Employee monitoring is not without its risks. Before implementing employee monitoring software you must first evaluate the pros and cons of employee monitoring to see if it’s the right choice for your company. This article will outline the advantages and disadvantages of monitoring employees to help you make an informed decision.Table of Contents
Employee monitoring is a form of workplace surveillance where employers collect data regarding their employees activities. The most common forms of employee monitoring are internet usage monitoring, location tracking, and computer activity monitoring. According to a Spiceworks survey 91% of organizations monitor employees in some way.
Before evaluating the pros and cons of employee monitoring, it’s important to understand the various forms that it can come in. The laws, regulations, and perceptions of monitoring will be heavily influenced by the type of monitoring used and the reasons for its use.
The 2007 Electronic Monitoring & Surveillance Survey from the American Management Association (AMA) found that 66% of employers monitor employee internet use. 65% of those surveyed also use web filtering software to block websites. Employers primarily monitor and restrict internet access to prevent employees from accessing inappropriate websites.
Why do employers monitor employee web activity?
43% of employers in the American Management Association report monitor the email activity of their employees. Email monitoring is typically done with automated tools that scan for keywords, though 40% of the employers in the report stated they use manual email monitoring methods.
Why do employers monitor employee emails?
GPS and other forms of location tracking are a niche form of employee monitoring that is not as widely used as computer usage tracking. The use of location tracking is often reserved for roles where frequent travel is required. Employers will often use location tracking on company-provided vehicles and mobile devices.
Why do employers use GPS tracking?
Keylogging (keystroke logging) is a highly controversial employee monitoring practice. Keyloggers track the individual keyboard inputs of employees and save that data for review. Keyloggers may be hardware or software based.
As these tools capture individual keystrokes they pose significant security and privacy concerns. They are likely to capture sensitive information including passwords, credit card details, and other sensitive data.
Storing sensitive data within the database of a keylogger is dangerous as unauthorized users or hackers could potentially access that data. For this reason, they are rarely used.
Why do employers use keyloggers?
Video surveillance is commonly performed through closed-circuit television (CCTV) systems. These technologies are commonly used as security systems rather than for measuring productivity. It is common for companies that interact with the public to use video surveillance in locations where there are concerns surrounding the security of employees and theft of company assets.
Why do employers use video surveillance?
Employee telephone monitoring is most often used to monitor the performance of phone-based customer support roles. Calls are often recorded to investigate complaints, assist in employee training, and ensure that employees are adhering to the quality standards of the organization.
Why do employers monitor telephone calls?
Data loss prevention (DLP) software monitors employee computer activity to prevent data breaches. These software tools monitor, detect, and block actions that put sensitive data at risk.
Examples of DLP monitoring
Employee time tracking tools are used to monitor the hours that employees work. These tools are typically used to maintain compliance with labour laws, track billable hours, and ensure that employees are working sufficient hours.
Examples of employee time tracking
Screenshot monitoring software monitors employee computer activity by capturing screenshots of their desktops. These tools will take screenshots at set intervals, when specific actions occur on the employee’s computer, or when an operator manually captures a screenshot.
Examples of screenshot monitoring
The top reasons for monitoring employees in the workplace
While employee productivity management is a use-case for monitoring software, it is only one of many reasons for monitoring employees in the workplace.
According to a 2017 Spiceworks survey of IT professionals the most common reasons that their employers monitor employees is to protect against malware and phishing scams, to prevent unacceptable user behavior, to prevent users from visiting inappropriate websites, for liability management/compliance purposes, and to protect sensitive information.
This section will overview the advantages of monitoring employees and provide examples of how employee monitoring is used by businesses.
Overall, the greatest pro of employee monitoring is the level of visibility it provides into employee work habits. As previously mentioned these insights provide data that is used to improve operational efficiency, legal compliance, and security in businesses.
At its core, time theft occurs when an employee accepts payment for work or time they did not actually complete. Time theft comes in a range of degrees of severity, from employees mismanaging their allocated break times all that way up to intentionally fraudulent claims.
Examples of Time Theft
Employee monitoring improves the accuracy of employee time tracking by providing another source of data that can be used to verify employee activity.
