the United States is laxer in employee privacy laws than Europe. This may result in differences in culturally engrained views of privacy.

Company Policies & Transparency

Workplace monitoring policy template

When a business emphasizes transparency about what is being monitored, why it’s being monitored, and how it’s being monitored it helps employees understand the privacy expectations they should have at work.

When a business fails to be transparent with their workers they risk having them believe that their computer activities are private. 

By being forthcoming about the data logging methods used employees will understand that they should limit their non-work-related computer usage to activities that they are comfortable having reviewed for the protection and performance of the business.

Device Ownership

young employee in a business suit working on a laptop

In the vast majority of cases, using tracking tools on employee-owned devices will run afoul of workplace privacy laws. Employees that use their own devices for work-related tasks will reasonably expect that off-the-clock behavior on their computers will not be subject to tracking.

Employers that wish to allow employees to use personal technology for work purposes (BYOD) will need to limit the tracking that takes place. Any tracking that is done must be clearly outlined in their BYOD policy.

Best Practices When Monitoring Employees in the Workplace

Employee monitoring is an excellent tool for understanding how your workforce operates.

Unfortunately a history of overly-invasive deployments has caused serious concerns among employees, like:

Is my employer spying on me?

They’re just doing this to find an excuse to fire me

If they’re monitoring what I do at work, they obviously don’t trust me

This is not what you want your employees to feel. 

In this video I’m going to guide you through the best practices for monitoring employees so you can avoid these mistakes and concerns from your employees

Hello and welcome to the CurrentWare YouTube channel. 

My name is Neel Lukka and I am the managing director here at CurrentWare.

After watching this video you can learn more about this topic by reading our new white paper “Employee Monitoring: Best practices for balancing productivity, security and privacy”

You can find the link for that in the description below.

Before we start, I just want to give a quick disclaimer here. 

I’m not a lawyer and this is not legal advice. These tips are for informational purposes only. If you want to use employee monitoring software in your company be sure to consult with a legal professional first.

Alright, let’s jump in

First up is the very best tip I can give you.

If you want to succeed, you have to let your employees know that they are being monitored.

Employees that do not know if they are being monitored, why they are being monitored, and how they are being monitored are more likely to have negative reactions to being monitored

such as

Having higher rates of stress and anxiety

Being less likely to accept being monitored

And, ironically, becoming less productive

That’s not to say that transparency is going to negate each and every concern that your employees may have.

But if you start with transparency from the very beginning you have a far better chance of proving to your employees that these tools aren’t being used to spy on them. 

By being transparent you’re also giving the chance to hear about their concerns from the start. This lets you work with them to make an employee monitoring strategy that is fair and minimally invasive.

Here are 4 transparency boosting tips:

Involve a representative sample of employees when you start planning your goals and the metrics you want to capture

Tell your employees what metrics are being captured, how they’ll be used, and what is being used to capture them

Have your staff read and sign policies that disclose your intended use of the employee monitoring software

and finally, give them access to their own data so they can see exactly what’s being captured. They can even use this data to manage their own productivity, which is a major bonus

The second tip I have for you is don’t use employee monitoring to micromanage

One of the reasons that monitoring can be perceived negatively is that it feels like it’s being used to punish employees. They worry that it’s the software equivalent of a micromanaging boss staring over their shoulder while they work, just waiting for them to slip up.

Some employers do monitor internet use to make sure employees aren’t getting carried away, but did you know that so-called “unproductive” internet browsing has actually been found to have a positive impact on productivity?

It’s true! But only if that browsing doesn’t take up more than 12% of their work time.

Employees feel far better about being monitored when they’re given the autonomy to self-manage first. Managers can step in if things are getting carried away or if their employees are visiting clearly inappropriate websites.

The third and final tip I have for you today is to not monitor more than you have to.

Think about it this way – if I told you that I wanted to make sure that employee’s weren’t visiting not safe for work websites, you’d think I was crazy for asking for a direct feed into their webcams. 

The bottom line is this: 

If you can meet your company’s goals with a less invasive method of monitoring, do it that way.

For example, if you want some backup for your acceptable use policies you can use internet monitoring software to see what sites are being visited. 

But there’s no need to track individual keystrokes

Or maybe you want to protect data from being stolen. You can monitor the flow of data without recording audio clips of private conversations

Finally, maybe you want to track the work habits of employees that are working remotely or from home. Give them a company-provided device rather than monitoring their personal computers

That’s it for now. 

If you want learn more, check out our new white paper “Employee Monitoring: Best practices for balancing productivity, security and privacy”

You can find the link for that in the description below.

If you’d like to try out employee monitoring in your company, visit CurrentWare.com/Download for a free trial of BrowseReporter, our computer monitoring software.

And as always stay tuned to our YouTube channel for more videos about employee monitoring, cyber security, and CurrentWare’s workforce management software.

Want to start monitoring employees in the workplace? In today’s privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. These tips will reduce impacts on privacy so employers can maximize the benefits of their employee monitoring strategy.

