What is Your Policy for Monitoring Employees?

Companies have rights, such as being able to ensure that their employees are performing the work they’re being paid to do. They have the right to take measures to protect their ‘secret sauce’ or intellectual property. That said, employees working in a company have a reasonable expectation of privacy. How does that square with companies using employee monitoring software?

It may surprise you to know that the answer has less to do with the technology than your company policies. That raises the first question: does your company even have an employee monitoring policy? Second, do your employees know about it? If you’ve answered yes to both, your company is most likely in the clear (with the disclaimer that we’re not in a position to give legal advice. After all, different countries and even different provinces and states can have different standards. However, we’re just in the habit of staying alert to the rules of this particular area – and we’re happy to share what we’ve found).

A recent Digital Life article in the Vancouver Sun quotes an information security analyst for Envision Financial who explains how employee monitoring is supposed to work:

“Doing it right comes down to policy. You need to state specifically and explicitly what you are monitoring and what you are not and for what purposes you are using that monitoring. When you do that, your staff or employees cannot come back to you, or don’t really have a legal leg to stand on to say ‘hey you can’t be doing this.’” 

“At the end of the day it’s the company’s resources and as long as you state clearly whether it be an acceptable use policy that your staff sign off or whether it be when someone logs onto a work computer that says there should be no expectation of privacy, that you are being monitored for the following purposes, then that protects the company on both sides,” said Vogel.

Recognizing that there are grey issues around privacy in the workplace, one Canadian Employment Labour Lawyers at MacLeod laid out in a blog post their interpretation of how companies can cover their bases when implementing computer monitoring:

If an employer plans to monitor an employee’s email or Internet use then ideally the employer should obtain the employee’s written consent in advance via a computer-use policy. Such a policy tells the employee that the employer will be monitoring emails and Internet use and that the employee should have no expectation of privacy if he uses the company network to send or receive personal emails or use the Internet for personal purposes.

The employer can require all new employees to sign a computer use policy which obtains the employee’s written consent as a condition of employment.

An assessment from the Kent Employment Law firm seems to back up this interpretation, offering common-sense advice: be clear about the kind of conduct that is allowed or prohibited, be transparent in getting advance written consent from employees, be reasonable in the business case you’re making for the employee monitoring, be fair and balanced and finally, be responsive – since there’s little point in having a policy that you don’t enforce.

Interested in computer monitoring at your office? SoftActivity offers security solutions used by offices in countries around the world.

July 20th, 2015