Pros and Cons of Employee Monitoring (What Employers Need to Know)

The pros and cons of employee monitoring

Employee monitoring is not without its risks. Before implementing employee monitoring software you must first evaluate the pros and cons of employee monitoring to see if it’s the right choice for your company. This article will outline the advantages and disadvantages of monitoring employees to help you make an informed decision.

Table of Contents

What Is Employee Monitoring?

Employee Monitoring - what you need to know

Employee monitoring is a form of workplace surveillance where employers collect data regarding their employees activities. The most common forms of employee monitoring are internet usage monitoring, location tracking, and computer activity monitoring. According to a Spiceworks survey 91% of organizations monitor employees in some way. 

Types of Employee Monitoring

Before evaluating the pros and cons of employee monitoring, it’s important to understand the various forms that it can come in. The laws, regulations, and perceptions of monitoring will be heavily influenced by the type of monitoring used and the reasons for its use.

Internet Usage Tracking

The 2007 Electronic Monitoring & Surveillance Survey from the American Management Association (AMA) found that 66% of employers monitor employee internet use. 65% of those surveyed also use web filtering software to block websites. Employers primarily monitor and restrict internet access to prevent employees from accessing inappropriate websites.

Why do employers monitor employee web activity?

  • To help enforce acceptable use policies by discouraging the use of pornography & other inappropriate websites
  • To improve bandwidth efficiency by identifying unnecessary bandwidth hogs
  • To ensure that employees aren’t excessively browsing unproductive websites such as social media and computer games sites

Email Monitoring

Yellow email letters flying out of a laptop computer.

43% of employers in the American Management Association report monitor the email activity of their employees. Email monitoring is typically done with automated tools that scan for keywords, though 40% of the employers in the report stated they use manual email monitoring methods.

Why do employers monitor employee emails?

  • To detect unsafe or unauthorized file sharing 
  • To monitor the quality of employee communications
  • To deter the use of inappropriate or offensive language
  • To deter excessive personal use of company-provided email accounts
  • To meet data security compliance standards

GPS Tracking

GPS and other forms of location tracking are a niche form of employee monitoring that is not as widely used as computer usage tracking. The use of location tracking is often reserved for roles where frequent travel is required. Employers will often use location tracking on company-provided vehicles and mobile devices.

Why do employers use GPS tracking?

  • To recover company-provided mobile devices when they are lost or stolen
  • To monitor the mileage and routes taken by company vehicles (truck or delivery drivers)
  • To improve the safety of employees that are working in dangerous conditions (emergency responders, employees in remote locations)

Keylogging

Keylogging (keystroke logging) is a highly controversial employee monitoring practice. Keyloggers track the individual keyboard inputs of employees and save that data for review. Keyloggers may be hardware or software based.

As these tools capture individual keystrokes they pose significant security and privacy concerns. They are likely to capture sensitive information including passwords, credit card details, and other sensitive data.

Storing sensitive data within the database of a keylogger is dangerous as unauthorized users or hackers could potentially access that data. For this reason, they are rarely used. 

Why do employers use keyloggers?

  • To track the average words-per-minute of data entry employees
  • To detect insider threats that are sharing private information or executing suspicious commands

Video Surveillance

Video surveillance is commonly performed through closed-circuit television (CCTV) systems. These technologies are commonly used as security systems rather than for measuring productivity. It is common for companies that interact with the public to use video surveillance in locations where there are concerns surrounding the security of employees and theft of company assets.

Why do employers use video surveillance?

  • To counter theft, violence, sabotage, and other undesirable behavior
  • To monitor employee performance and attendance

Call Monitoring

Employee telephone monitoring is most often used to monitor the performance of phone-based customer support roles. Calls are often recorded to investigate complaints, assist in employee training, and ensure that employees are adhering to the quality standards of the organization.

Why do employers monitor telephone calls?

  • As a quality control measure for call centers
  • To ensure the quality and consistency of sales calls 
  • To prevent employees from using business phone lines inappropriately

Data Loss Prevention

AccessPatrol files operations report with 15 different file operations listed.

Data loss prevention (DLP) software monitors employee computer activity to prevent data breaches. These software tools monitor, detect, and block actions that put sensitive data at risk.


