Workplace Privacy vs Employee Monitoring—What Are Your Rights?

workplace privacy—what are your rights?

According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.

But with data privacy legislation such as Europe’s General Data Protection Regulation (GDPR) and The California Privacy Rights and Enforcement Act (CPRA) in effect, the rights of employers to monitor employees in the workplace aren’t anywhere near as carte-blanche as they used to be.

In this article, I will outline the legal considerations that employers must have when monitoring employees, the best practices for workplace monitoring, and the workplace privacy rights that employees have.

screenshot of a workplace monitoring policy template

Workplace Monitoring
Policy Template

  • Disclose your company’s intent to monitor employees in the workplace
  • Set workplace privacy expectations for employees
  • Meet transparency requirements for compliance with privacy laws

Get started today—Download the FREE template and customize it to fit the needs of your organization.

Disclaimer: The contents of this article convey general information only and should not be construed as legal advice. CurrentWare advises consultation with legal professionals for advice and opinions on legal issues that pertain to your business.

Table of Contents



What Rights Do Employers Have to Monitor Their Employees?

Generally speaking, an employer will have the right to monitor employees that are using company equipment so long as the following are true.

  • Transparency: The employer’s workplace monitoring policies are sufficiently transparent about the intended use of workplace surveillance systems, how employee data will be used, who will have access to their data, and the activities that will be tracked.
  • Purpose Limitation: Employee data is only collected and used for specific and legitimate business purposes and is not retained for longer than is necessary for the purposes in which it was collected.
  • Proportionality: The workplace surveillance methods used to monitor employee activity are as minimally invasive as possible for the business’s legitimate interests.
  • Security: The employer implements reasonable security measures to protect employee data from misuse and unauthorized access.
  • Other Laws: The employer’s right to monitor is not otherwise limited by collective bargaining agreements or laws that are specific to their jurisdiction.

As the data privacy landscape continues to evolve, following these guiding principles will help organizations stay compliant with workplace privacy laws and regulations. 


Ready to start monitoring employee computer activity? Get started today with a FREE trial of the CurrentWare Suite.


Examples of Lawful Data Collection

Note: What is considered lawful employee data collection will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to.

Collecting Employee Computer Usage Data with Monitoring Software

BrowseReporter user activity monitoring software from CurrentWare

In the vast majority of cases, employees that are using company equipment should not expect their computer activity to be private. 

This includes internet browsing (social media activity, time spent browsing, web search history, etc), application usage, interactions with company files and systems, and idle/active time. 

One potential exemption: Allowing incidental personal use of work-issued computers reinforces an expectation of privacy. For this reason, many companies opt to formally disallow the use of their computers for any personal act.

Email Monitoring in the Workplace

Yellow email letters flying out of a laptop computer.

Generally speaking, employer email monitoring is permitted so long as employees are informed that their work email is strictly for work purposes and thus subject to monitoring.

While the Electronic Communications Privacy Act does extend protections to include email messages, cell phones, and other electronic communications, it does allow for a “legitimate business purposes” exception that protects how the majority of businesses use email monitoring systems.

That said, the topic of email privacy in the workplace is not so clearcut. 

One area that is highly contended is the use of employee monitoring systems that track electronic communications such as instant messages and private emails. 

While employers typically have the right to archive emails sent via company-owned accounts, the same may not be true when employees send emails from their non-work accounts.

As a general best practice, employees should be thoroughly educated on what electronic communications can be tracked and provided with an acceptable internet use policy that prohibits using business technology for private activities. These tools will help establish employee privacy expectations when using company computers.

What Is Considered Illegal Workplace Surveillance?

Note: What is considered illegal workplace surveillance will vary depending on the jurisdiction of your company, individual expectations, and any collective bargaining agreements your company is expected to adhere to.

Certain Forms of Video Surveillance

A wall of multiple security cameras pointed at two people

Video Surveillance” refers to surveillance through a camera that monitors or records visual images of activities on company-owned property. 

Video surveillance equipment is used on company premises to ensure that employees, patrons, and company-owned assets are kept secure from theft, vandalism, violence, and other forms of misconduct. Should unlawful activity be discovered, the recordings captured by video surveillance equipment will be used to the fullest extent of the law—including the possibility of disclosure to authorized third parties.

While video surveillance is typically permitted for these purposes, there are instances where companies are not permitted to use video recordings.

  • When video surveillance includes the capture of audio it may run afoul of wiretapping laws.
  • A video capture system cannot be used in private areas such as bathrooms and changing rooms
  • Using hidden cameras without adequate disclosure to employees; employers are typically expected to provide notices that inform employees of cameras in the workplace.
  • Video surveillance may infringe upon a worker’s right to privacy if cameras are used to target a specific employee or group of employees without a legal obligation to do so.

