The State of Employee Privacy and Surveillance in 2023

An often controversial topic in U.S. workplaces, known to raise ethical questions regarding the state of public surveillance regulations, deals with the federal laws surrounding the use of online privacy and workplace surveillance. We are used to hearing about the abuse of these tools, such as issues that abuse personal rights, while their proper management, actually, has various benefits for both employee and employer.

At its core, most employers have the best interests of their staff and organization in mind when they implement these policies. Employees, while recognizing common goals, like the need for security and safety, have their own privacy as a priority in these topics.

In discussing this, Nancy Flynn, the Executive Director of The ePolicy Institute states that

“To help control the risk of litigation, security breaches and other electronic disasters, employers should take advantage of monitoring and blocking technology to battle people problems—including the accidental and intentional misuse of computer systems and other electronic resources.”

This clash between the employer and employee perspective about how constant surveillance can impact productivity is of expanding interest and warrants deeper conversations around employee monitoring. The good news is that by making a proper investment for tools that meet common interests and managing transparently within your teams about why and what you are surveilling, you can support your organization from the mistakes that can come from a lack of knowledge in this space.

Having an understanding of the types of workplace surveillance technologies that exist, everything from background tracking to identity management, knowing what can be monitored, especially as new technologies start to integrate advanced innovations such as cloud-based and artificial intelligence, and what can have the most impact in this space, and understanding the research about this can best position you and your team for success.

Types of Workplace Surveillance Technologies

CCTV

Cloud security camera systems are more popular than ever among employers seeking to tighten security in the workplace. Many innovative camera companies are investing heavily in facial recognition technology and integrations with sensors to provide more useful information than traditional cameras. Learn more about the best security camera brands here.

Biometrics

Currently, biometric technology refers mostly to facial recognition, fingerprints, and voice recognition. However, innovations in AI and IoT are making it possible to track other physical traits through surveillance for access control and identity verification purposes. For example, retina scans, DNA, typing rhythm, and other more subtle physical markers are being used more often to monitor employees

Cloud-based Access Control

While access control alone is not generally used for employee surveillance, modern cloud-based platforms can easily integrate with cameras and identity management services to provide insights into how employees are utilizing a certain area as well as an easily managed security system. This is one of the less-intrusive methods managers can use to track movement throughout the office without violating individual privacy.

Social Media Monitoring Software (SMMs)

Perhaps the most controversial group of tools in the past several years, social media monitoring software is a network of bots and apps that track the performance of a particular brand or individual on social media, down to every mention, click, and hashtag that the account has. Many companies have tried to use these tools to invade the private accounts of employees, and have even asked potential hires and employees for their login credentials to their private accounts. This has prompted a backlash from the public and the social media companies themselves on the grounds that it violates first amendment rights to free speech as well as company policy.

Background Check Software

Background checks have been a common practice in hiring and employee monitoring policies for decades, however in recent years technology has made this sometimes tedious task much easier for employers to do quickly online. New recruiting software makes it possible for employers to automatically gather and analyze criminal histories, citizenship status, and other elements with the help of AI and machine learning.

Screen Capture/Browser Monitoring

Like the name implies, screen capture and browser monitoring tools allow employers to take snapshots of an employee's computer screen or track what sites they are visiting while at work or whenever they are using a company device.

Occupancy Tracking

Occupancy tracking is a series of sensors that measure the number of people and the amount of time they spend in a particular space. These inconspicuous sensors are often used to enhance security and provide valuable business insights for business operators. In commercial spaces, this technology is fairly common, especially in high-traffic public areas.

Real-Time Location Tracking

Many companies are applying real-time location tracking to monitor company assets and devices within a network. Using the “received signal strength” of a device, security software can track devices such as cell phones, laptops, or even wearables as they move throughout a building or geometric vicinity. This is particularly useful for large companies with large corporate campuses. For employers, it can help protect expensive equipment and data. However, for employees, it has raised concerns over the privacy of their personal devices which are often used for work.

Identity Management

Identity management systems like Okta and OneLogin are not inherently meant to be used as surveillance tools, however, they can be co-opted for that purpose by managers who are suspicious of their employee's actions on internal company applications. Identity management software allows people to sign into several applications and web services with one set of credentials.