Examples of DLP monitoring

  • Tracking file transfers to portable storage devices (USB flash drives, etc)
  • Logging USB devices that have been used on company computers
  • Monitoring email file attachments for confidential data

Time Tracking

Idle Time Tracking - How active are your employees? CurrentWare

Employee time tracking tools are used to monitor the hours that employees work. These tools are typically used to maintain compliance with labour laws, track billable hours, and ensure that employees are working sufficient hours.

Examples of employee time tracking

  • Time tracking spreadsheets
  • Manual punch time clocks
  • Project management tools that track the time spent on individual tasks
  • Software that tracks employee login/logout times on company computers

Screenshot Monitoring

Remote Live Screen Monitoring With BrowseReporter.

Screenshot monitoring software monitors employee computer activity by capturing screenshots of their desktops. These tools will take screenshots at set intervals, when specific actions occur on the employee’s computer, or when an operator manually captures a screenshot.

Examples of screenshot monitoring

  • Taking screenshots of employee computer screens at a set interval
  • Capturing a screenshot when specific actions happen (typically high-risk or inappropriate activity)
  • Monitoring desktops in real-time

Why Do Employers Monitor Their Employees?

“Employers that don’t monitor [their employees] will become fewer and fewer, not to nail employees, but because monitoring increasingly makes business sense.”

Manny Avramidis, president and CEO, the American Management Association

The top reasons for monitoring employees in the workplace

  • Deterring counterproductive work behaviors (CWB) such as tardiness, theft, workplace bullying, and absenteeism.
  • Improving employee productivity by deterring excessive personal internet usage and gaining deeper insights into employee workflows.
  • Protecting sensitive data against high-risk computer activities such as visiting potentially dangerous websites or uploading files to personal cloud storage accounts.

While employee productivity management is a use-case for monitoring software, it is only one of many reasons for monitoring employees in the workplace.

According to a 2017 Spiceworks survey of IT professionals the most common reasons that their employers monitor employees is to protect against malware and phishing scams, to prevent unacceptable user behavior, to prevent users from visiting inappropriate websites, for liability management/compliance purposes, and to protect sensitive information.

Source: Spiceworks Workplace Surveillance Data Snapshot Survey

The Pros of Employee Monitoring

This section will overview the advantages of monitoring employees and provide examples of how employee monitoring is used by businesses. 

Overall, the greatest pro of employee monitoring is the level of visibility it provides into employee work habits. As previously mentioned these insights provide data that is used to improve operational efficiency, legal compliance, and security in businesses.

Monitoring Reduces Employee Time Theft

Time Theft In The Workplace

At its core, time theft occurs when an employee accepts payment for work or time they did not actually complete. Time theft comes in a range of degrees of severity, from employees mismanaging their allocated break times all that way up to intentionally fraudulent claims.

Examples of Time Theft

  • Taking extended lunch breaks without permission.
  • “Buddy Punching” – Convincing coworkers to punch in on their behalf when they aren’t present for work.
  • Exaggerating how much time was spent working on tasks.
  • Spending excessive amounts of time on non-work tasks (“Cyberloafing”, excessive socializing, sleeping, playing games, working on personal projects during work hours)
  • Working unauthorized overtime

Employee monitoring improves the accuracy of employee time tracking by providing another source of data that can be used to verify employee activity. 

For example, in most cases a data entry employee that clocks in at the start of the work day will reasonably be expected to be working on their computers shortly after. 

If an anomalous and excessive period of inactivity is found throughout the workday for such an employee it may be a sign that the employee is engaging in time theft. 

Monitoring Improves Employee Productivity

Picture with text: How to Increase Productivity - CurrentWare. Photograph shows a hand demonstrating an upwards curve motion with an arrow following the index finger, simulating a graph

Gallup estimates that actively disengaged employees cost the U.S. between $483 billion to $605 billion each year in lost productivity. One of the pros of using employee monitoring software is gaining the ability to detect early warning signs of disengagement such as excessive unproductive web browsing. 

How employee monitoring is used for to improve productivity

  • Monitor internet usage for excessive unproductive web activity
  • Reduce employee temptations to excessively browse non-work websites
  • Identify unproductive bandwidth hogs that affect network performance
  • Maintain a respectable work environment by monitoring for inappropriate internet activities
  • Analyze productivity and engagement trends to optimize work processes
  • Provide disengaged employees, managers, and HR with a benchmark that can be used as a part of an Employee Performance Improvement Plan (PIP)

Monitoring Improves Data Security

A photo of a computer screen. The cursor is pointing to the word "security"

Computer monitoring software is used to ensure that employees are using company systems safely and handling data in a way that is compliant with the company’s security policies. 