Monitoring Personal Phone Calls

Employee telephone monitoring is most often used to monitor the performance of phone-based customer support roles. Calls are often recorded to investigate complaints, assist in employee training, and ensure that employees are adhering to the quality and behavior standards of the organization.

Organizations that use a call monitoring system should notify their employees that they will be recorded and ensure that their employees are explicitly told not to conduct personal conversations on business phones.

But even for those organizations with clear monitoring policies in place, as soon as a phone call is found to be personal in nature they are typically obligated by law to cease their monitoring of the call. 

Monitoring Employee-Owned Devices & Activities

Cybersecurity Risks of Remote Workers

The COVID-19 pandemic has skyrocketed the demand for employees to use their own devices for work purposes. From an ethical and legal standpoint employers are generally not permitted to monitor the activity of their employees’ private devices.

If a company wishes to use monitoring software on private devices, they must get explicit informed consent from each employee, limit how much monitoring is taking place, and consider using thin-client architecture or containerization to reduce the number of personal activities captured by the electronic monitoring systems. 

Using Employee Monitoring Software to Spy on Employees

Computer Spy, Shadowy Figure with digital background

From an ethical standpoint, the use of employee monitoring software may conflict with the privacy desires of employees. When employee monitoring software is used it collects both work-related activities and personal information such as sensitive internet search history. 

If a business uses this potentially sensitive information in a context that far exceeds the context the employee originally consented to, it may be considered unlawful employee monitoring. 

Do Employees Have a Reasonable Expectation of Privacy in the Workplace?

Employers have a legitimate interest in using employee monitoring tools in the workplace for productivity, security, and the protection of business interests. While the law generally allows for such monitoring, there are instances where employees may have a reasonable expectation of privacy in the workplace.

Factors That Influence Employee Privacy Expectations

Company & Cultural Norms

A group of employees reviewing reports

Employees that work for companies that have a culture of privacy will naturally expect that their employer will limit what they track. 

In addition, workplace privacy expectations will vary based on the cultural background of each team member—for example, the majority of the United States is laxer in employee privacy laws than Europe. This may result in differences in culturally engrained views of privacy.

Company Policies & Transparency

Workplace monitoring policy template

When a business emphasizes transparency about what is being monitored, why it’s being monitored, and how it’s being monitored it helps employees understand the privacy expectations they should have at work.

When a business fails to be transparent with their workers they risk having them believe that their computer activities are private. 

By being forthcoming about the data logging methods used employees will understand that they should limit their non-work-related computer usage to activities that they are comfortable having reviewed for the protection and performance of the business.

Device Ownership

young employee in a business suit working on a laptop

In the vast majority of cases, using tracking tools on employee-owned devices will run afoul of workplace privacy laws. Employees that use their own devices for work-related tasks will reasonably expect that off-the-clock behavior on their computers will not be subject to tracking.

Employers that wish to allow employees to use personal technology for work purposes (BYOD) will need to limit the tracking that takes place. Any tracking that is done must be clearly outlined in their BYOD policy.

Best Practices When Monitoring Employees in the Workplace

Employee monitoring is an excellent tool for understanding how your workforce operates.

Unfortunately a history of overly-invasive deployments has caused serious concerns among employees, like:

  • Is my employer spying on me?
  • They’re just doing this to find an excuse to fire me
  • If they’re monitoring me, they obviously don’t trust me

This is not what you want your employees to feel. 

In this video I’m going to guide you through the best practices for monitoring employees so you can avoid these mistakes

Intro

Hello and welcome to the CurrentWare YouTube channel. 

My name is Neel Lukka and I am the managing director here at CurrentWare.

After watching this video you can learn more about this topic by reading our new white paper “Employee Monitoring: Best practices for balancing productivity, security and privacy”

You can find the link for that in the description below.

Disclaimer

Before we start, I just want to give a quick disclaimer here. I’m not a lawyer and this is not legal advice. These tips are for informational purposes only. If you want to use employee monitoring software in your company be sure to consult with a legal professional first.

Alright, let’s jump into it…

1) Transparency

First up is the very best tip I can give you.

If you want to succeed, you have to let your employees know that they are being monitored.

Employees that do not know if they are being monitored, why they are being monitored, and how they are being monitored are more likely to have negative reactions to being monitored, like…

  • Having higher rates of stress and anxiety
  • Being less likely to accept being monitored
  • And, ironically, becoming less productive

That’s not to say that transparency is going to negate each and every concern that your employees may have.

