Employee Monitoring
Employee monitoring refers to the use of different surveillance and data collection techniques by an employer. These techniques may include key cards, biometrics, and other electronic monitoring practices, as well as employee monitoring software (such as computer & workstation monitoring, internet & social media monitoring, video & audio monitoring, etc.).
Most businesses maintain tabs on their workforce to improve employee concentration and productivity while ensuring data security by monitoring how and what information employees utilize. Based on what is being observed and whether the employee is aware that they are being tracked, these employee monitoring techniques can be roughly characterized as invasive or non-invasive. The main employee monitoring tools are discussed below.
Computer and workstation monitoring – While the EU allows computer monitoring provided employees are notified in advance and it is done for legitimate business purposes without limiting employee rights to privacy, various Acts in the US legalize electronic surveillance of all actions on company-owned computers.
Internet and social media monitoring – Employers are permitted to create social media policies in the US. Although the GDPR doesn’t have specific guidelines for monitoring social media and internet use at work, its privacy laws may have restrictions on what you can and cannot monitor.
Monitoring screen content and keystrokes – Employers are permitted to use this technique on company-owned computers in the US, but given the nature of the tool, it is advised that they get employee consent. In most cases, using monitoring tools that record keystrokes or take images of employees’ displays is prohibited by the GDPR.
Monitoring private messages and emails – Any email or private communication sent or received on a company-owned device is regarded as corporate property in the US. Because of this, it is acceptable for businesses to monitor confidential emails and messages. Email monitoring is legal under GDPR if the employee is informed and consents to it, the information collected about the employee through email monitoring is handled securely, and the company has a retention policy for emails and deletes them when it is up.
Monitoring company phone conversations – Employers may only listen to calls and voicemails for proper business purposes in the US. However, since businesses have the right to monitor their own phones, there is some ambiguity when an employee uses a corporate phone for a personal call. Voicemails and phone calls are considered personal information under the GDPR; therefore, corporations must first get the participants’ consent before listening in on them.
Video surveillance – Video surveillance is permitted under federal law when done for legitimate business-related purposes. This might be done to keep things safe generally or to stop theft. However, an audio recording shouldn’t be included with the video recording. Most surveillance tapes typically feature people who have not given their agreement to be watched, and under GDPR, identifiable faces are considered personal data.
Monitoring personal devices – Monitoring of personal devices is permitted in the US if the employer has established clear standards regarding it. The GDPR is highly strict regarding personal device monitoring since it places a strong emphasis on defending employees’ privacy. It forbids employers from accessing the personal information on employees’ devices through scanning software.
Monitoring employee location – Although it is strongly advised to tell employees and gain their approval, US regulations don’t specifically regulate monitoring locations. If a business wants to track the whereabouts of remote employees, GDPR mandates that they execute a DPIA (Data Protection Impact Assessment). You will then have a legal foundation for monitoring your staff thanks to the DPIA.
GDPR and CCTV
For businesses around the nation, CCTV is an essential security tool. However, if you don’t have the proper CCTV policy in place, you can end up breaking rigorous privacy regulations that defend people’s rights.
The GDPR Act, which emphasizes that personal data should only be kept for as long as required, applies to any surveillance operations conducted outside of a person’s domestic property. Employers must therefore be able to justify the use of surveillance, identify those who are recorded, state how long they want to retain the footage, and describe how the data will be maintained and protected.
Recommendations
Look at the relevant laws – To be sure they are adhering to the law, employers should contact law firms. This is particularly crucial when specific employment laws change, and revised procedures are required. Employers who implement monitoring techniques for a remotely located crew that is spread out globe are highlighted.
Be transparent about everything – Even though it’s not required, it’s usually a good idea to be open and honest with employees regarding monitoring procedures. They will be more open and accepting to the measures because they will understand the reasoning behind them better.
Use employee-friendly tools – Employers should refrain from using equipment that secretly watch on their employees, like background-running keyloggers. Employee trust could decline as a result, and there may also be legal repercussions.