This includes data loss prevention tools that audit file transfers to portable storage devices and internet monitoring software that tracks the websites visited by employees. 

How employee monitoring improves data security

  • Interactions with sensitive data can be monitored to ensure compliance with data security policies
  • Monitoring internet use can detect attempts to visit unauthorized cloud storage sites
  • Application usage can be monitored for potentially dangerous unauthorized applications such as shadow IT and pirated software
  • Intellectual property and other sensitive data can be closely monitored during the offboarding process to prevent theft
  • Unusual outbound network traffic is one of many potential indicators of compromise (IOCs). Monitoring user activity for anomalous bandwidth spikes, and visits to unauthorized cloud storage sites are all potential warning signs

Monitoring Helps Enforce Company Policies

CurrentWare Work From Home Policy - Get the free template today

Employers need to ensure that their employees are behaving in an appropriate and professional manner. Allowing employees to engage in unsavory actions on workplace computers is a significant contributor to a hostile work environment. 

Having a formal computer use policy is an essential first step for communicating expectations to employees, but it’s not the full solution. Employee monitoring software is a valuable tool for enforcing policies as it can alert HR and management to computer policy violations such as visits to adult-oriented sites.

How employee monitoring helps enforce policies

  • Identify employees that are visiting inappropriate or unsafe websites
  • Evidence of misuse can be kept on file to support a performance improvement plan
  • Employee internet monitoring software can be used in tandem with a web filter to ensure that employees are not going to sites that are not suitable for the workplace

Monitoring Reduces Software Waste

Application Tracking - Save Money on Unused Software

The Software Usage and Waste Report 2016 report from 1E found that as much as 38% of enterprise software is underutilized or simply not being used at all. This total cost of underutilized software to these businesses is estimated to be $34 billion per year. 

How employee monitoring helps reduces software waste

  • Application usage can be monitored to track the utilization rate of software
  • Historical app usage data can be analyzed to anticipate future peak periods
  • Underused apps can be decommissioned and additional licenses can be purchased for apps with higher demand

The Cons of Employee Monitoring

The greatest cons of employee monitoring relate to the potential impacts on employee privacy, workplace culture, and morale. 

As the spectrum of what is considered “employee monitoring” varies widely, the cons of monitoring will vary depending on employee perceptions, the invasiveness of the chosen monitoring methods, and how the employee’s data is used.

Free White Paper

Employee Monitoring: Best Practices for Balancing Productivity, Security, and Privacy

In today's privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. Read this white paper to learn the best practices for monitoring employees in the workplace.

Employee Monitoring vs Workplace Privacy

Employee Monitoring - Privacy Tips for Employers - CurrentWare

In today’s privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. 

They need to carefully balance the demands of organizational productivity, employee privacy, and regulatory compliance requirements surrounding the storage, use, and protection of their employee’s data. 

One of the cons of employee monitoring software is that potentially sensitive personal data may be captured. If employees doubt whether or not their data is adequately protected from misuse there is a legitimate concern that an employee’s web browsing history can be unfairly used against them.

To mitigate against this you must have your employees sign an employee monitoring policy that outlines what data will be captured, who will have access to it, and how their data will be used.

The most common employee privacy concerns

  • If employees use workplace computers for personal use the monitoring software may capture personal details such as racial identity, personal web browsing habits, religious beliefs, and health concerns
  • Automated screenshot monitoring software will capture everything on their screens including banking details, personal messages they may be writing, and any classified data they may be working with
  • Employees may worry that the data will be used unfairly or that their activity data will create a bias that will impact their professional career

Free White Paper

Employee Monitoring: Best Practices for Balancing Productivity, Security, and Privacy

In today's privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. Read this white paper to learn the best practices for monitoring employees in the workplace.

Invasive Monitoring May Lead to Legal Issues

California Consumer Privacy Act

When monitoring employees in the workplace it is essential that you are in compliance with any laws or regulations that pertain to an employee’s privacy rights in the workplace.

When it comes to what you are allowed to monitor, many believe that if an employee is using company equipment, on company time, and getting paid by the company, that the company has every right to monitor their equipment and what the employee is doing with it.

While in the majority of cases a company can monitor their employees so long as they have a legitimate business reason for doing so, it’s not always that simple. A variety of factors influence what employers can and cannot monitor.