But if you start with transparency from the very beginning you have a far better chance of proving to your employees that these tools aren’t being used to spy on them. 

By being transparent you’re also given the chance to hear about their concerns from the start. This lets you work with them to make an employee monitoring strategy that is fair and minimally invasive.

Here are 4 transparency boosting tips:

  1. Involve a representative sample of employees when you start planning your goals and the metrics you want to capture
  2. Tell your employees what metrics are being captured, how they’ll be used, and what is being used to capture them
  3. Have your staff read and sign policies that disclose your intended use of employee monitoring software, and…
  4. Give them access to their own data so they can see exactly what’s being captured. They can even use this data to manage their own productivity, which is a major bonus

2) Don’t Use Employee Monitoring to Micromanage

The second tip I have for you is don’t use employee monitoring to micromanage

One of the reasons that monitoring can be perceived negatively is that it feels like it’s being used to punish employees. They worry that it’s the software equivalent of a micromanaging boss staring over their shoulder while they work, just waiting for them to slip up.

Some employers do monitor internet use to make sure employees aren’t getting carried away, but did you know that so-called “unproductive” internet browsing has actually been found to have a positive impact on productivity?

It’s true! But only if that browsing doesn’t take up more than 12% of their work time.

Employees feel far better about being monitored when they’re given the autonomy to self-manage first. Managers can step in if things are getting carried away or if their employees are visiting clearly inappropriate websites.

3) Don’t Monitor More Than Necessary

The third and final tip I have for you today is to not monitor more than you have to.

Think about it this way – if I told you that I wanted to make sure that employee’s weren’t visiting not safe for work sites, you’d think I was crazy for asking for a direct feed into their webcams. 

The bottom line is this: 

If you can meet your company’s goals with a less invasive method of monitoring, do it that way.

  • Want some backup for your acceptable use policies? You can use internet monitoring software to see what sites are being visited. No need to track individual keystrokes
  • Want to protect data from being stolen? You can monitor the flow of data without recording audio clips of private conversations
  • Want to track the work habits of employees that are working from home? Give them a company-provided device rather than monitoring their personal computers

Video Conclusion

That’s it for now. 

If you want learn more, check out our new white paper “Employee Monitoring: Best practices for balancing productivity, security and privacy”

You can find the link for that in the description below.

If you’d like to try out employee monitoring in your company, visit CurrentWare.com/Download for a free trial of BrowseReporter, CurrentWare’s computer monitoring software.

And as always stay tuned to our YouTube channel for more videos about employee monitoring, cyber security, and CurrentWare’s workforce management software.

Want to start monitoring employees in the workplace? In today’s privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. These tips will reduce impacts on privacy so employers can maximize the benefits of their employee monitoring strategy.

Avoid Sharing Personal Information

Employee monitoring software may track activities that are considered personal or sensitive. An employer that shares personal information with other employees without a legitimate business reason to do so is highly likely to be breaking a law.

Keep Employee Monitoring Data Safe

When monitoring employees in the workplace, employers are accountable for storing, transferring, and processing the data they collect compliantly. Implementing employee data protection technology is crucial for ensuring the confidentiality and integrity of the data.

Employee Monitoring Policies

When running a business, your policies need to be clear, concise, and consistently enforced. 

Hey folks, Dale here from CurrentWare.

In this video I’m going to share with you the best practices for writing and enforcing company policies. I’ll be using an Acceptable Use Policy as an example today but you can apply most of these tips to any other policy you have.

If you’ve not yet written your business’ policies, I’ve provided you with templates for an Internet Use Policy and a Work From Home Policy in the description down below.

Alright, let’s get started

So – what exactly is an Acceptable Use Policy?

An Acceptable Use Policy is a type of information security policy. 

It’s a formal written document that communicates the expectations you have when your employees use company-owned devices and networks.

The goal of an Acceptable Use Policy is to provide guidance to employees, limit liability, and reduce the risks associated with technology in the workplace such as data breaches, hostile workplace behavior, and the abuse of distracting websites or applications

With that in mind let’s talk about what to include in your Acceptable Use Policy.

The template we’ve provided is a fantastic start, but you will need to make some adjustments to ensure that the policy is relevant and accurate to your business environment

Here are some common inclusions you should consider

What is your business’ stance on using company devices for personal use? 

Can employees use your network and equipment for non-work-related web browsing, emails, and phone calls? 

What security responsibilities do your employees have?

Are there any procedures that they are expected to follow such as data handling processes, internet security best practices, or regulatory compliance requirements?

