Security

Employee Monitoring Laws: Drawing the Line Between Privacy and Protection

Apr 29, 2021

Our research finds employers are monitoring employee conversations more often in 2021 than they were six years ago. How do employers draw the line between employee privacy and protecting their company?

AvatarImg
Zach CapersSr Specialist Analyst
Employee Monitoring Laws: Drawing the Line Between Privacy and Protection

NOTE: This article is intended to inform our readers about business-related concerns in the United States. It is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.

Back in 2015, we ran a survey to get business-owner opinions about monitoring employee conversations using internal communications tools. The results came back with a "less is more" attitude: 43% of respondents said they did not monitor employee conversations on internal chat tools, believing it to be an invasion of privacy.

As data privacy concerns continue to make headlines and GDPR continues full speed ahead, we wanted to see if employers are taking the same cautious approach to monitoring employee conversations in 2021 as they did six years ago. Spoiler alert: They aren’t.

We recently ran an expanded version of the same survey, asking 435 respondents in management positions or above how they feel about monitoring employee conversations. Six years later, respondents are far less likely to consider employee monitoring invasive: Only 11% of respondents believe monitoring employee conversations is an invasion of privacy in 2021, compared to 43% in 2015.

2015 vs 2021 monitoring

(See our survey methodology at bottom of page.)

Employee monitoring laws are complex at best and completely absent at worst. This is a growing concern following a global pandemic that has seen the world embrace remote work along with its potential for increased monitoring.

Where employee monitoring isn’t regulated by industry or geography, it’s open to interpretation and conjecture. As a result, companies struggle knowing how much is too much when it comes to monitoring employee conversations.

With so much at stake, you need to find the right balance between protecting your company without infringing on employee privacy. In this article, we’ll tell you more about the results of our latest survey, show you what monitoring looks in practice, explain the employee monitoring rules you need to know (or lack thereof), and go over some helpful best practices.

Key findings from our 2021 employee monitoring survey

Sixty-nine percent of small-business leaders say their company monitors employees. Here are a few key stats from those respondents:

Employee Monitoring Stats

A full 87% have access to employee conversations taking place on internal communication tools. This is a jump from 2015, when only 56% of respondents had access to online employee conversations.

What accounts for this jump? It's likely a combination of factors:

Technological advancements: Employee monitoring software has become more advanced and more affordable, making it easier for companies to deploy effective employee monitoring tools.

Shifting work culture: Trends toward remote work make it easier to monitor employee activity. Case in point, only 40% of respondents used video surveillance prior to the COVID-19 pandemic. During the pandemic, that number nearly doubled to a whopping 77%.

Regulation and data privacy: New data privacy laws, such as California’s CCPA, have increased companies’ concerns about employees exposing sensitive customer data.

In fact, 29% of respondents say they primarily monitor employees to ensure they are adhering to internal communication policies.

Let’s take a look at how employee monitoring might play out on some of the most popular business chat applications: Slack, Microsoft Teams, and Google Workspace.

Slack allows varying degrees of access based on pricing plans. Administrators on the free and standard plan require a legal process or employee consent to export personal conversations, while Plus and Enterprise Grid plan admins have access to a self-service tool that allows them to export all data (including private direct messages between employees). Generally, Slack allows access to employee conversations and puts the onus on employers to comply with any applicable employee monitoring laws.

Microsoft Teams offers what the company calls a productivity score that allows employers to monitor employee use of various Microsoft Teams and Office applications. Productivity score features allow employers to see data on individual employees without notifying them. More recently, Microsoft introduced Teams analytics reports for admins that want to dive deeper into granular usage details about individuals.

Google Workspace (formerly G Suite) also provides a team productivity monitoring feature called Work Insights, but individual data is not available. For individual data, admins of paid accounts may access Google’s reports and monitoring logs to obtain activity histories for Google Hangouts, Gmail, Drive, and any other Google Workspace applications.

Where there are gaps in access, third-party tools can use a combination of screen monitoring and key logging to monitor not just employee conversations but any employee activity on their workstation.

If you choose to monitor employees, the key is to find the right balance. To do that, you need to know the laws.

It's hard to definitively say how much is "too much" when it comes to monitoring employee communication.