Legal factors that influence an employer’s right to monitor

  • Jurisdiction: Employee monitoring laws vary depending on where the employer and the employee reside. A catch-all approach may not be suitable for a multinational company.
  • Union Agreements: Independent agreements with unions and other workers’ rights organizations may include limitations about what employers can track and how data will be used when monitoring employees.
  • Proportionality: Different forms of monitoring may be restricted based on potential privacy impacts. For example monitoring individual keystrokes is more invasive than monitoring web browsing history as tracking specific keystrokes has a greater risk of capturing sensitive personal information such as passwords.
  • Privacy Expectations: Employees have a greater expectation of privacy on their personal devices. Monitoring laws may even go so far as to restrict the degree of monitoring that can take place when employees use business equipment for personal use.
  • Transparency: Has the company made a legitimate effort to inform employees that they are being monitored? Are employees clear about whether or not they have a reasonable expectation of privacy on workplace equipment?

H&M Fined Millions Under GDPR for Invasive Data Collection

In 2020 the clothing store H&M received a €35.3m ($41.3m USD) fine for invasive employee monitoring practices. 

H&M received the fine due to non-compliance with the General Data Protection Regulation (GDPR), a data protection and privacy legislation that protects data subjects in the European Union (EU) and the European Economic Area (EEA).

Why was H&M’s monitoring considered invasive?

Managers at H&M collected sensitive personal information through extensive employee surveys and even notes from informal conversations. 

The data included how staff conducted their holidays, medical symptoms, diagnoses for illnesses, family issues, and personal religious beliefs. That data was then made available to up to 50 managers who used that data to make employment related decisions.

Since this collection was excessively invasive and collected data that was beyond any legitimate business need, the Data Protection Authority of Hamburg (HmbBfDI) opted to issue the fine.

Potential Impacts on Employee Morale

A man sits at his desk working on a computer. The shadowy figure of a colleague looms behind him.

“Employers must not use tech to control and micromanage their staff. Monitoring toilet breaks, tracking, and snooping on staff outside working hours creates fear and distrust. And it undermines morale.”

Frances O’Grady, General Secretary of the British Trades Union Congress (As reported by Raconteur)

Another con of employee monitoring is that some forms of monitoring can have a negative impact on employee morale. Employee perceptions of monitoring may also contribute to added stress that affects work performance.

Providing employees with autonomy is essential for maintaining morale. If employee monitoring is used to micromanage employees and punish them for minor infractions they will feel like they are being unfairly treated.

When using employee monitoring software it’s important to avoid reducing human employees to mere numbers. Workforce analytics tools are excellent at capturing quantitative data, but they cannot reliably track qualitative data.

Even if that is not the intention of the employer, a lack of communication and transparency can cause these sentiments to form. 

That’s why it is critical that the deployment of employee monitoring software is done with the input of a representative sample of employees. Involving employees in the planning process gives business leaders the opportunity to proactively address any privacy or management concerns before any monitoring takes place.

Employers must also do all they can to clearly communicate their intended use of employee data, especially if that data will be used to make any sort of judgement on employee performance.

How employee monitoring software can harm employee morale

  • Lost Autonomy: Employees may feel that their workflows will be unfairly micromanaged based on their computer activity data and other quantitative metrics.
  • Distrust: Employees may assume that their employers are monitoring their activity because they are not trusted to act professionally and manage their own productivity.
  • Stress: Employees may feel that they are at risk of being fired or otherwise unfairly evaluated based on the data collected.
  • Evaluations: Computer activity data is not a reliable standalone productivity metric. Employees who are not fairly evaluated with other relevant metrics will grow to detest their employer’s monitoring practices.

Misuse or Breach of Sensitive Employee Data

It’s easy to overlook the threat that can arise from within the company, especially when devices are being taken offsite. The damage that data breaches can cause is enormous! - Larry S, Boston Centerless

Many data privacy laws require that data collection is performed for a specific purpose. This is a preventative measure to ensure that the informed consent provided by the data subjects (the employees) is respected during collection, processing, and use.

A successful employee monitoring strategy requires a clear understanding of the company’s goals and how the data collected will be used to meet them. If employee data is collected under one stated purpose and used for another it can lead to data privacy compliance violations and severe impacts on employee morale.

Employee monitoring data must also be treated as sensitive and protected accordingly. This includes limiting who can access the data, restricting the use of the data to its intended purpose, and implementing necessary safeguards. 