What is your business’ privacy policy?

Will the computer activity of your employees be monitored to improve security and productivity?

And finally, what behaviors are prohibited on company devices?

What is considered inappropriate in your work environment and what are the consequences for non-compliance? Are there any exceptions to your policy such as providing IT admins with elevated privileges or allowing your marketing team to use social media in the workplace?

When it comes to defining standards of behavior in your Acceptable Use Policy, you can simply address important high-level scenarios rather than listing out every single individual action that would be considered “inappropriate”

Outline the most common misuses you are guarding against such as illegal activity, workplace harassment, and other related actions that would be harmful to your business. 

You don’t want to be too broad though. A vague phrase like “Inappropriate use is prohibited” isn’t going to cut it

be sure to provide enough detail to limit ambiguity without going overboard

Also, your Acceptable Use Policy does not necessarily need to cover every possible item in-depth. 

To help keep things concise you can reference other policies that are dedicated to expanding on specific topics such as a Data Loss Prevention policy or a Respect in the Workplace policy

This helps keep your Acceptable Use Policy concise and easier to understand. 

As a bonus, maintaining updates to multiple smaller policies is much more manageable than updating a larger document. 

Next up: Ensure Your Policies Are Understandable

In order for your Acceptable Use Policy to be effective it needs to be easy to understand while also adequately covering the key points. 

Here are some tips for getting this balance just right

Avoid being too specific about the devices your policy covers. You can simply say “resources” or “devices” rather than specifying “phones” or “computers”. 

This makes your policy more concise and limits the chance that an employee will think the policy doesn’t apply to other devices that aren’t explicitly mentioned

Write your Acceptable Use Policy for a general audience. 

Minimize the use of jargon and make sure that any acronyms are adequately explained.

In terms of grammar and word choice, use strong words such as must rather than should.

You should – rather, must also use an active voice rather than a passive voice to lend your rules more authority.

For example, A passive rule would sound like “Passwords should not be shared”

Instead, use a a strong, active voice like “Employees must not share passwords”

If you follow these tips your policies will be easy for your employees to understand, making adherence and enforcement that much easier.

In this last section I’m going to cover how to increase employee awareness and the steps you can take to enforce your company policies


Your policies shouldn’t be a ‘set it and forget it’ measure; they’ll simply be forgotten or ignored that way. 

If you want your policies to be effective, you need to keep their intentions fresh in the minds of your employees.

Here are some tips for increasing employee awareness:

1. Make policy awareness a part of employee onboarding. Make sure that your employees have truly read and understood your policies before they sign it. 

2. Have up-to-date versions of your policies in easily accessible locations such as the company intranet, an employee handbook, or a Human Resource Management System 

3. Place hard copies of your most important policies in employee common areas

 and 4.Review policies with your employees on an annual basis. Collect any feedback they have and take it into consideration the next time you make revisions

So, at this point you have a well-written policy that your employees understand. Now you need a plan to enforce it.

Having a plan for corrective action is a critical component of policy enforcement. Do not create policies that you do not intend to enforce

The inconsistency will just lead to confusion and frustration among your employees. You also run the risk of appearing to be picking favorites or using seldom enforced policies in a discriminatory way

Let’s be clear here – Corrective action is not about punishment.

It’s about making sure your employees understand their responsibilities and that they have the resources they need to get back on track.

Here’s what NOT to do

Do not take away privileges or incentives

Do not force an employee to work extra hours or unfavourable shifts 

And finally, do not humiliate your employees for their ignorance or wrongdoing

Here’s what you should do instead

Designate a member of staff that will be responsible for enforcing the policy and ensure that they understand when and how they are expected to issue corrective actions.

Make sure your employee understands what is wrong, what is expected of them, and what they can do to get back on track

Document any corrective actions that are taken so they can be referred to as needed

Define any consequences for policy violations within the policy itself. 

And finally, make sure that any corrective action you provide is proportional to the severity and intent of the violation

In the case of an Internet Use Policy you can strengthen your enforcement by using a web filter such as BrowseControl to block inappropriate websites 

and you can also use computer monitoring software such as BrowseReporter to get alerts of internet policy violations

That’s it for today. 

If you found these tips helpful be sure to like, subscribe, and hit that notification bell to stay up-to-date with the latest CurrentWare videos.

To get you started on writing your business’ policies we’ve provided you with some free starter templates for a Work From Home policy and an Acceptable Use Policy. You can find links to those in the description down below.

Finally, if you’d like to monitor and restrict employee internet use in your business you can get a free trial of our employee internet management software solutions at CurrentWare.com/download

See you next time!

