Employee Computer Monitoring: The Ethics and the Laws In the United States & Europe
Monitoring an employee’s computer activity is becoming increasingly common, accelerated by COVID-19 which has resulted in many more people working from home.
Employee tracking and monitoring systems serve important purposes. The main goals behind them are to prevent internal theft, examine employee productivity, ensure company resources are being used appropriately, and provide evidence for any potential litigation.
If you plan on using monitoring software, it’s imperative to understand the laws relevant to your organization, the ethical implications and how to implement the software to best serve your employees.
The Legal Considerations
The laws concerning employee monitoring can vary across states and countries and we detail these differences below. We recommend that no matter where your organization or employees reside and what the corresponding laws are, it’s good practice to let your employees know that their electronic devices and communications are being monitored. Transparency is always good practice. Since many employees feel uncomfortable being monitored, it’s important to be forthcoming about what you hope to accomplish and how surveillance aligns with your business’s goals. According to a survey by Dtex Systems, “77% of employed Americans would be less concerned with their employer monitoring their digital activity on personal or work-issued devices they use to conduct work, as long as they are transparent about it and let them know up front.”
Employee monitoring is legal, however there are some stipulations that must be followed in some states. In states such as Delaware and Connecticut employers must inform employees that they are being monitored electronically. Federal and most state privacy laws give discretion to employers as to how far they can go with their employee monitoring programs. In most cases, employers do not have to inform employees they are being monitored, depending on their state and local laws. Some regulations do require employee consent.
Additionally there is federal legislation in effect which may impact your ability to monitor to the scale you want. Specifically the Electronic Communications Privacy Act (ECPA) which essentially bans monitoring of electronic communications. However, like any regulation, there are exceptions and for businesses they allow to monitor employees as long as there is a “legitimate business purpose.” This means a system of employee monitoring would violate the law if there was no sound cause for it.
Monitoring computer web activity is different and can fall under different legal precedent. You can monitor everything from what websites employees are browsing on the business’s Wi-Fi to what keystrokes they are making on their company laptop. There is practically no reasonable expectation of privacy for an employee using a company resource such as a laptop, mobile phone or remote access to the network. A good rule of thumb is to assume that anything employees do on their company-owned computer is visible to their employer.
While it’s fine to monitor employees’ computer usage to make sure they’re not wasting time on social media and frivolous browsing, employers should know they risk acquiring too much information. Employers already have employees’ most personal data, and they can run amok of privacy laws like HIPAA if they disclose private information to anyone.
As an employer, you have the burden of protecting that information, even that which comes from an employee’s personal browsing history or private data stored on a company computer. If a data breach were to occur, for example, and certain sensitive information was exposed, it leaves the company vulnerable to litigation by the employee.
Monitoring employees’ electronic devices is legal in the EU provided employers have a legitimate business interest in doing so. However, employers also need to balance monitoring computer use while respecting the privacy of their employees. Employers should take the following approach:
- Ensure that employees are notified in advance of the monitoring through a clear monitoring policy.
- Ensure that monitoring is for legitimate business purposes only and does not interfere with the employee’s fundamental right to privacy.
- Ensure that data protection rights are respected.
If you’d like to learn more, this article provides specific details into the laws which pertain to each type of monitoring.
The Legal Necessity to Monitor Employees’ Computers
Many industries have data and employee monitoring requirements, requiring log collection and monitoring systems which provide an audit trail of all access and activity to sensitive business information.
One of the most well known is HIPPA, the US healthcare industry legislation which provides data privacy and security provisions for safeguarding medical information. American financial services are regulated by SOX, a series of regulations enacted in response to a chain of high-profile financial scandals that occurred in the early 2000s which rattled investor confidence. In addition, there are many other industry specific regulations that cover fields from education to the US federal government: NERC, FFIEC, FISMA, and FERPA.
If any of these acronyms sound familiar, it’s probably a good idea to ensure you are adhering to your industry’s regulations. China has also enacted similar requirements to SOX which puts them in line with worldwide practices as it accords with Europe’s General Data Protection Regulation.
The Ethical Considerations
Ethical considerations are just as relevant as legal ones.
Constant surveillance of employees and their computer usage during work may make them uncomfortable. This could be higher for employees who are being subjected to monitoring for the first time as they could have a higher expectation of privacy since they’ve not been monitored before.
Tracking employees without their consent may be a serious ethical concern in some states and countries. Not only will you land in legal issues, but you could also lose your employees’ trust quickly.
The simplest way to go about this is by notifying employees what you’ll be monitoring and following the monitoring guidelines according to your (and your employee’s) country/state.
Effective Ways to Ethically Monitor Your Employees
Create an Employee Monitoring Policy
The first step is to create a standard written employee monitoring policy with the help of your HR team. This can be part of the company’s employee handbook where they are required to read and sign that they acknowledge and accept the rules.
The policy should clearly state:
- Reasons why you will be monitoring your employees.
- Exactly what you’ll monitor: emails/private messages, workscreens, social media, internet usage. This clarifies their expectation of privacy while working.
- The type of monitoring: video/audio monitoring, digital monitoring.
- Personal device monitoring and why.
- The number of hours you will monitor: will it be only during working hours?
Transparency is always a good practice. Since many employees feel uncomfortable being monitored, it’s important to be forthcoming about what you hope to accomplish and how surveillance aligns with your business’s goals. According to a survey by Dtex Systems, “77% of employed Americans would be less concerned with their employer monitoring their digital activity on personal or work-issued devices they use to conduct work, as long as they are transparent about it and let them know up front.”
Use a Secure Employee Monitoring and Productivity Tool
Employee monitoring software has traditionally been all about productivity. While that can conjure up negative images of employee surveillance, not least by ensuring that no one is slacking off, these days it can be more about making sure the right people are doing the right tasks and tracking. Ensure that you go for a tool that addresses your need to monitor and respects your employees’ privacy. RecordTS is one such employee monitoring software that helps you monitor both your in-house and remote workforce effectively. RecordTS records all user activity, guaranteeing that your organization has clear visibility into who is doing what, when, and why.
Click here to learn more about secure remote session recording.