The risk that an employee’s data could be leaked to an unauthorized third party may contribute to an employee’s hesitation to be monitored in the workplace.

The risks of misuse or breach of employee data

  • Blackmail/Gossip: An employee’s internet search history can potentially contain private details about their personal lives. Without administrative controls in place this data can be leaked to their coworkers or other parties.
  • Trust & Retention: If employees cannot trust that their data is adequately secured they may feel unsafe using work computers. This uncertainty may cause them to seek employment elsewhere.
  • Identity Theft: Some forms of monitoring may capture enough personal information that it could affect an employee’s personal security. For example, attackers could use the leaked data to perform targeted phishing attacks or bypass knowledge-based multi-factor authentication.

Resource & Financial Requirements

A hand counts several $100 US bills

Another con of employee monitoring is the cost of purchasing, deploying, and managing the solution. 

Monitoring employee computer activity generates a large volume of data. Actively reviewing employee reports may be viable for a small business but it is not scalable, nor is it an efficient use of time for most use cases. 

For this reason, the majority of organizations will not actively examine each employee. Instead, they will limit auditing to an as-needed basis or when the software alerts them to specific activities that they are monitoring for. 

Alerts are typically set for high-risk activities such as anomalous file transfers, attempts to visit inappropriate sites, or the use of unauthorized portable storage devices.

The costs of monitoring employees

  • Time: Reviewing reports costs valuable time. Businesses that deploy monitoring software need to plan how actively engaged they will be: Will reviews be limited to specific investigations and automated alerts or will a member of staff be responsible for regularly reviewing the data?
  • Software: Any employee monitoring software that is suitable for businesses will come at a cost. The costs for these tools are typically charged on a per-user basis with the cost per user decreasing based on volume of licenses purchased.
  • Retention: If employees strongly object to being monitored there is a risk that the use of employee monitoring could decrease retention rates.

What Should Employers Be Monitoring?

The exact pros and cons of employee monitoring will depend on the methods used to monitor employees. The perceived invasiveness, legal requirements, and potential impact will vary heavily based on what data is collected, how it is used, and the context of the employee’s work.

General Principles for Monitoring Employees

When deciding what to monitor, an employer must consider employee monitoring from both a legal and ethical standpoint. Though not all jurisdictions will have privacy laws that limit an employers right to monitor, they should abide by these general principles.

  • Employers should only collect data that is relevant to a legitimate business need
  • The legitimate business need must not outweigh the employee’s right to privacy 
  • If a less invasive form of monitoring can suitably accomplish the employer’s goal, they should implement that alternative instead
  • Data should only be stored for as long as it is relevant to the business. Data that is no longer relevant should be periodically culled to reduce the quantity of data in the employer’s possession
  • Employers should only use the data for the stated purposes. Consent should be requested for any processing that goes beyond the scope of what the consent was originally provided for
  • Employers should be transparent about employee monitoring, providing their employees with an opportunity to give informed consent
  • Employers should not rely on consent as the sole justification for monitoring, as the imbalance of power in the context of an employer/employee relationship may influence the employee’s decision
  • Employees should be able to access their own data so they can ensure its accuracy and to improve transparency

Want to learn more about the best practices for monitoring employees in the workplace? Download our white paper Workplace Privacy and Employee Monitoring: Best Practices for Balancing Productivity, Security, and Privacy

Should Employers Monitor Geolocation (GPS)?

Person pointing to a location on a map

Moving agencies, delivery services, and taxi services use GPS monitoring to track the location of vehicles, optimize routes, and ensure that drivers are in compliance with traffic safety regulations.

Unless an employer has a legitimate business reason to continuously monitor the location of their employees, GPS monitoring is highly likely to be too invasive to justify its use.

There are reasonable exceptions for tracking company-owned assets that employees use such as GPS tracking on company vehicles and monitoring the location of mobile devices through a mobile device manager (MDM). 

From an ethical standpoint there may be concerns if employees are permitted to use these devices for personal use. Extensively monitoring the whereabouts of employees when they are not at work is highly likely to raise privacy concerns among employees.

Should Employers Monitor Webcam Feeds?

Image: Three people having a video conference together. Two are together in the same room, the other is a smiling man seen on a laptop screen.

When many employees were forced to work from home during COVID-19, it surfaced a wide swath of unconventional monitoring methods such as forcing employees to have pictures of them taken from their webcams throughout the entirety of their shift.