For example, in most cases a data entry employee that clocks in at the start of the work day will reasonably be expected to be working on their computers shortly after.
If an anomalous and excessive period of inactivity is found throughout the workday for such an employee it may be a sign that the employee is engaging in time theft.
Gallup estimates that actively disengaged employees cost the U.S. between $483 billion to $605 billion each year in lost productivity. One of the pros of using employee monitoring software is gaining the ability to detect early warning signs of disengagement such as excessive unproductive web browsing.
How employee monitoring is used for to improve productivity
Computer monitoring software is used to ensure that employees are using company systems safely and handling data in a way that is compliant with the company’s security policies.
This includes data loss prevention tools that audit file transfers to portable storage devices and internet monitoring software that tracks the websites visited by employees.
How employee monitoring improves data security
Employers need to ensure that their employees are behaving in an appropriate and professional manner. Allowing employees to engage in unsavory actions on workplace computers is a significant contributor to a hostile work environment.
Having a formal computer use policy is an essential first step for communicating expectations to employees, but it’s not the full solution. Employee monitoring software is a valuable tool for enforcing policies as it can alert HR and management to computer policy violations such as visits to adult-oriented sites.
How employee monitoring helps enforce policies
The Software Usage and Waste Report 2016 report from 1E found that as much as 38% of enterprise software is underutilized or simply not being used at all. This total cost of underutilized software to these businesses is estimated to be $34 billion per year.
How employee monitoring helps reduces software waste
The greatest cons of employee monitoring relate to the potential impacts on employee privacy, workplace culture, and morale.
As the spectrum of what is considered “employee monitoring” varies widely, the cons of monitoring will vary depending on employee perceptions, the invasiveness of the chosen monitoring methods, and how the employee’s data is used.
In today’s privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy.
They need to carefully balance the demands of organizational productivity, employee privacy, and regulatory compliance requirements surrounding the storage, use, and protection of their employee’s data.
One of the cons of employee monitoring software is that potentially sensitive personal data may be captured. If employees doubt whether or not their data is adequately protected from misuse there is a legitimate concern that an employee’s web browsing history can be unfairly used against them.
To mitigate against this you must have your employees sign an employee monitoring policy that outlines what data will be captured, who will have access to it, and how their data will be used.
The most common employee privacy concerns
Free White Paper
Employee Monitoring: Best Practices for Balancing Productivity, Security, and Privacy
In today's privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. Read this white paper to learn the best practices for monitoring employees in the workplace.
When monitoring employees in the workplace it is essential that you are in compliance with any laws or regulations that pertain to an employee’s privacy rights in the workplace.
When it comes to what you are allowed to monitor, many believe that if an employee is using company equipment, on company time, and getting paid by the company, that the company has every right to monitor their equipment and what the employee is doing with it.
While in the majority of cases a company can monitor their employees so long as they have a legitimate business reason for doing so, it’s not always that simple. A variety of factors influence what employers can and cannot monitor.
Legal factors that influence an employer’s right to monitor
In 2020 the clothing store H&M received a €35.3m ($41.3m USD) fine for invasive employee monitoring practices.
H&M received the fine due to non-compliance with the General Data Protection Regulation (GDPR), a data protection and privacy legislation that protects data subjects in the European Union (EU) and the European Economic Area (EEA).
Why was H&M’s monitoring considered invasive?
Managers at H&M collected sensitive personal information through extensive employee surveys and even notes from informal conversations.
The data included how staff conducted their holidays, medical symptoms, diagnoses for illnesses, family issues, and personal religious beliefs. That data was then made available to up to 50 managers who used that data to make employment related decisions.
Since this collection was excessively invasive and collected data that was beyond any legitimate business need, the Data Protection Authority of Hamburg (HmbBfDI) opted to issue the fine.
Another con of employee monitoring is that some forms of monitoring can have a negative impact on employee morale. Employee perceptions of monitoring may also contribute to added stress that affects work performance.
Providing employees with autonomy is essential for maintaining morale. If employee monitoring is used to micromanage employees and punish them for minor infractions they will feel like they are being unfairly treated.
