What HR Departments Need to Know About Employee Surveillance
There’s been a dramatic shift to remote work since the start of the COVID-19. Because of this, managers globally are wondering: how can productivity be measured and maintained outside of the office? As evidenced by the explosive growth in software like email analytics and Hubspot, remote monitoring tools were undoubtedly a popular answer to this question for many companies.
However, while the usefulness of employee surveillance tools may prompt some managers to continue using them once employees go back into the office, organizations should proceed with caution. Ill-considered or poorly thought out monitoring procedures can cause significant issues for any company. Monitoring tools can help make a workplace more efficient and improve the visibility of human resources. But staff are naturally likely to be wary of any procedure that increases surveillance without their consent. To mitigate any negative consequences of employee monitoring, it’s important to be aware of potential issues.
The regulatory risk of employee surveillance is growing
Though the act of monitoring employees, whether on their devices or in the workplace, is generally legal. However, poor storage or misuse of data collected can expose employers to significant fines.
While GDPR presents a clear example of what responsibilities employers in the EU have regarding employee data, regulatory frameworks are evolving elsewhere, as well. For any organization with employees based in California, employee data will have the equivalent protections to consumer information from the 1st of January 2023. Thus, as a requirement, employers must protect any collected data from breaches. They also must allow employees to request the deletion of any information collected about them.
Elsewhere in the U.S., similar legislation is proliferating. Despite the fact that some laws, such as Virginia’s recently passed Consumer Data Protection Act, currently exclude employee data, legislators could eventually expand regulations to include employees. Internationally too, other GDPR-esque legislation, such as Brazil’s LGPD, explicitly includes employee information in their coverage.
Done wrong, employee surveillance can damage organizational culture
Another “hidden cost” of keeping track of employees is the potential danger that monitoring poses to workplace culture.
In one example, efforts by the British bank Barclays to introduce remote monitoring of employees were met with immediate employee backlash. Similarly, Microsoft was forced to backtrack on their attempt to integrate a “productivity score” feature into their Office 365 suite after inciting a barrage of negative media attention.
Ultimately, employees do not like being monitored, particularly when it happens without their consent. As a result, expanding employee monitoring can necessitate an inherent trade-off in trust. Paradoxically, when monitoring is used haphazardly, research from the University of Chicago shows that it can cause real productivity to decline.
Making employee surveillance work
Despite the hazards that doing so invokes, monitoring employees can still have numerous benefits for organizations and even employees themselves if used correctly. Fit for purpose, monitoring can improve cybersecurity, highlight employee strengths, and even reduce harassment within workplaces.
During the pandemic, employee monitoring also became a lifeline for newly remote managers. However, as workforces move back on-site or adapt to more permanent hybrid/remote working arrangements, every organization needs to uncover precisely how much monitoring is necessary.
Because monitoring will inherently impact employee privacy and place burdens on their employers, where possible, organizations should reduce its use and ensure that any temporary measures in place have an explicit sunset clause. Another vital step towards making monitoring fair and fit for purpose is to listen to employees themselves. Any organization that is monitoring employees should prioritize asking their staff about their privacy concerns.
Ultimately, however, any efforts to monitor employees, whether on-site or remotely, need to coincide with carefully crafted policies. Here are three things that any organization that is considering continuing or expanding its employee monitoring program needs to know.
The legal environment surrounding employee data collection is getting more complex
No jurisdiction currently prohibits employee monitoring outright or plans on doing so. Regardless, the legal environment surrounding employee data collection requires an increasingly nuanced approach.
While organizations working under frameworks like the GDPR or CPRA face a legal minefield when it comes to rolling out employee surveillance programs, data privacy legislation exists beyond just these kinds of comprehensive jurisdictions. Notably, across the U.S., specific purpose privacy legislation is increasingly likely to impact how employers can monitor staff.
For example, the Illinois Biometric Information Privacy Act (BIPA) restricts how companies operating in Illinois can use biometric data such as fingerprints or facial recognition. Impacted companies must give advance notice, receive employee consent, and have a retention and destruction schedule for biometric data collected. Critically, this law also gives employees a private right of action against employers should a violation occur. Similar laws are also in place in Texas and New York.
Other states, such as Connecticut, require organizations to give employees notice of any monitoring. Organizations need to carefully examine whether other laws specifically impact the types of data they plan on collecting.
Transparency and privacy are vital
While many employee monitoring tools are new and questions around data use and storage continue to evolve, the ethical issues they raise have been around for decades. Ultimately, research shows that the process of employee monitoring requires buy-in from the employees themselves. The vital factors in this respect are transparency and consent.
Employee agreement for intrusive monitoring is critical to increasing its acceptance, even when not required by law. The key to getting consent is letting employees know that monitoring their activity is ultimately for their benefit too. Backing up this thesis, a Gartner study found that while few employees were okay with employers observing their email without a just cause, over 50 percent don’t mind being monitored if their employer tells them why they are doing so.
Matching monitoring with workplace privacy is critical
As they surveil employees, many organizations take responsibility for incredibly valuable employee personal information. With both data breaches and incidents of identity theft soaring, this situation is naturally going to raise employee privacy concerns.
To mitigate employee worries, employers can integrate privacy into their workplace by rolling out pro-privacy workplace benefits to staff. On one level, this can mean engaging employees with privacy awareness training that extends beyond what’s necessary to maintain cybersecurity. However, employers can also equip their workforces with privacy tools like password managers and data broker removal services that minimize employees’ chances of falling victim to fraud outside the workplace.
As companies struggled to adapt to virtual work, employee monitoring soared. However, as things return to “business as usual,” it’s worth revisiting workplace monitoring procedures to make sure they’re necessary.
Deploying digital monitoring tools within the workplace has never been easier. But rolling out or expanding an employee monitoring program is not a process that any employer should take lightly.
Ultimately, employers that monitor employee activity need to consider how monitoring fits into the legal environment they operate in. They also need to consider whether their actions are transparent and proactively mitigate employee concerns. Only then will employee acceptance of monitoring increase.