Going beyond this, there are forms of computer spy software that can be secretly installed on employee computers to allow managers to view employees through their webcams and capture audio inputs/outputs. 

Even with prior consent this highly invasive form of employee surveillance is illegal in the majority of cases as it can capture intimate personal details, especially when employees work from home. 

When employees work from home they do not necessarily have full control over what enters the field-of-view of their webcams, which risks the filming of nonconsenting subjects – including minors.

Recording private communications without the consent of those speaking is also highly likely to be considered a criminal offense. These offenses generally fall under some form of wiretapping laws.

Security cameras are an exception. This form of video surveillance involves hardware that is installed on-premises for security and liability purposes. As long as there is a legitimate business reason to film, private areas are not being filmed, and employees are informed about the filming, the use of security cameras in the workplace is typically considered acceptable.

Should Employers Monitor Keystrokes?

The monitoring and capturing of individual keystrokes is not recommended due to the privacy and security risks of doing so.

Since keylogging software captures the exact keys that are pressed by an employee it will capture sensitive information such as passwords and private messages. 

Some employee monitoring software will use keyboard inputs to determine whether or not an employee is actively using their computer. This is different from keylogging as the individual keys themselves are not tracked, rather the software detects whether or not the computer is receiving general inputs from the keyboard or mouse.

Keystroke monitoring may also be used to tell an employer how many keystrokes per hour each employee is performing. This may be used as a reference for understanding productivity trends for data entry or live chat customer service roles. In this instance the exact keys pressed do not need to be captured so much as overall employee activity levels.

Should Employers Monitor Their Employees’ Personal Devices?

 Remote Worker with laptop in their lap

Due to the risk of capturing sensitive personal information an employer may be limited in what they can monitor on an employee’s personal device. 

Companies that allow their employees to use their personal devices for work purposes must have a Bring Your Own Device (BYOD) policy that clearly dictates what level of privacy the employee can expect.

The best practice is to provide employees with a company-owned device and have them sign a computer use policy that limits the device to strictly work-related activities. 

This reduces the employee’s privacy expectations as much as possible, though privacy laws may dictate that employees maintain a minimum expectation of privacy.

Best practices for monitoring personal devices

  • Virtualization: Having employees perform work activities within a monitored virtual will mitigate the chances that personal data will be captured.
  • Scheduling: Have the monitoring software deactivate outside of working hours so that employees can freely use their personal devices after work.
  • Remote Access: An employee can remotely access a monitored virtual workspace for work, ensuring that monitoring only takes place when they are connected to the company’s network.

Should Employers Monitor Their Employees’ Internet Activity?

In the majority of cases, an employer has the right to monitor employee internet use so long as they are transparent about the monitoring, the employees have a limited expectation of privacy, and the employer has a legitimate business reason for the monitoring. 

Legitimate business reasons for monitoring internet activity included enforcing company policies, protecting company networks against web-based threats, and ensuring that employees are suitably engaged in their work.

An employer’s right to monitor internet use may be limited in some cases

  • When employees use personal devices for work purposes
  • When employees are permitted to use work devices for personal use

Should Employers Monitor Employees Who Work From Home?

Man sitting on his couch. He is using a laptop and is clearly thinking deeply.

There are a significant number of factors that may limit an employer’s right to monitor employees who work from home.

Even when remote employees use work-provided devices, the personal nature of a home work environment may heighten an employee’s sensitivity to being monitored. 

In jurisdictions where the employer is legally allowed to monitor their employees they may want to consider rereviewing their employee monitoring policy with the employee before they start working from home.

An employer’s right to monitor teleworkers may be limited in some cases

  • When employees use personal devices for work purposes
  • When employees are permitted to use work devices for personal use

Should Employers Monitor Their Employees’ Emails?

A man's hand draws outlines of email envelopes. Blue background

Email monitoring is commonly used as a cybersecurity measure to protect against business email compromise (BEC). It also has applications in user activity monitoring, such as when the total number of outgoing and incoming emails are measured.

In some jurisdictions (such as Germany) any employer’s right to monitor employee emails is restricted, especially when employees are permitted to access their personal email accounts on company-owned devices.

Types of email monitoring

  • Data loss prevention tools that scan emails and attachments for sensitive information
  • Secure email gateways (SEG) that filter out spam, phishing attacks, malware or fraudulent content
  • Keyword monitoring that scans emails for inappropriate, high-risk, or offensive language

Should Employers Monitor Computer Screens?

