Whether you’re looking to maximize workplace productivity, determine timelines or ROI for projects, or reduce the chances of employees lining their pockets by stealing from your business, there are plenty of reasons why you might consider monitoring your employees in the workplace.
But, when deciding whether or not to begin monitoring your employees at work, along with questions of legality, there are also personal considerations as to whether you feel it’s morally ok to monitor your employees.
It’s not a given that monitoring in the workplace is synonymous with prevention. For example, while a time clock monitors time worked, you’ve probably noticed that simply having a clock does not prevent people from “milking” the clock. The same can be true for cameras and other monitoring devices. It’s not the mere presence of monitoring that’s important so much as what you do with what you monitor.
From setting up video cameras in your office to running software that keeps track of how your employees are using company-owned devices, there are more ways than ever before for employers to keep an eye on their teams. But which methods are right for your business, and what legal traps might present themselves along the way should you decide to implement employee monitoring practices at your business?
Here’s a brief rundown on the subject for business owners across the U.S.
Types of Employee Monitoring
The methods you use to monitor your employees will depend on what it is you are trying to accomplish. Employer options include:
- Video surveillance
- Audio surveillance
- Call recording
- GPS tracking of company-owned vehicles and devices
- Access logging (keycards, biometric scanners, etc.)
- Employee monitoring software
Types of Employee Monitoring Software
- Timekeeping & attendance programs
- Device screen recording
- Keylogging
- Email monitoring
- Website and application tracking
Does Employee Monitoring Work?
Notifying employees that their activity may be monitored while at work may be enough of a deterrent to keep most of your team from pushing the limits of what they can get away with. But individuals who are intent on cutting corners, viewing inappropriate content at the office, or embezzling from their employers are probably going to find a way to do it, regardless. Therefore, monitoring employee activity in the workplace works best to determine how and when a breach occurred after the fact than it does as a preventative measure.
Generally speaking, most employees accept that they will enjoy a lower level of privacy in the workplace than they have at their own homes and/or on their free time. In fact, a 2018 poll by tech security company Dtex found that nearly half of Americans say that it’s acceptable for employers to monitor employees’ digital activities for security purposes, and 77 percent said they would be less concerned about digital monitoring if their employer let them know about it up front.
With respect to the use of video surveillance, while there are exceptions to the rule, it has been well documented that cameras do not prevent embezzlement, nor do they do much to detect it. Embezzlers embezzle. Thieves steal. Cameras just make them get creative about their methods.
In fact, in both of the two biggest embezzlement cases we have ever seen here at CEDR—and we’re talking more than a million dollars each time—there were cameras in the office. In both instances, the cameras were of no use as the embezzlers did what embezzlers do: they found ways to steal outside of the obvious controls!
Is employee monitoring legal?
State and federal laws tend to leave much of the decision about employee monitoring to employers, though there are limits to that discretion. Along with federal and state wiretapping regulations, there are also general privacy concerns you will need to be aware of.
When it comes to phone call recording and audio surveillance, for example, federal law requires that at least one party involved in a conversation give their consent to be recorded. And 11 states have actually passed laws requiring that both parties give consent to be recorded.
Further, HIPAA laws put the onus of protecting patient data on healthcare providers rather than the tech companies that serve those providers. Therefore, if you plan to record audio or video in a healthcare or dental office and there’s a chance that your recordings might capture patient information, you’ll need to enter into a Business Associate Agreement (BAA) with your service provider in order to protect yourself and your practice.
So, if you run down to Costco and buy a Nest Cam for your medical practice and the recordings from that device are going to Google’s servers, you now have to deal with issuing your BAA to Google!
If you intend to record audio, including phone calls, at your business, it is best practice to both check your state and local laws regarding recording calls, and to include an automated message informing callers that their call might be recorded (no doubt you’ve heard these messages before when calling a customer service call center for any national service provider you work with).
When it comes to digital monitoring, some states (such as Connecticut and Delaware) have their own regulations with respect to notifying employees of your intention to track their digital activity or read their emails. Check local laws before putting employee monitoring software to work for your business.
Note: All CEDR employee handbooks include comprehensive monitoring policies so employees understand they have no expectation of privacy while using the company computers.
Are you creating a HIPAA violation?
As with all activities in your office, healthcare professionals must be ever vigilant about HIPAA compliance. Remember: if you capture Protected Health Information (PHI) on your cameras or audio, the devices and systems themselves must also be HIPAA compliant. Failing to notice that you have captured HIPAA-protected information is not an excuse.
As HIPAA experts, we have trained nearly 30,000 employees as well as several thousand HIPAA compliance officers via our on-demand HIPAA training software (you can actually use it to train your team free for a year). Through the years we’ve found that the off-the-shelf port systems on self-installed cameras are EXTREMELY vulnerable to back-end access, which is the very definition of a breach.
This means that hackers could easily gain access through the camera and then get into your systems. We’ve also found that a fair amount of the professionally installed versions have the same vulnerability. If you don’t know for sure that your device and recording practices are secure and aren’t creating HIPAA compliance issues, you need to find out.
Employee privacy is also an issue.
For the best results, employers should be transparent with employees about their intention to monitor their activity at work in any form. Have a properly written policy on monitoring in your employee handbook and make sure that your handbook is signed by all new employees on their first day of work.
Though employees may be generally willing to accept having their activity monitored while at work, the Dtex study mentioned previously also found that 70 percent of employees would consider leaving a job if they found out that an employer was monitoring their devices without letting them know up front. Still, 62 percent of employees said they would be comfortable having workplace devices monitored if the data was anonymized and used specifically for security purposes.
Catching unauthorized activities going on in your office on isn’t all you have to worry about when monitoring employees at work. Recording your employees’ conversations may also result in you learning things that you are not supposed to know and cannot act upon, including information about an employee’s health or other protected information disclosed to a friend or family member during a private phone call.
Video surveillance presents its own set of challenges. For example, security cameras should not be placed in private areas, especially places like locker rooms, restrooms, and operatories, where your employees and patients have a reasonable assumption of privacy. If you capture an employee changing clothes on video, you have a problem.
Tracking company vehicle locations, device locations, and even monitoring web browsing activity on work devices can also cause problems when those devices are tracking off-the-clock activity which may be outside the scope of your right-to-know as an employer.
Too much information can cause legal problems for YOU, especially if you later make employment decisions based on (or which might be construed as being based on) that knowledge.
Conclusion
Whether your intention is to prevent unauthorized activity or maximize employee productivity, it’s important that employers are aware of the laws governing the methods of monitoring they choose to employ. Further, your employee handbook policy on monitoring must comply with notice requirements and protect you at the same time, and you’ll need to be considerate of your employees’ privacy concerns, as well.
State and federal laws often have something to say about whether you can record the audio of your employees or not, and HIPAA laws include provisions about securing servers and purging recordings.
HIPAA requires that you keep all of your patient information secure. For healthcare professionals, allowing your cameras to record and store audio and video means that you must also protect and encrypt the device you record it to if there’s a chance that it might capture patient PHI. Loss of this data could cost you up to $50,000 per patient.
Are you excited about being able to check your cameras from your phone? Cameras are often linked via a network, so you’ll need to make sure your camera’s internet ports are properly set up and that they do not expose you to backdoor hacking.
From audio and video surveillance, to GPS tracking of vehicles and devices, to monitoring online activity at work, employers have a lot of options when it comes to monitoring their employees’ activity on the clock. The important thing is to make sure you’re doing it legally and that you have your employees’ consent to do so.
This post was originally published on November 15, 2015. Updated February 6, 2020.