Workplace Analytics Audit Logs

Audit logs are essentially a track record of an employee’s activity within an organization. For example, Microsoft has an entire ecosystem of apps and tools that companies use to manage their business and internal communications, from email and cloud storage to CRM software and accounting logs. With audit logs, a manager can track every action that an employee makes within the ecosystem, no matter what computer they are using, and get detailed analytics on how productive they are at a given time.

Why Do Employers Monitor Workers?

There could be multiple reasons, like:

• Monitor productivity
• Protect sensitive company data and proprietary information
• Monitor compliance with company policies
• Gather data for business decisions
• Ensure the safety and security of the employees and of their belongings
• Make sure that the office is a healthy space where to work in peace and socially distanced

Generally, the main objective of workplace surveillance is to protect office assets and valuable information from compromising.

The activity of employee monitoring is not just for security purposes, but it is being extensively used for performance assessment and employee’s productive work contribution. According to IDC research information, 30% to 40% of the internet time used by employees is not related to office work. Similarly, about 60% of the online purchases are done through office work time. In such circumstances, employee monitoring becomes very critical, but strict workplace surveillance laws also apply for the same.

Federal Workplace Privacy/Surveillance Laws

Currently, there is no comprehensive federal law in the US regulating the extent to which employers can monitor employees in the workplace. And recent trends towards flexible working arrangements and work-from-home policies have made this issue even murkier for individual companies. Most privacy and workplace monitoring policies are governed by a wide range of state laws that often contradict each other, are too ambiguous, or simply not advanced enough to keep up with technology.

On the federal level, prosecutors have applied the 4th Amendment of the U.S. Constitution to many workplace privacy issues. The 4th amendment protects American citizens against unreasonable search and seizure of their person or belongings without a warrant issued by a judge stating probable cause. However, this language has a vague context in the workplace, where technology and online presence play such an integral role in people’s work lives. Because the federal government has left this so open-ended, it has been up to the states to make individual privacy laws to govern the issue of workplace monitoring.

What Can Be Monitored in the Workplace?

As per Privacy Rights Clearing House, here is a list of things that employers are generally permitted to monitor in the workplace:

1. Computers and Workstations
2. Email and Instant Messaging
3. Telephones
4. Mobile Devices
5. Audio and Video Recording
6. Location (GPS) Tracking (i.e. company cars)
7. U.S. Postal Mail
8. Social Media (*note that this is under debate and up for legislation in many states. See below for details)

Top US Tech Hubs Where Employee Surveillance Has the Most Impact

The following cities are the biggest tech and business hubs in the U.S. Debates around employee monitoring in the workplace often start in these areas and have a large impact on how the state governments handle privacy violations in the absence of detailed federal regulations. We looked into the state laws governing the largest tech companies in the world and have collected them here for reference.

Boston, MA

What's covered in the law?

• Online privacy

Relevant local & state surveillance laws

• 820 ILCS 55/10

Austin, TX & Dallas, TX

What's covered in the law?

• Wiretapping
• Oral and electronic communication
• Video surveillance

Relevant local & state surveillance laws

• Section 16.02 of the Texas Penal Code
• Section 21.15 of the Texas Penal Code

Atlanta, GA

What's covered in the law?

• Video surveillance
• Electronic communication
• Biometrics
• All forms of data

Relevant local & state surveillance laws

• Law of Georgia on Personal Data Protection

Raleigh, NC

What's covered in the law?

• Wire, oral and electronic communication
• Health records and data

Relevant local & state surveillance laws

• Off-Duty Use of Lawful Products: N.c. Gen. Stat. § 95-2.2
• Immunity from Civil Liability for Employers Disclosing Information: N.c. Gen. Stat. § 1-539.12
• Discrimination Based on Aids or Hiv Status: N.c. Gen. Stat. §130a-148(i)
• Interception and Disclosure of Wire, Oral, or Electronic Communications Prohibited: N.c. Gen. Stat. § 15a-287

Seattle, WA

What's covered in the law?

• Written, oral and electronic communication
• Video surveillance

Relevant local & state surveillance laws

• RCW 9.73.020: Opening Sealed Letter
• RCW 9.73.030: Intercepting, Recording, or Divulging Private Communication—consent Required—exceptions
• RCW 9.73.270: Collecting, Using Electronic Data or Metadata—cell Site Simulator Devices—requirements.
• RCW 9.73.110: Intercepting, Recording, or Disclosing Private Communications—not Unlawful for Building Owner—conditions

Baltimore, MA

What's covered in the law?