When using employee monitoring software it’s important to avoid reducing human employees to mere numbers. Workforce analytics tools are excellent at capturing quantitative data, but they cannot reliably track qualitative data.
Even if that is not the intention of the employer, a lack of communication and transparency can cause these sentiments to form.
That’s why it is critical that the deployment of employee monitoring software is done with the input of a representative sample of employees. Involving employees in the planning process gives business leaders the opportunity to proactively address any privacy or management concerns before any monitoring takes place.
Employers must also do all they can to clearly communicate their intended use of employee data, especially if that data will be used to make any sort of judgement on employee performance.
How employee monitoring software can harm employee morale
Many data privacy laws require that data collection is performed for a specific purpose. This is a preventative measure to ensure that the informed consent provided by the data subjects (the employees) is respected during collection, processing, and use.
A successful employee monitoring strategy requires a clear understanding of the company’s goals and how the data collected will be used to meet them. If employee data is collected under one stated purpose and used for another it can lead to data privacy compliance violations and severe impacts on employee morale.
Employee monitoring data must also be treated as sensitive and protected accordingly. This includes limiting who can access the data, restricting the use of the data to its intended purpose, and implementing necessary safeguards.
The risk that an employee’s data could be leaked to an unauthorized third party may contribute to an employee’s hesitation to be monitored in the workplace.
The risks of misuse or breach of employee data
Another con of employee monitoring is the cost of purchasing, deploying, and managing the solution.
Monitoring employee computer activity generates a large volume of data. Actively reviewing employee reports may be viable for a small business but it is not scalable, nor is it an efficient use of time for most use cases.
For this reason, the majority of organizations will not actively examine each employee. Instead, they will limit auditing to an as-needed basis or when the software alerts them to specific activities that they are monitoring for.
Alerts are typically set for high-risk activities such as anomalous file transfers, attempts to visit inappropriate sites, or the use of unauthorized portable storage devices.
The costs of monitoring employees
The exact pros and cons of employee monitoring will depend on the methods used to monitor employees. The perceived invasiveness, legal requirements, and potential impact will vary heavily based on what data is collected, how it is used, and the context of the employee’s work.
When deciding what to monitor, an employer must consider employee monitoring from both a legal and ethical standpoint. Though not all jurisdictions will have privacy laws that limit an employers right to monitor, they should abide by these general principles.
Want to learn more about the best practices for monitoring employees in the workplace? Download our white paper Workplace Privacy and Employee Monitoring: Best Practices for Balancing Productivity, Security, and Privacy
Moving agencies, delivery services, and taxi services use GPS monitoring to track the location of vehicles, optimize routes, and ensure that drivers are in compliance with traffic safety regulations.
Unless an employer has a legitimate business reason to continuously monitor the location of their employees, GPS monitoring is highly likely to be too invasive to justify its use.
There are reasonable exceptions for tracking company-owned assets that employees use such as GPS tracking on company vehicles and monitoring the location of mobile devices through a mobile device manager (MDM).
From an ethical standpoint there may be concerns if employees are permitted to use these devices for personal use. Extensively monitoring the whereabouts of employees when they are not at work is highly likely to raise privacy concerns among employees.
When many employees were forced to work from home during COVID-19, it surfaced a wide swath of unconventional monitoring methods such as forcing employees to have pictures of them taken from their webcams throughout the entirety of their shift.
Going beyond this, there are forms of computer spy software that can be secretly installed on employee computers to allow managers to view employees through their webcams and capture audio inputs/outputs.
Even with prior consent this highly invasive form of employee surveillance is illegal in the majority of cases as it can capture intimate personal details, especially when employees work from home.
When employees work from home they do not necessarily have full control over what enters the field-of-view of their webcams, which risks the filming of nonconsenting subjects – including minors.
Recording private communications without the consent of those speaking is also highly likely to be considered a criminal offense. These offenses generally fall under some form of wiretapping laws.
Security cameras are an exception. This form of video surveillance involves hardware that is installed on-premises for security and liability purposes. As long as there is a legitimate business reason to film, private areas are not being filmed, and employees are informed about the filming, the use of security cameras in the workplace is typically considered acceptable.
