Employee Monitoring Explained – How Your Employer Tracks You

Updated: 10 April 2021
Updated: 10 April 2021

Fact-checked by

Keyboard logging software that tracks everything you type, wearable tech that tracks everywhere you go, drones, superzoom cameras, parabolic microphones… No this isn’t the CIA, it’s your employer. Corporations today have a whole slew of technology at their fingertips, specifically designed to monitor and record the actions and behaviors of their employees.

In this guide you will learn about:

  • What is employee monitoring technology
  • How employers monitor their employees
  • Examples of employee monitoring software
  • The legality of employee monitoring
  • How to protect yourself against unlawful employee monitoring

Think you’re immune?

Almost 80% businesses use some form of user monitoring tool and its powerful productivity calculations for their decision making, performance reviews, workplace safety, legal liability protection, and defense from sabotage and IP theft. With the rise of remote work, employers have essentially been given the greenlight to track employees everywhere they go.

Employee Monitoring

But is this legal?

Referencing the relevant US federal privacy law — the Electronic Communications Privacy Act of 1986, which is a law that was created even before the desktop computer was invented — US companies have the right to access every single piece of information on employees when using company assets or on company property. Moreover, most employers’ onboarding process includes an agreement where the employee acknowledges their work email, computers and devices are not private. (Reference here for a full list of what a company can legally track)

Most employers certainly don’t have ill-intent with these technologies, and the majority of managers passively monitor devices to thwart unauthorized access. However, there have been many instances where companies have overstepped and infringed on the privacy of their employees. That’s why you should be aware of how your employer can track you and what they can do with this information.

In this article, we will uncover the various technologies available on the market that employers use to track and rate their employees, and why many of them have been restricted in places like the EU, the global leader in digital privacy.

What is Employee Monitoring Technology?

What is Employee Monitoring Technology

Like many technological advancements, employee monitoring technology finds its origins in government-sponsored programs. Developed for the purpose of mass population surveillance and counter-terrorism by the hand of 3-letter agencies, these powerful monitoring tools — some of which were exposed through WikiLeaks — have since been watered down and privatized for corporate use.

Employers have a wide-range of options for employee monitoring software, each promoting their own niche or speciality. While monitoring capabilities are relatively standard across the board, the major players differentiate themselves through their automated enforcement and safety alerts, employee scoring and evaluation, or productivity forecasting functionality. The leading tools available today are:

  • Teramind
  • EmpMonitor
  • ActivTrak
  • Hubstaff
  • Time doctor

Before diving into what companies can do with your information, let’s first discuss the various methods employers utilize to monitor you.

Collecting Your Digital Information

Once restricted to corporate assets during work hours, employees today are unwittingly agreeing to 24/7 surveillance in exchange for work-from-home privileges and Bring-Your-Own-Device (BYOD) policies. Although the law mandates that employers can only monitor during work hours, the reality is that technology allows managers to monitor employee devices at all times… and when they can, they will.

Teramind is commonly regarded as having the most comprehensive offering of employee monitoring solutions for desktop and servers (not mobile devices), so let’s list their capabilities.

Teramind gives employers the ability to monitor the following:

  • Constant screen recording with playback
  • Keystrokes — on every website
  • Web page visits and duration
  • Email — to, from, subject and body, attachments
  • File transfers
  • Meetings
  • Instant Messaging on ALL platforms – social media, Slack, etc
  • Social media activity, posted content and attachments
  • Searches
  • Printing including Print to PDF
  • Screen snapshots
  • Sessions and network monitoring

Every word you type, every site you visit, every file you access… it’s all recorded and logged as long as it’s on a corporate device, regardless if it is a private email inbox, social media account, or Dropbox. Some applications even allow companies to turn on computer cameras.

Teramind and other monitoring software give employers the option to trigger a hidden agent, which controls whether or not the employee knows they are being monitored at any given time.

For smartphones, Mobile Device Management (MDM) solutions allow employers to monitor and manage corporate or personally-owned mobile devices. While personal texts and emails are not monitored, companies can see how many messages you send and how many contacts you have, as well as what applications you use and for how long. MDM solutions are also used to track GPS location of the device.

Physical Surveillance

Beyond the use of your devices, companies can track where you go using GPS location and video feed from CCTV or device cameras. They can track how long you sit at your desk and even how long you spend in the bathroom.

It’s no secret that a company’s use of video surveillance and audio recording on their premises and in their company vehicles (think: company car) is legally permissible, but what about several blocks away from the office?

High-quality, super-zoom cameras, drones, and parabolic microphones that are used to monitor employee movements and speech are so powerful that they can be used blocks away from the office. This isn’t science fiction, this is happening today with court cases to prove it.

In such cases, Todd Wulffson, a partner at California-based employment and labor law firm, says that the case will settle in the employees’ favor.

