Traditionally, employers have monitored employee activity for a variety of reasons. Understandably, employers want to ensure the security of their IT systems, protect proprietary or sensitive data (think, trade secrets), prevent illegal uses of their systems, and make sure their employees are not total slackers remain productive. Now, in the absence of physical proximity, it’s even harder for employers to manage these needs. Enter the new generation of employee monitoring tools. While the questions of whether and how much employee tracking helps workforce productivity remain largely unanswered, many employers are increasingly turning to these new tools.
A minimum of internet searching will reveal enterprise tools that can:
- track a worker’s idle time (typically measured by keyboard and mouse usage);
- record time spent in each app, website or document;
- capture periodic screenshots of a worker’s device;
- snap photos of an employee using a device’s camera;
- record audio using a device’s microphone and use natural language processing to gauge whether a conversation is work-related;
- track a worker’s location; and
- generate a productivity score based on any of these data points.
Amazon even patented a wristband that would track warehouse employees’ hand movements. But companies should be forewarned that electronic employee monitoring potentially implicates a variety of employment, data security and privacy laws. Failure to take note of the legal considerations can expose the company to significant risk, not to mention public relations challenges. Some of the laws with which an employer must comply include:
- federal and state wiretapping laws (including the federal Wiretap Act, the Stored Communications Act, and the Electronic Communications Privacy Act);
- state privacy statutes (including biometrics statutes like the Illinois Biometric Information Privacy Act, and consumer privacy statutes like the California Consumer Privacy Act);
- state common law privacy protections;
- the National Labor Relations Act; and
- federal and state employment laws.
The commonly heard and overly reductive summary often presented is that employers can implement any of these surveillance methods so long as they first obtain consent from their employees. But the reality is more complicated than that. For example, the Electronic Communications Privacy Act has a safe harbor for monitoring that is for a “legitimate business purpose,” as well as an exemption if an employer obtains employee consent first. But monitoring software can easily capture third parties’ information. Consider the implications if monitoring software captures a screenshot while an employee is reading a personal email from a friend or relative. Also note that some states—California, Illinois, and Maryland—have laws that require every person involved in an electronic communication or phone call to consent to being recorded or monitored. Therefore, whenever an employer records employee communications with people from such states, those state laws are implicated.
Additionally, at least 25 states prohibit employers from requiring login information to employees’ personal online accounts, but a keystroke logger might record an employee’s user ID and password when the employee logs into his or her personal account. And, what if an employee uses a work computer to schedule a doctor’s exam and the monitoring software captures the written description of the employee’s medical issue? Would employee consent to electronic monitoring negate the potential HIPAA violation? Or might an employee have a legitimate expectation of privacy while conducting a minimal amount of personal business on a work device during the workday? If so, then common law invasion of privacy protections may trump the consent provided for monitoring work activity.
These issues can be nuanced. Too few of the available software platforms built for employee monitoring include safeguards to protect the employee from invasions of privacy and the employer from potential legal risks. Before implementing any employee surveillance tools, an employer should consult legal counsel about potentially applicable legal requirements and explore reasonable safeguards. Doing so will help protect the company, the employees and the ability to work in one’s pajamas.
RELATED ARTICLES
EU Publishes Privacy Guidance on the Use of Contact Tracing Technology in the Fight Against COVID-19
COVID-19, COPPA and the CCPA: Educators Face Privacy Questions as Students Move to Remote Learning
The 5G-Enhanced Potential of Augmented Reality Comes with Interesting Legal Issues