Note: Employee monitoring policies may reduce, but do not eliminate, the expectation of privacy. While these policies are an integral component of lawful employee monitoring, companies must understand that it does not give them carte blanche in the eyes of the law.

Workplace Privacy & Employee Monitoring FAQ

Question mark on c

Can My Employer Monitor My Personal Computer?

It depends. If your employer allows you to use your personal devices for work purposes they may require you to install corporate applications that could feasibly capture details such as internet browsing, applications used, geolocation, etc. 

That said, from a legal perspective employers are seldom justified in monitoring the computer activity of employee-owned devices. 

Furthermore, under the vast majority of circumstances, an employer will not be justified in secretly monitoring your personal computer. They will be required to notify you through a workplace monitoring policy, acceptable use policy, or similar company policy.

There are times where your personal activity may be logged:

  1. When using employer-owned devices
  2. When using your employer’s WiFi or VPN
  3. When participating in a BYOD program where you consent to the monitoring

As a best practice, you should consider all activity on employer-owned assets to be monitored. If participating in a BYOD program you should use a virtual machine or a container to keep all company software and files separate from your personal activity. 

Can My Employer Give Out My Personal Information Without My Consent?

“The employer should normally use or disclose personal information only for the purposes that it collected it for, and keep it only as long as it’s needed for those purposes, unless it has the employee’s consent to do something else with it, or is legally required to use or disclose it for other purposes.”

Office of the Privacy Commissioner of Canada

“Statutes, both federal and state, place limits on what employee information employers can disclose. For example, the Americans with Disabilities Act requires employers to keep information about an employee’s medical condition separate from the employee’s personnel file and treat it as a confidential medical record.”

Wiley Wheeler, P.C. (USA)

Generally speaking, your employer can only disclose private information about you if the disclosure is required by law or if there is a legitimate business need. 

That said, if you gave your employer consent to collect, process, and store your personal information for a specific purpose they may be justified in sharing it with others—so long as there is a legitimate business reason to do so and the use of your data is compatible with the purpose for which it was originally collected.

Note: Employee privacy and data protection laws will vary depending on your jurisdiction. Please consult with a professional for legal advice.

Is Monitoring Employee Computers Legal?

Yes. According to Workplace Fairness, a California-based non-profit focusing on employee rights, employers can legally monitor nearly everything an employee does at work as long as there is a legitimate business interest that doesn’t outweigh the privacy impacts on the employee.

In the majority of cases, companies are allowed to use software to track how workplace technology is used. The data collected by these tools are used to protect the legitimate business interests of the employer. 

These interests include managing productivity, ensuring the security of networks and data, and tracking the performance of corporate assets.

Can Employers Monitor Employees Who Work From Home?

Yes. Monitoring employees who work from home is a common practice among businesses that want to ensure the productivity and security of their remote workers. In the majority of cases, workers must be notified in advance that their technology usage will be tracked.

The monitoring software used to manage remote workers will track a number of activities including internet browsing (social media browsing, search history, active/idle time), software usage, and bandwidth consumption.

These tools are used to manage job productivity, ensure that each worker is following the company’s rules, and protect business assets against insider threats.

Employees with concerns about being tracked while working from home should consult with their employer or a legal professional.

Do Employers Have to Tell Employees They Are Being Monitored?

It depends. While being transparent about employee monitoring is the recommended best practice, giving notice to employees is not always required.

The majority of jurisdictions require each worker to be made aware of their employer’s intent to monitor. Some jurisdictions with greater rules and laws will further dictate that employees must be made explicitly aware of what data is captured, how it will be used (such as productivity management), and who will have access to it.

As a best practice, you should consider all activity on employer-owned assets to be tracked. 

Conclusion & Further Reading

Companies around the world rely on monitoring worker activity to secure their business, ensure that rules are being followed, and collect data on how software tools are being used in the workplace. 

The best method to address worker privacy concerns is to be as transparent as possible, consult with a representative sample of workers as early as possible, give each worker access to their data, and ensure that the monitoring tools used only track what is relevant to the company’s goals.

Free White Paper

Employee Monitoring: Best Practices for Balancing Productivity, Security, and Privacy

In today's privacy-conscious world employers need to monitor employees in a way that is transparent, minimally invasive, and respectful of employee privacy. Read this white paper to learn the best practices for monitoring employees in the workplace.

Other Resources:

Dale Strickland
Dale Strickland
Dale Strickland is a Marketing Coordinator for CurrentWare, a global provider of endpoint security and employee monitoring software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.