The monitoring and capturing of individual keystrokes is not recommended due to the privacy and security risks of doing so.
Since keylogging software captures the exact keys that are pressed by an employee it will capture sensitive information such as passwords and private messages.
Some employee monitoring software will use keyboard inputs to determine whether or not an employee is actively using their computer. This is different from keylogging as the individual keys themselves are not tracked, rather the software detects whether or not the computer is receiving general inputs from the keyboard or mouse.
Keystroke monitoring may also be used to tell an employer how many keystrokes per hour each employee is performing. This may be used as a reference for understanding productivity trends for data entry or live chat customer service roles. In this instance the exact keys pressed do not need to be captured so much as overall employee activity levels.
Due to the risk of capturing sensitive personal information an employer may be limited in what they can monitor on an employee’s personal device.
Companies that allow their employees to use their personal devices for work purposes must have a Bring Your Own Device (BYOD) policy that clearly dictates what level of privacy the employee can expect.
The best practice is to provide employees with a company-owned device and have them sign a computer use policy that limits the device to strictly work-related activities.
This reduces the employee’s privacy expectations as much as possible, though privacy laws may dictate that employees maintain a minimum expectation of privacy.
Best practices for monitoring personal devices
In the majority of cases, an employer has the right to monitor employee internet use so long as they are transparent about the monitoring, the employees have a limited expectation of privacy, and the employer has a legitimate business reason for the monitoring.
Legitimate business reasons for monitoring internet activity included enforcing company policies, protecting company networks against web-based threats, and ensuring that employees are suitably engaged in their work.
An employer’s right to monitor internet use may be limited in some cases
There are a significant number of factors that may limit an employer’s right to monitor employees who work from home.
Even when remote employees use work-provided devices, the personal nature of a home work environment may heighten an employee’s sensitivity to being monitored.
In jurisdictions where the employer is legally allowed to monitor their employees they may want to consider rereviewing their employee monitoring policy with the employee before they start working from home.
An employer’s right to monitor teleworkers may be limited in some cases
Email monitoring is commonly used as a cybersecurity measure to protect against business email compromise (BEC). It also has applications in user activity monitoring, such as when the total number of outgoing and incoming emails are measured.
In some jurisdictions (such as Germany) any employer’s right to monitor employee emails is restricted, especially when employees are permitted to access their personal email accounts on company-owned devices.
Types of email monitoring
The use of screenshot monitoring software must be carefully planned out to avoid capturing sensitive information. This includes regulated forms of data such as Electronic Health Records (EHR) and personal information such as banking details.
From an ethics and employee productivity perspective an employee may experience heightened levels of anxiety if they believe they are being actively watched in real time.
Due to the security and privacy risks of continuous automated monitoring of employee computer screens this practice should be restricted or implemented carefully.
Organizations with public-facing employees may consider monitoring the social media activity of their employees. In some cases, they may even use a prospective employee’s publicly available social media presence as part of pre-employment background checks
This practice goes beyond simply ensuring that employees aren’t using social media while at work; it aims to monitor the exact messages that employees post on their personal accounts. While this is typically limited to publicly available information, some employers go so far as to require that employees supply their social media login information.
The goal of monitoring employee social media activity is to protect the company’s reputation against the personal views of its employees. The extent to which the employer can and will monitor depends on the resources available to them, their motives for doing so, and any legislative restrictions.
Employee time tracking is perfectly legal. Employee labour laws may even require employers to monitor employee working hours to ensure that their employees are not working excessively long hours.
Examples of employee time tracking:
Generally speaking, yes. but there are limitations.
Even in jurisdictions where employers are allowed to use a computer activity tracker to monitor their employees, there are limitations as to what can and cannot be monitored.
When determining how employee monitoring will be used in your organization it is important to understand the potential privacy implications for your employees and what factors influence your right to monitor employee computer activity.
For example, organizations that are subject to GDPR are required to use a Data Protection Impact Assessment (DPIA) that evaluates their proposed solution against the potential impacts it may have on employee privacy.
