Keyboard logging software tracks everything you type, wearable tech tracks everywhere you go, drones, superzoom cameras, parabolic microphones… No this isn’t the CIA, it’s your employer. Corporations today have a whole slew of technology at their fingertips, specifically designed to monitor and record the actions and behaviors of their employees.
Think you’re immune?
Almost 80% of businesses use some form of user monitoring tool and its powerful productivity calculations for their decision making, performance reviews, workplace safety, legal liability protection, and defense from sabotage and IP theft. With the rise of remote work, employers have essentially been given the green light to track employees everywhere.
But is this legal?
Referencing the relevant US federal privacy law — the Electronic Communications Privacy Act of 1986, which is a law that was created even before the desktop computer was invented — US companies have the right to access every single piece of information on employees when using company assets or on company property. Moreover, most employers’ onboarding process includes an agreement where the employee acknowledges their work email, computers, and devices are not private. (Reference here for a full list of what a company can legally track)
Most employers certainly don’t have ill-intent with these technologies, and most managers passively monitor devices to thwart unauthorized access. However, there have been many instances where companies have overstepped and infringed on the privacy of their employees. That’s why you should know how your employer can track you and what they can do with this information.
In this article, we will uncover the various technologies available on the market that employers use to track and rate their employees, and why many of them have been restricted in places like the EU, the global leader in digital privacy.
Like many technological advancements, employee monitoring technology originates in government-sponsored programs. Developed for mass population surveillance and counter-terrorism by the hand of 3-letter agencies, these powerful monitoring tools — some of which were exposed through WikiLeaks — have since been watered down and privatized for corporate use.
Employers have a wide range of options for employee monitoring software, each promoting its niche or specialty. While monitoring capabilities are relatively standard across the board, the major players differentiate themselves through automated enforcement and safety alerts, employee scoring and evaluation, or productivity forecasting functionality. The leading tools available today are:
Before diving into what companies can do with your information, let’s first discuss the various methods employers utilize to monitor you.
Once restricted to corporate assets during work hours, employees today are unwittingly agreeing to 24/7 surveillance in exchange for work-from-home privileges and Bring-Your-Own-Device (BYOD) policies. Although the law mandates that employers can only monitor during work hours, the reality is that technology allows managers to monitor employee devices at all times… and when they can, they will.
Teramind is commonly regarded as having the most comprehensive offering of employee monitoring solutions for desktop and servers (not mobile devices), so let’s list their capabilities.
Teramind gives employers the ability to monitor the following:
Every word you type, every site you visit, every file you access… it’s all recorded and logged as long as it’s on a corporate device, whether it is a private email inbox, social media account, or Dropbox. Some applications even allow companies to turn on computer cameras.
Teramind and other monitoring software allow employers to trigger a hidden agent, which controls whether or not the employee knows they are being monitored at any given time.
For smartphones, Mobile Device Management (MDM) solutions allow employers to monitor and manage corporate or personally-owned mobile devices. While personal texts and emails are not monitored, companies can see how many messages you send, how many contacts you have, what applications you use, and for how long. MDM solutions are also used to track the GPS location of the device.
Beyond your devices, companies can track where you go using GPS location and video feed from CCTV or device cameras. They can track how long you sit at your desk and even how long you spend in the bathroom.
It’s no secret that a company’s use of video surveillance and audio recording on their premises and in their company vehicles (think: company car) is legally permissible, but what about several blocks away from the office?
High-quality superzoom cameras, drones, and parabolic microphones that monitor employee movements and speech are so powerful that they can be used blocks away from the office. This isn’t science fiction, this is happening today with court cases to prove it.
In such cases, Todd Wulffson, a partner at California-based employment and labor law firm, says that the case will settle in the employees’ favor.
“You can absolutely, positively not use a drone to monitor employees unless the employees are advised of it in advance, which they weren’t in this case,” he says. “Even then, the drone has that Big Brother-ish feels to it. A jury will never tolerate a drone, superzoom camera, parabolic microphone, or any other technology people wouldn’t expect you to use.” — Todd Wulffson (Source: When Monitoring Your Employees Goes Horribly Wrong)
The direct and indirect cost of all workplace injuries and illnesses in the US is more than $250 billion a year. To combat this, companies like Hitachi have begun to equip workers with wearable technology to gather health and location data about their employees.
Hitachi also claims to be able to ‘measure happiness’ with the metrics they collect. Companies that operate warehouses and factories also use wearable locators to assist employees in an emergency.
The data collected through various employee monitoring tools are often aggregated into a ”talent profile”, which allows companies and their HR departments to conduct productivity tracking, performance management, threat detection, or workplace injury prevention.
The business cases for threat detection and workplace injury are relatively straightforward, where employees share their information with companies to protect themselves and others from injury or cyber-attack. But productivity tracking and performance management are often contested as a one-way street, with benefits solely belonging to the corporation.
Managers use employee monitoring tools to see how employees spend their time during work hours and assess their productivity. Some even offer real-time monitoring capabilities that allow managers to see what employees are doing at any moment.
Productivity tracking takes into account how long you spend at your workstation, how many personal messages or personal websites you visit, how active you are on social media, etc., and often aggregates productivity scores (often by calculating productive time as a percentage of overall time) so managers can understand how the employee uses company time.
Managers then use this information to identify and motivate unproductive workers or help take the load off of overworked employees for work-life balance. This information can be shared with peers and fed into talent profiles for Performance Management functions.
For threat detection and data loss prevention, employee monitoring tools monitor website visitations, file downloads, and email attachments. Administrators can set specific rules and policies for various organizational roles to trigger alerts when the rules have been broken.
Some tools will even calculate the risk score of an employee and the likelihood that they will become a ”bad actor”. This risk information is also fed into an employee’s talent profile for Performance Management functions.
As a culmination of all metrics gathered during employee monitoring, an all-encompassing talent profile is often created for employees to conduct employee evaluations, promotions, or terminations.
Bradley Steven, founder and CEO of LLC Formations meets monthly with his leadership team to review reports generated by Teramind and discuss employee performance.
“We consult these reports to give employees bonuses, promote them, or even terminate them because of their performance,” says Bradley. “Detailed report generation is a must-have feature for the monitoring software. After all, monitoring is useless if we do not get valuable insights from the data.” (Source: The Best Employee Monitoring Software of 2021)
Less than a third of employees are aware of how their employees extract and use their workplace data or if they have even given consent. But even if they had, the power dynamic between an employer and an employee is so convoluted that the EU’s privacy regulation does not consider it freely given consent in most cases. Moreover, over half of the business leaders report that their companies don’t ask for consent.
Luckily for employees, recent regulations and court rulings seem to be swaying in favor of employees’ right to privacy. The EU’s landmark data privacy regulation, the General Data Privacy Regulation 2016, explicitly restricts what a company can and cannot do with employee data, like automated scoring and profiling of employees — although this only applies to EU companies and EU citizens.
Unfortunately for US employees, there is no federal privacy law, and the California Consumer Privacy Act of 2018 does not address employee data. That said, in the U.S., it is mandatory that employee monitoring policies and code of conduct:
Make sure to reference these policies, so you understand what your company collects and for what purpose, and reference your onboarding materials to ensure that you have given explicit consent for these monitoring activities.
If you aren’t comfortable with their policies, consider using a separate mobile device or laptop for personal activities. And consult with an employee rights lawyer if you believe you have been unjustly monitored or your privacy rights have been violated through a wrongful termination or penalty.
Hopefully, you can trust that your employer is treating you with respect you deserve as a human being, not a human resource.
Related guide: The Ultimate Guide to Data Subject Rights Under the GDPR