Employee Monitoring

Is Employee Monitoring Legal?

By Veriato Team

As the number of costly insider theft, fraud, lower productivity or inappropriate workplace behavior, involving organizations like the NSA, Zynga and HTC, continues to rise, more companies are recognizing the need for an employee monitoring program. However, since this is not as common of a practice as security from outside attacks, it raises many new questions including legality and best practices.

So, first of all… Yes, employee monitoring is legal in the United States.* While the 1986 Electronic Communications Privacy Act prohibits unauthorized interception of electronic communications including e-mail, the law exempts service providers. Therefore, the courts have commonly interpreted this to include employers who provide e-mail and Internet access, according to David Sobel, attorney for the Electronic Privacy Information Center in Washington, D.C.

Not only is it legal to monitor employees on their computers and online, there is no federal US law that requires employers to notify workers they are being monitored. So while it is a best practice to inform employees of the company’s right to monitor all activity on employee computers and disclose it in the employee handbook, companies are NOT required to do so in the US.

Notifying an employee the company’s right to monitor can also act as a natural deterrent. Valerie Wright, Ph.D., research analyst at The Sentencing Project, noted, “Research to date generally indicates that increases in the certainty of punishment, as opposed to the severity of punishment, are more likely to produce deterrent benefits.” This is akin to video cameras in offices or parking garages.

The US courts have tried to balance an employee’s “reasonable expectation of privacy” against the employer’s business justification for monitoring. According to Santa Clara University Professor of Law Dorothy Glancy, “There aren’t many cases, and they tend to go against the employee. Often, court opinions take the point of view that when the employees are using employers’ property–the employers’ computers and networks–the employees’ expectation of privacy is minimal. Glancy continues, “When courts take this view, if employees want to have private communications, they can enjoy them on their own time and equipment.”

A greater number of companies are monitoring their employees electronically. Active monitoring of employees has risen recently from 35% in 2001 to 80% in 2012 due largely to the increased awareness. However, the costs of data breaches, internal threats and theft, as well as inappropriate workplace behavior cases such as sexual harassment have been large contributors. Employee monitoring provides important data and information that can be used as forensic evidence in a court of law:

Legal Liability: With workplaces often being designed as shared spaces with open floor plans and cubicles, it is easy for employees to be exposed to materials viewed by their colleagues online. Employees who are unwittingly exposed to offensive graphic material on their office neighbor’s computer screen can result in a hostile workplace environment. This is in addition to any harassment that can occur both via work email and chats.

Legal Compliance: In regulated industries, electronic recording and storage may be considered part of a company’s “due diligence” in keeping adequate records and files. This can provide them with some degree of legal protection. It is similar to a company’s need to tape telemarketing activities and customer calls in order to protect the company.

Security Concerns: Protecting the value of intellectual property and electronic assets is a growing concern for companies. Data threat and data breaches can result in millions of dollars as well as damage to a company’s reputation both with its customers and in some cases with investors.

Finally, if your company does not have an Acceptable Use Policy as part of your employee handbook, now is the time to put one in place. An Acceptable Use Policy (“AUP”) serves multiple purposes. It spells out your policies clearly, so that your employees know what is acceptable or not. In this document, you disclose that the organization has the right to monitor activity on company provided devices and on the company network. Make sure all employees receive a copy your AUP, and acknowledge that receipt.

More companies are instituting employee monitoring to improve their internal security against insider threats, ensure adherence to company policies, and improve overall awareness about what is happening within the company. Utilizing the information above will at least get you started on the right legal footing.

*Please consult the laws in your local jurisdiction as they can vary in other countries. The information provided in this document does not constitute legal advice. You should consult an attorney that is familiar with the law of the state or locale involved regarding your particular concerns.

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Is Employee Monitoring Software Worth The Investment?

Is Employee Monitoring Software Worth The Investment?

Key Takeaways: Employee monitoring software offers detailed insights into employee activities, enhancing productivity and bolstering data security. Choose the right software based on features, cost, integration capabilities, and scalability to align with specific...

How To Choose The Right Employee Monitoring Software

How To Choose The Right Employee Monitoring Software

Remote work is becoming increasingly common, and data breaches are a constant threat. The importance of employee monitoring software has never been more pronounced. For businesses looking to safeguard their digital assets while optimizing workforce productivity,...

UEBA: Revolutionizing Security With Advanced Analytics

UEBA: Revolutionizing Security With Advanced Analytics

Key Takeaways: Behavior-Focused Security: UEBA revolutionizes cybersecurity by analyzing user behavior patterns, providing a dynamic approach to detecting anomalies and potential threats. Flexible and Adaptable: Scalable for any organization size, UEBA integrates with...