Legal factors that influence employee monitoring
When it comes to determining how to legally monitor your employees, the best practice is to consult with a legal professional. Employee monitoring laws vary considerably and as the world becomes more aware of data privacy there will be new laws and regulations to consider.
To best prepare for business continuity you should operate under the assumption that legislation that is substantially similar to GDPR, CCPA, and CPRA will impact your business in the future. Implementing measures that allow you to monitor employees while respecting data privacy legislation now will allow you to adjust to future data privacy laws with greater ease.
Disclaimer: The contents of this article are provided by CurrentWare Inc. for informational purposes only. The information shared in this article does not constitute legal advice or consultation from CurrentWare. Consult with a legal professional prior to the implementation of any policy, technology, or related resource in your organization.
At a federal level, employee monitoring in the U.S. is generally legal and largely unregulated. However, individual states have created their own privacy legislation that has implications for U.S. businesses that want to monitor employees in the workplace.
For example, each state in the U.S. has its own rules on how many parties need to consent to the recording of phone conversations. In a one-party state the recording is legal so long as one of the parties consents to the recording. In a two-party consent state such as California both parties need to consent to the recording.
United States privacy laws
The following information comes from the U.S. Department of Justice website
The Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act are commonly referred together as the Electronic Communications Privacy Act (ECPA) of 1986.
The ECPA, as amended, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically.
The ECPA includes a business exception that allows employers to intercept communications on systems provided by the employer, and when it is done in the “ordinary course of business”.
Considered to be the “toughest data privacy law in the United States”, the California Consumer Privacy Act (CCPA) originally came into effect on January 1st, 2020, only a year and a half after it was passed.
Since it’s passing the CCPA has received multiple amendments, the most notable of which being The California Privacy Rights and Enforcement Act of 2020 (CPRA).
The CPRA is expected to become operational on January 1, 2023. The CPRA will still allow for the monitoring of employee computer activity, however under the CPRA employees will be granted the same protections from their employers that were guaranteed to consumers under the CCPA.
General CCPA/CPRA principles
For more information regarding the differences between the CCPA and the CPRA, visit this article by Manatt.
The Office of the Privacy Commissioner of Canada (OPC) provides guidance on privacy laws in Canada. The following excerpts come directly from various articles on the website for the OPC, https://www.priv.gc.ca/
The core laws that govern privacy rights in Canada include
These Canadian privacy laws are not specific to an employer’s right to monitor employees in the workplace, however, the OPC does provide an article regarding privacy in the workplace for Canadians.
General principles for monitoring employees in Canada
The Privacy Act is a Canadian privacy law that applies to employee information in federal government institutions that are listed in the Privacy Act Schedule of Institutions. It applies to all of the personal information that the federal government collects, uses, and discloses. This includes personal information about federal employees, however it does not apply to political parties and political representatives.
PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of a commercial activity. Federally regulated organizations that conduct business in Canada are always subject to PIPEDA
Organizations covered by PIPEDA must generally obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy.
Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, they must obtain consent again. Personal information must be protected by appropriate safeguards.
The most prevalent data privacy law in Europe is the General Data Protection Regulation (GDPR).
GDPR not only applies to businesses in the EU, it also includes any companies with employees that reside there. While there are other privacy laws throughout the European Union (EU), they are substantially similar to GDPR, though member states are permitted to enact more stringent legislation.
General GDPR principles
When deciding whether or not to monitor employees in the workplace it is essential to understand any privacy laws, union agreements, employee concerns, and other factors that may limit an employer’s right to monitor their employees.
Even when it is legal to do so, an employer should factor in the pros and cons of employee monitoring so they can address any privacy, security, ethics, and workplace culture concerns that their employees may have.
The best practice is to monitor employees in a way that is transparent, minimally invasive, and respectful of autonomy and privacy. This will increase employee buy-in and help to ensure that workplace monitoring is ethical, lawful, and reasonable.
Ready to start monitoring employees in the workplace? Get a free trial of CurrentWare’s employee and computer monitoring software suite. Track internet activity, application usage, USB activities, and more – free for 14 days.