The use of screenshot monitoring software must be carefully planned out to avoid capturing sensitive information. This includes regulated forms of data such as Electronic Health Records (EHR) and personal information such as banking details. 

From an ethics and employee productivity perspective an employee may experience heightened levels of anxiety if they believe they are being actively watched in real time. 

Due to the security and privacy risks of continuous automated monitoring of employee computer screens this practice should be restricted or implemented carefully.

Should Employers Monitor Their Employees’ Social Media Activity?

Organizations with public-facing employees may consider monitoring the social media activity of their employees. In some cases, they may even use a prospective employee’s publicly available social media presence as part of pre-employment background checks

This practice goes beyond simply ensuring that employees aren’t using social media while at work; it aims to monitor the exact messages that employees post on their personal accounts. While this is typically limited to publicly available information, some employers go so far as to require that employees supply their social media login information. 

The goal of monitoring employee social media activity is to protect the company’s reputation against the personal views of its employees. The extent to which the employer can and will monitor depends on the resources available to them, their motives for doing so, and any legislative restrictions.

Should Employers Track Time Spent Working?

Employee time tracking is perfectly legal. Employee labour laws may even require employers to monitor employee working hours to ensure that their employees are not working excessively long hours.

Examples of employee time tracking:

  • Tracking the time spent on tasks to support billing and project management
  • Timesheets and attendance software that track the start and end of an employee’s shift
A group of three lawyers in formal attire

Generally speaking, yes. but there are limitations.

Even in jurisdictions where employers are allowed to use a computer activity tracker to monitor their employees, there are limitations as to what can and cannot be monitored.

When determining how employee monitoring will be used in your organization it is important to understand the potential privacy implications for your employees and what factors influence your right to monitor employee computer activity.

For example, organizations that are subject to GDPR are required to use a Data Protection Impact Assessment (DPIA) that evaluates their proposed solution against the potential impacts it may have on employee privacy.

Legal factors that influence employee monitoring

  • Jurisdiction: Employee monitoring laws vary depending on where the employer and the employee reside. A catch-all approach may not be suitable for a multinational company.
  • Union Agreements: Independent agreements with unions and other workers’ rights organizations may include limitations about what employers can track and how data will be used when monitoring employees.
  • Proportionality: Different forms of monitoring may be restricted based on potential privacy impacts. For example monitoring individual keystrokes is more invasive than monitoring web browsing history as keystroke monitoring has a greater risk of capturing sensitive personal information such as passwords.
  • Expectation of Privacy: Employees have a greater expectation of privacy on their personal devices. Monitoring laws may even go so far as to restrict the degree of monitoring that can take place when employees use business equipment for personal use.
  • Company Policies: Has the company made a legitimate effort to inform employees that they are being monitored? Are employees clear about whether or not they have a reasonable expectation of privacy on workplace equipment?

When it comes to determining how to legally monitor your employees, the best practice is to consult with a legal professional. Employee monitoring laws vary considerably and as the world becomes more aware of data privacy there will be new laws and regulations to consider. 

To best prepare for business continuity you should operate under the assumption that legislation that is substantially similar to GDPR, CCPA, and CPRA will impact your business in the future. Implementing measures that allow you to monitor employees while respecting data privacy legislation now will allow you to adjust to future data privacy laws with greater ease.

Disclaimer: The contents of this article are provided by CurrentWare Inc. for informational purposes only. The information shared in this article does not constitute legal advice or consultation from CurrentWare. Consult with a legal professional prior to the implementation of any policy, technology, or related resource in your organization.

Employee Monitoring Laws in the United States

At a federal level, employee monitoring in the U.S. is generally legal and largely unregulated. However, individual states have created their own privacy legislation that has implications for U.S. businesses that want to monitor employees in the workplace.

For example, each state in the U.S. has its own rules on how many parties need to consent to the recording of phone conversations. In a one-party state the recording is legal so long as one of the parties consents to the recording. In a two-party consent state such as California both parties need to consent to the recording.

United States privacy laws

Electronic Communications Privacy Act (ECPA)

The following information comes from the U.S. Department of Justice website

The Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act are commonly referred together as the Electronic Communications Privacy Act (ECPA) of 1986. 

The ECPA, as amended, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically.

The ECPA includes a business exception that allows employers to intercept communications on systems provided by the employer, and when it is done in the “ordinary course of business”. 