• Online privacy

Relevant local & state surveillance laws

• Section 52c: Personnel Records, Review by Employee, Corrections, Penalty

San Francisco, CA & San Jose, CA

What's covered in the law?

• Online privacy
• Employee information
• Privacy on the job search
• Background checks
• Privacy at the job

Relevant local & state surveillance laws

• Workplace Privacy

State Social Media Privacy Laws

Increasing numbers of workers use social media both on and off the job. And while social media increasingly affects the employment process as a whole, employees are being fired for social posts more often each year. In the past decade, many employers across the US have asked for access to their employees' and job applicants’ personal social media accounts. This has sparked controversy and debate over how far companies can go to protect themselves from liability for an employee’s words or actions.

Workplace Surveillance from the Employee Perspective

Some employees and job applicants have expressed concerns about requests from employers or educational institutions for access to usernames or passwords for personal social media accounts. They consider such requests to be an invasion of employees’ privacy, akin to reading a diary or requiring a visit to their home.

As the digital age continuously evolves and expands, its impact on work cultures, ethics, and policies gets more complex every year. Many employees wonder what exactly the legislation entails when it comes to employee monitoring during work hours. As well as what impact it has on an employee’s privacy in the workplace.

In most parts of the United States, employee monitoring is not regulated and legal. Like in most companies, if an employer provides an employee with a computer or other software on which to work, that property rightfully belongs to the employer.

This means that the employer may perhaps listen to, watch, or read an employees’ workplace communication. They can also monitor the extent of non-work-related activities during work hours.

The Electronic Communications Privacy Act (ECPA) covers the right to digital privacy. This outlines the legality of the interception of digital and electronic communication between two parties. However, the Stored Communications Act (SCA) details the disclosure of communication. For the sake of conducting business, the ECPA allows employers to intercept communication on systems that belong to the employer.

However, employers can also access stored information pertaining to employee communication that was not recorded during business hours. In fact, most states don’t even require employers to notify their employees beforehand if they intend on monitoring their actions or communications during work hours.

One thing to note is that in order to stay on the right side of the law it is best to construct new policies, such as a workplace video surveillance policy if employers want to monitor their employees without any hiccups.

In general, it is completely legal for an employer to review and monitor all actions on the company network. There are also many different types of software applications designed to help employers monitor their employee’s activities and work hours. The terms of legality do not change even when the employee marks certain correspondence as private.

Workplace Surveillance from the Employer Perspective

Employee monitoring, or employee surveillance, is when employers use various tools and methods of surveillance to collect information about their employees. These tools could include internet and software monitoring, video surveillance, keystroke logging, and more.

This is especially relevant nowadays as many businesses are hiring remote employees. Remote employee monitoring can help ensure that employees working from home are getting all their work done and working the appropriate number of hours.

Electronic monitoring of employees is a useful way to find out exactly what your employees are doing on their computers while at work. It also helps to measure productivity, track the number of hours worked, provide extra security, and track employee attendance.

Using technology to monitor employee performance is effective and efficient. You are able to find out which tasks your employees took longer to complete so you can see where they might need extra support and guidance. This will ultimately help to improve the efficiency of the workplace while ensuring your employees are all doing their jobs.

This might be a great solution for employees but there are some arguments against employee monitoring. These regard employee privacy in the workplace. Employees may feel uncomfortable being monitored. This could negatively affect the employee-employer relationship.

In conclusion, while there are many benefits of employee monitoring, there are also several drawbacks. If you’re interested in implementing employee surveillance, make sure you follow the correct practices. That way you won’t negatively affect the relationship you have with your employees.