“You can absolutely, positively not use a drone to monitor employees unless the employees are advised of it in advance, which they weren’t in this case,” he says. “Even then, the drone has that Big Brother-ish feel to it. A jury will never tolerate a drone or a superzoom camera or a parabolic microphone, or any other technology people wouldn’t expect you to use.” — Todd Wulffson (Source: When Monitoring Your Employees Goes Horribly Wrong)

Wearables

The direct and indirect cost of all workplace injuries and illnesses in the US is more than $250 billion a year. To combat this, companies like Hitachi have begun to equip workers with wearable technology to gather health and location data about their employees.

Hitachi also claims to be able to ‘measure happiness’ with the metrics they collect. Companies that operate warehouses and factories also use wearable locators to assist employees in case of emergency.

How Employee Monitoring Software Uses Your Information

The data collected through various employee monitoring tools is often aggregated into a ‘talent profile’, which allows companies and their HR departments to conduct productivity tracking, performance management, threat detection, or workplace injury prevention.

The business cases for threat detection and workplace injury are relatively straightforward, where employees share their information with companies in order to protect themselves and others from injury or cyber-attack. But productivity tracking and performance management are often contested as a one-way street, with benefits solely belonging to the corporation.

Productivity Tracking

Managers use employee monitoring tools to see how employees spend their time during work hours and assess their productivity, and some even offer real-time monitoring capabilities that allow managers to see what employees are doing at any given moment.

Productivity tracking takes into account how long you spend at your workstation, how many personal messages or personal websites you visit, how active you are on social media, etc., and often aggregate productivity scores (often by calculating productive time as percentage of overall time) so managers can understand how the employee uses company time.

Managers then use this information to identify and motivate unproductive workers, or help take the load off of overworked employees for the sake of work-life balance. This information can be shared with peers and also be fed into talent profiles for Performance Management functions.

Threat Detection

Employee monitoring tools monitor website visitations, file downloads and email attachments for the purpose of threat detection and data loss prevention. Administrators can set specific rules and policies for various roles within the organization to trigger alerts when the rules have been broken.

Some tools will even calculate the risk score of an employee and the likelihood that they will become a ‘bad actor’. This risk information is also fed into an employee’s talent profile for Performance Management functions.

Performance Management

Serving as a culmination of all metrics gathered during employee monitoring, an all-encompassing talent profile is often created for employees to conduct employee evaluations, promotions, or terminations.

Bradley Steven, founder and CEO of LLC Formations, meets monthly with his leadership team to review reports generated by Teramind and discuss employee performance.

“We consult these reports for giving bonuses to the employees, promoting them, or even terminating them because of their performance,” says Bradley. “Detailed report generation is a must-have feature for the monitoring software. After all, monitoring is of no use if we do not get valuable insights from the data.” (Source: The Best Employee Monitoring Software of 2021)

What Can You Do About It

Less than a third of employees are aware of how their employees extract and use their workplace data, or if they have even given consent for it. But even if they had, the power dynamic between an employer and an employee is so convoluted that EU’s privacy regulation does not consider it freely given consent in most cases. What’s more, over half of business leaders report that their companies don’t ask for consent.

Luckily for employees, recent regulations and court rulings seem to be swaying in favor of employees’ right to privacy. The EU’s landmark data privacy regulation, the General Data Privacy Regulation 2016, explicitly restricts what a company can and cannot do with employee data, like automated scoring and profiling of employees — although this only applies to EU companies and EU citizens.

Unfortunately for US employees, there is no federal privacy law and the California Consumer Privacy Act of 2018 does not address employee data. That said, in the U.S., it is mandatory that employee monitoring policies and code of conduct:

  • Are clearly defined and documented
  • Explicitly outline how and what will be monitored
  • Require a written acknowledgment by employees
  • Clarify that there is little or no expectation of privacy when using company property
  • Clearly state that no data unrelated to work performance is gathered
  • Set restrictions on the disclosure of personal data to third parties

Make sure to reference these policies so you understand what your company collects and for what purpose, and reference your onboarding materials to ensure that you have given explicit consent for these monitoring activities.

If you aren’t comfortable with their policies, consider using a separate mobile device or laptop for personal activities. And if you believe that you have been unjustly monitored or your privacy rights have been violated through a wrongful termination or penalty, consult with an employee rights lawyer.

At the end of the day, hopefully you can trust that your employer is treating you with the respect you deserve as a human being, not a human resource.

Written by: Zachary Ignoffo

Connect with the author:

Data privacy specialist, consumer psychologist, and foreign policy researcher. Zachary gravitates towards the cutting edge fields of cybersecurity and privacy risk management to help organizations across industries safely pave the way into green pastures. Zachary has consulted IoT and IIoT companies on SSDLC and Privacy-by-Design, Fortune 500 retail companies on US and foreign governance documentation, and just about everything in between. Previously, Zachary got his start by working abroad in Shanghai as a Mandarin translator for a large, cybersecurity-consulting firm.

Leave a Reply

Your email address will not be published.