Management, compliance & auditing

What Employers Need to Know About Workplace Monitoring and Employee Privacy

Graeme Messina
July 31, 2018 by
Graeme Messina

Introduction

Businesses are heavily reliant on technology to complete their day-to-day operations, and employees need to use computers, laptops, tablets and smart phones to complete their tasks. Some businesses even require that certain employees access social media pages and personal email accounts to complete the work that is set out for them, which can cause issues for employees under certain conditions, especially in the United States.

Because this online usage has become commonplace globally, it has created the misconception for employees that any device with an Internet connection is authorized to access private online content. This is certainly not the case in the United States, and as such, employers have a right to monitor and review the manner in which their company property is being utilized. There are some caveats that need to be taken into consideration, however, and we will look at what you need to know your rights as both an employer and an employee.

The general rule of thumb for employees is that if they do not want their personal data to be viewed by their employer, then they must not use company property to access, view or edit such information. We will be looking at what the relationship between workplace monitoring and employee privacy is like currently in America.

Set Expectations from Day 1

Most companies make it very clear as to what the policies are regarding fair usage and privacy when using company resources such as WiFi, computers and the Internet. All of this should be included in the employee handbook, the employee induction procedures, or in the IT Policy Documentation.

The reason that these expectations should be documented and put in writing is so that nobody is surprised when a PC is taken in for review, or if activity logs and records are investigated and searched for findings. Employees need to understand that just because an Internet connection is open with little to no website blocking, that does not mean that it can be treated as a private one.

Once your employees have been informed that their activities will be subject to monitoring and periodic review, you can begin looking at how to go about it correctly and thoroughly.

Monitoring Personal Devices

If an employee uses a personal device to access company information and communications, then that device is subject to data-retention policies. Examples of this are smartphones that send and receive company emails, or personal laptops that connect to the corporate network.

Employees must use caution when handling company information from personal devices, as there is always the potential for these devices to be monitored, taken for assessments or forensic audits, or even confiscated and taken into evidence if law enforcement gets involved.

Employees must always strive to find out what their rights and responsibilities are when handing company communications via personal devices, and whether the risks are worth taking with such devices.

Monitoring Email

Employees that use the company’s equipment to send and receive email are subject to routine monitoring of the contents of the mails on the system. This also includes emails that are sent and received via private accounts that the user may have signed into and used from the company-issued device, so employees must be aware of this as a potential issue if they are ever flagged for review. This applies to laptops, computers, smartphones and tablets that are issued by the company.

Monitoring Telephones

Most employees are aware that their telephone usage is being monitored, both from a billing perspective and from a productivity perspective as well. What most employees might not fully comprehend is that their phone calls and text messages are also subject to monitoring, and that employers can use their discretion when conducting such reviews.

Employers must make sure that if they intend on listening to conversations that could be construed as being private or personal, they must have written consent from the employee in question. Employees that use their own devices at work are not subject to such conditions, unless there is a specific clause in their employment agreement with the company. Employers must ensure that they are compliant with the laws in their country and state before monitoring such calls.

CCTV and Video Surveillance

Companies are allowed to deploy video cameras to ensure the safety and security of their property and staff, and as such, do not need permission from employees before doing so. Even hidden cameras can be employed without employee knowledge if it is to ensure the safety and security of the organization, its property, and its employees. The only case where employees need to be notified is when audio is being recorded on these camera systems; however, this is different in each state.

Monitoring Social Media

There is a possibility that the employees in certain departments may need to use social media for business purposes, sometimes even with their own social media accounts. This means that guidelines need to be stated clearly so that there is no confusion regarding the social media strategies of the company. It is also important to remember that again, each state will have its own laws regarding the use of social media and the repercussions thereof.

Employees that use social media must ensure that anything that they post is not affiliated with the company that they work at. If a link can be made, then a disclaimer on the part of the employee that states that the opinions expressed are that of the employee may be necessary.

Access Control

Access-control logs are another effective monitoring tool that can help employers to monitor employee activity during business hours, such as starting times in the morning, lunch break and home times in the afternoons and evenings. Access to sensitive areas such as server rooms and executive offices are also monitored and viewed by security personnel and are often subject to reviews in order to monitor employee activity in the workplace.

Conclusion

Monitoring employees is an important aspect of running a business, especially with the possibilities of legal action over misuse of company information and the revealing of trade secrets and proprietary information. This activity inevitably comes to light during the course of an investigation and needs to be properly managed if businesses are to mitigate their exposure to careless disclosures by employees.

It is therefore important that employees take as a given that employers have the capabilities and rights to listen in on conversations, monitor activity and watch employees via CCTV and other surveillance equipment. As an employee, make it your business to find out about your company’s privacy policies, and what is expected of you during the course of your working day.

 

Sources

Workplace Privacy and Employee Monitoring, Privacy Rights Clearinghouse

A guide to employee monitoring and workplace privacy, comparitech

Audio Surveillance Laws by State: Everything You Need to Know, upcounsel

5 Social Media Best Practices Every Marketer Must Follow, Sprout Blog

V. John Ella, “Employee Monitoring and Workplace Privacy Law,” National Symposium on Technology in Labor & Employment Law

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.