Consider the landmark case of Barbulescu v. Romania to get an idea of just how complex the subject of employee workplace monitoring can get.

Barbulescu v. Romania

Barbulescu appealed his termination, denying having had private conversations at work. The appeal was unsuccessful, as the company was able to prove that he was having these conversations with transcripts of chats that were collected while monitoring him.

These transcripts led Barbulescu to once again challenge his dismissal, this time for a violation of Article 8 of the European Convention on Human Rights, which encompasses the right to respect for private and family life, including through correspondence.

In 2016, the court sided with the company, saying that it was not a violation of Article 8, predominantly because the possibility of monitoring had been disclosed to Bărbulescu upon employment.

In 2017, however, the case was overturned and came out in favor of Bărbulescu, stating that Article 8 had in fact been breached. Although the monitoring had been disclosed, the scope of monitoring and the degree of intrusion were not justifiable by legitimate means.

If even the courts have trouble defining what an acceptable level of monitoring is, how do small businesses navigate the nuanced world of employee monitoring? Very carefully.

The rules are… not clear

There's a level of necessity for compliance in heavily regulated industries such as finance, where anything communicated within and between companies can (and in some cases should) be monitored. For everyone else, the waters get a bit murky.

Privacy laws such as the Electronic Communications Privacy Act (ECPA) protect employee rights to a certain extent, but exceptions allow companies to monitor employee communications so long as they have a legitimate business reason for doing so.

Some of the most common reasons employers give for monitoring employees include:

  • Protecting proprietary company information

  • Checking for violations of company policy in regard to personal use of company hardware

  • Investigating complaints or claims of harassment or misconduct

  • Investigating potential criminal activity by employees

  • Accessing necessary business information that only certain employees have

The other exception to most employee monitoring laws is when an employee gives consent to be monitored, which is often the case. And it seems many employees agree to monitoring without realizing it.

As we mentioned earlier, 69% of small-business leaders say their company monitors employees. Of those respondents, 97% say their employees are at least somewhat aware they are being monitored. However, when we asked employees whether their employer uses any type of monitoring tools, only 24% said yes. Another 60% of employees said no, while 16% were unsure.

Employee vs Employer monitoring

Clearly, there is a disconnect between employees and employers when it comes to awareness of monitoring practices. Without proper disclosure and justification, monitoring can lead to trouble, especially when personal communications are involved.

Following a few best practices will put your organization in a good position to be able to protect itself while respecting the privacy of your employees.

Best practices for monitoring employee communication

Company culture has a lot to do with whether your employees perceive monitoring as invasive. Being transparent from the beginning will ensure that employees don't feel as if they are "being watched."

Things to keep in mind when monitoring employee communication:

Set usage rules: If you don't want employees to use company-owned devices for personal use, tell them. Outline what is and is not acceptable use so that there are no gray areas (or the gray areas are smaller) when it comes to monitoring employee emails, internet usage, or other types of electronic surveillance. To make this easier, we’ve created a guide to developing an acceptable use policy.

Make monitoring explicit: Tell your employees from the outset that you're going to be monitoring conversations. Write it in their employment contract so there's no dispute about disclosure if issues arise. And because employees might not always read every line of their hiring documents, add monitoring practices to your employee handbook and regularly alert employees to any changes in policy.

Adopt a "less is more" attitude: Unless you notice productivity issues, suspect abuse of company-owned machines, or are investigating specific issues, err toward monitoring less rather than more. It's no longer 2015, but having a more cautious approach to employee monitoring will help you avoid potential privacy infringement while fostering a more trusting workplace.

Want to learn more about the results of our employee monitoring survey?

Methodology

GetApp conducted this survey in March, 2021 of 969 respondents (435 of which indicated leadership positions within their company) to learn more about employee monitoring practices. Respondents were screened for employment at small businesses with two to 250 employees. The 2015 comparison data was collected through an online survey of 500 business owners.

avatar
About the author

Zach Capers

Sr Specialist Analyst
Zach Capers is a senior analyst at GetApp, covering IT security, data privacy, and emerging technology trends. A former internal investigator for a Fortune 50 company and researcher for the Association of Certified Fraud Examiners (ACFE), his work has been featured in publications such as Forbes, Business Insider, and Journal of Accountancy.
Visit author's page