California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

Considered to be the “toughest data privacy law in the United States”, the California Consumer Privacy Act (CCPA) originally came into effect on January 1st, 2020, only a year and a half after it was passed.  

Since it’s passing the CCPA has received multiple amendments, the most notable of which being The California Privacy Rights and Enforcement Act of 2020 (CPRA). 

The CPRA is expected to become operational on January 1, 2023. The CPRA will still allow for the monitoring of employee computer activity, however under the CPRA employees will be granted the same protections from their employers that were guaranteed to consumers under the CCPA. 

General CCPA/CPRA principles

  • The right to access, delete, or opt-out of the sale of personal information, including data collected by employee monitoring software
  • Employers that collect employee computer activity data must develop systems that allow the deletion of this data on the request of their employees. 
  • Employees will be granted the right to know where, when, and why their employees are using their personally identifiable data. 

For more information regarding the differences between the CCPA and the CPRA, visit this article by Manatt.

Employee Monitoring Laws in Canada

A Canadian flag waves in the wind, overlooking a tree-laden mountain landscape

The Office of the Privacy Commissioner of Canada (OPC) provides guidance on privacy laws in Canada. The following excerpts come directly from various articles on the website for the OPC, https://www.priv.gc.ca/

The core laws that govern privacy rights in Canada include

These Canadian privacy laws are not specific to an employer’s right to monitor employees in the workplace, however, the OPC does provide an article regarding privacy in the workplace for Canadians.

General principles for monitoring employees in Canada

  • The employer should say what personal information it collects from employees, why it collects it, and what it does with it.
  • Collection, use, or disclosure of personal information should normally be done only with an employee’s knowledge and consent.
  • The employer should only collect personal information that’s necessary for its stated purpose, and collect it by fair and lawful means.
  • The employer should normally use or disclose personal information only for the purposes that it collected it for, and keep it only as long as it’s needed for those purposes, unless it has the employee’s consent to do something else with it, or is legally required to use or disclose it for other purposes.
  • Employees’ personal information needs to be accurate, complete, and up-to-date.
  • Employees should be able to access their personal information, and be able to challenge the accuracy and completeness of it.

The Privacy Act

The Privacy Act is a Canadian privacy law that applies to employee information in federal government institutions that are listed in the Privacy Act Schedule of Institutions. It applies to all of the personal information that the federal government collects, uses, and discloses. This includes personal information about federal employees, however it does not apply to political parties and political representatives.

PIPEDA

PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of a commercial activity. Federally regulated organizations that conduct business in Canada are always subject to PIPEDA

Organizations covered by PIPEDA must generally obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy.

Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, they must obtain consent again. Personal information must be protected by appropriate safeguards.

Employee Monitoring Laws in Europe

Flag of the European Union

The most prevalent data privacy law in Europe is the General Data Protection Regulation (GDPR)

GDPR not only applies to businesses in the EU, it also includes any companies with employees that reside there. While there are other privacy laws throughout the European Union (EU), they are substantially similar to GDPR, though member states are permitted to enact more stringent legislation.

General GDPR principles

  • Personal data must be processed lawfully, fairly and transparently. 
  • Personal data must only be collected for explicitly specified and legitimate purposes. 
  • Personal data must not be further processed in a way that deviates from the purposes for which it was collected
  • The data must be adequate, relevant and limited to what is necessary for the stated purposes.
  • Data Protection Impact Assessments (DPIAs) must be carried out when a type of data processing (such as employee monitoring) is likely to result in a high risk to the rights and freedoms of an individual.

Conclusion & Further Reading

When deciding whether or not to monitor employees in the workplace it is essential to understand any privacy laws, union agreements, employee concerns, and other factors that may limit an employer’s right to monitor their employees.

Even when it is legal to do so, an employer should factor in the pros and cons of employee monitoring so they can address any privacy, security, ethics, and workplace culture concerns that their employees may have.

The best practice is to monitor employees in a way that is transparent, minimally invasive, and respectful of autonomy and privacy. This will increase employee buy-in and help to ensure that workplace monitoring is ethical, lawful, and reasonable.


Ready to start monitoring employees in the workplace? Get a free trial of CurrentWare’s employee and computer monitoring software suite. Track internet activity, application usage, USB activities, and more – free for 14 days.


Further reading

Dale Strickland
Dale Strickland
Dale Strickland is a Marketing Coordinator for CurrentWare, a global provider of endpoint security and employee monitoring software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.