Avoid Sharing Personal Information

Employee monitoring software may track activities that are considered personal or sensitive. An employer that shares personal information with other employees without a legitimate business reason to do so is highly likely to be breaking a law.

Keep Employee Monitoring Data Safe

When monitoring employees in the workplace, employers are accountable for storing, transferring, and processing the data they collect compliantly. Implementing employee data protection technology is crucial for ensuring the confidentiality and integrity of the data.

Employee Monitoring Policies

screenshot of a workplace monitoring policy template

Workplace Monitoring
Policy Template

  • Disclose your company’s intent to monitor employees in the workplace
  • Set workplace privacy expectations for employees
  • Meet transparency requirements for compliance with privacy laws

Get started today—Download the FREE template and customize it to fit the needs of your organization.

Note: Employee monitoring policies may reduce, but do not eliminate, the expectation of privacy. While these policies are an integral component of lawful employee monitoring, companies must understand that it does not give them carte blanche in the eyes of the law.

Workplace Privacy & Employee Monitoring FAQ

Question mark on c

Can My Employer Monitor My Personal Computer?

It depends. If your employer allows you to use your personal devices for work purposes they may require you to install corporate applications that could feasibly capture details such as internet browsing, applications used, geolocation, etc. 

That said, from a legal perspective employers are seldom justified in monitoring the computer activity of employee-owned devices. 

Furthermore, under the vast majority of circumstances, an employer will not be justified in secretly monitoring your personal computer. They will be required to notify you through a workplace monitoring policy, acceptable use policy, or similar company policy.

There are times where your personal activity may be logged:

  1. When using employer-owned devices
  2. When using your employer’s WiFi or VPN
  3. When participating in a BYOD program where you consent to the monitoring

As a best practice, you should consider all activity on employer-owned assets to be monitored. If participating in a BYOD program you should use a virtual machine or a container to keep all company software and files separate from your personal activity. 

Can My Employer Give Out My Personal Information Without My Consent?

“The employer should normally use or disclose personal information only for the purposes that it collected it for, and keep it only as long as it’s needed for those purposes, unless it has the employee’s consent to do something else with it, or is legally required to use or disclose it for other purposes.”

Office of the Privacy Commissioner of Canada

“Statutes, both federal and state, place limits on what employee information employers can disclose. For example, the Americans with Disabilities Act requires employers to keep information about an employee’s medical condition separate from the employee’s personnel file and treat it as a confidential medical record.”

Wiley Wheeler, P.C. (USA)

Generally speaking, your employer can only disclose private information about you if the disclosure is required by law or if there is a legitimate business need. 

That said, if you gave your employer consent to collect, process, and store your personal information for a specific purpose they may be justified in sharing it with others—so long as there is a legitimate business reason to do so and the use of your data is compatible with the purpose for which it was originally collected.

Note: Employee privacy and data protection laws will vary depending on your jurisdiction. Please consult with a professional for legal advice.

Is Monitoring Employee Computers Legal?

Yes. According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.

In the majority of cases, companies are allowed to use software to track how workplace technology is used. The data collected by these tools are used to protect the legitimate business interests of the employer. 

These interests include managing productivity, ensuring the security of networks and data, and tracking the performance of corporate assets.

Can Employers Monitor Employees Who Work From Home?

Yes. Monitoring employees who work from home is a common practice among businesses that want to ensure the productivity and security of their hybrid and remote workers. In the majority of cases, workers must be notified in advance that their technology usage will be tracked.

The monitoring software used to manage remote workers will track a number of activities including internet browsing (social media browsing, search history, active/idle time), software usage, and bandwidth consumption.

These tools are used to manage job productivity, ensure that each worker is following the company’s rules, and protect business assets against insider threats.

Employees with concerns about being tracked while working from home should consult with their employer or a legal professional.

Do Employers Have to Tell Employees They Are Being Monitored?

It depends. While being transparent about employee monitoring is the recommended best practice, giving notice to employees is not always required.

The majority of jurisdictions require each worker to be made aware of their employer’s intent to monitor. Some jurisdictions with greater rules and laws will further dictate that employees must be made explicitly aware of what data is captured, how it will be used (such as productivity management), and who will have access to it.

As a best practice, you should consider all activity on employer-owned assets to be tracked. 

Conclusion & Further Reading

Companies around the world rely on monitoring worker activity to secure their business, ensure that rules are being followed, and collect data on how software tools are being used in the workplace. 

The best method to address worker privacy concerns is to be as transparent as possible, consult with a representative sample of workers as early as possible, give each worker access to their data, and ensure that the monitoring tools used only track what is relevant to the company’s goals.

FREE WHITE PAPER

Best Practices for Monitoring Employees

In today's privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy

Read this white paper to learn the best practices for monitoring employees in the workplace.

Other Resources:

Sai Kit Chu
Sai Kit Chu
Sai Kit Chu is a Product Manager with CurrentWare. He enjoys helping businesses improve their employee productivity & data loss prevention efforts through the deployment of the CurrentWare solutions.