Workplace Surveillance Stats

In 2007, the American Management Association conducted a survey of over 300 businesses to explore how they monitor and track employee activity during work hours. Here are some insights:

• 39% of employers research candidates on social media
• 43% of those employers found something that caused them not to hire a candidate. The most popular reasons:
• Inappropriate photos or information
• Grievances aired against former employers
• 19% of employers researching social media found information that caused them to want to hire a candidate.
• Communication skills
• Professional image

Stats About Internet Abuses in The Workplace

25% of corporate Internet traffic is categorized as unrelated to work

64% of employees use the web for personal reasons during work hours

70% of Internet porn traffic occurs during work hours

48% of the worst security breaches at large companies are perpetrated by employees

Citation for Employers by State

• Arkansas – Ark. Code § 11-2-124
• California – Calif. Lab. Code § 980
• Colorado – C.R.S. 8-2-127
• Connecticut – Conn.Gen.Stat. § 31-40x (2015 S.B. 425, Act 16)
• Delaware – 19 Del. Code § 709A
• Illinois – 820 ILCS 55/10
• Louisiana – La. Rev. Stat. § 51:1951 to §§ 1953 and 1955
• Maine – 26 M.R.S. § 616 to 619
• Maryland – Md. Code, Labor and Emp. Law § 3-712
• Michigan – MCL § 37.271-37.278
• Montana – Mont. Code Ann. § 39-2-307
• Nebraska – Neb. Rev. Stat. 48-3501 et seq.
• Nevada – NRS § 613.135
• New Hampshire – N.H. Rev. Stat. § 275:74
• New Jersey – N.J. Stat. § 34:6B-6
• New Mexico – N.M. Stat. § 50-4-34 (covers job applicants only)
• Oklahoma – 40 Okla. Stat. § 173.2
• Oregon – O.R.S. § 659A.330
• Rhode Island – R.I. Gen. Laws § 28-56-1 to -6
• Tennessee – Tenn. Code §§ 50-1-1001 to -1004
• Utah – Utah Code § 34-48-201 et seq.
• Vermont – 21 V.S.A. § 495l
• Virginia – Va. Code § 40.1-28.7:5
• Washington – RCW §§ 49.44.200 and 49.44.205
• West Virginia – W.V. Code § 21-5H-1
• Wisconsin – Wis. Stat. § 995.55
• Guam – 22 GCA § 3501

How Privacy Policies are Communicated in the Workplace

Workplace privacy policies are usually communicated through employee handbooks, by memos, in union contracts, employment contracts, and non-disclosure agreements which can be distributed to employees at any time.

Research Insights:

• In the workplace, almost any consumer privacy law can be waived. Even if companies give employees a choice about whether or not they want to participate, it’s not hard to force employees to agree.
• There is an increasing number of cases of employers asking prospective hires and employees for access to their social media. This has sparked a backlash from workers, tech giants, and privacy advocates alike.
• Twenty-five states have passed social media protections for individuals, meaning employers in those states cannot ask a worker for access or passwords to their social media accounts. Similar laws are pending or are up for debate in other states.
• While there are few privacy protection laws in the U.S., there is the Electronic Communications Privacy Act and Stored Communications Act, as well as state laws about wiretaps, which cover how companies can monitor information. Companies that want to use new monitoring technology need to keep those laws in mind.
• According to a recent survey by Accenture, even though 62% of executives said their companies are using new technologies to collect data on people — from the quality of work to safety and well-being — fewer than a third said they feel confident they are using the data responsibly.
• There are no explicit laws or legislation in the United States on the federal level that prohibit employers from monitoring their employees via video surveillance. There are, however, some exceptions. Some workers, who may be engaged in classified or otherwise protected activities in the service of completing their jobs, maybe prohibited from surveillance. This is rarer and circumstantial.
• California’s data privacy law, the California Consumer Privacy Act, effective in January 2020, is comprehensive and impactful enough on businesses globally to be comparable to GDPR, the EU’s main regulation for data privacy. This is one of the first state laws to ensure people’s right to online privacy and it covers almost any identifying information a company has on a particular individual. It also applies to California employees, although there is a grace period of 1 year for employers to notify workers what personal information they are using and where.

Conclusion

Needless to say, a lot can be done both legislatively, and on a local business level, to draw attention to better techniques for using monitoring products, as well as to create awareness about how products should be used for policy-making decisions.

At the end of the day, both the employee and the employer, have safety and security in mind, and both seek to be respected personally for their basic fundamental rights. A key takeaway to explore is how our privacy policies are communicated in the workplace, and how we can do the best for our fellow employees with our transparency around surveillance options.