Most of us go through our daily lives unthinkingly assuming that our actions, movements and conversations are private. However, in today’s high tech and connected world, that is no longer the case. If you drive a car, carry a phone or live in a big city, you are currently under some form of surveillance. Every phone is now a GPS and recording device. At the same time, drones and Google Maps, Waze or other traffic applications and the like are capturing and sharing your images and whereabouts.
The surveillance debate used to split into two camps: (1) those who believed that we had an absolute right to privacy, and (2) those that were willing to sacrifice some of that privacy for a sense of greater good and security.
The debate is still raging, but one thing is sure: surveillance is happening and the workplace is no exception.
Employee Safety vs. Employee Privacy: Every Employer’s Workplace Surveillance Debate
While employees readily give away “private” information by posting their every movement, lunch item and 140-character thoughts online in real time, most still expect that their internet search histories, and anything shared privately on Facebook and other online applications are private.
However, when the computer or mobile phones employees are using to tweet, text and post are owned by their employer, the employee privacy line becomes fuzzy. Employees are also subject to their employers’ security precautions such as controlled access or security systems that track who accessed what rooms, data or equipment when. The same is true for company-owned cars, trucks or other assets: companies have the ability to see a great deal of data that employees may think is private.
Is Workplace Surveillance Justified?
For businesses, some level of workplace surveillance is a must—for ensuring workplace safety and security, monitoring for proper use of company assets and for conducting investigations of alleged misconduct.
To make this surveillance respectful and culture-enhancing (rather than being seen as “Big Brother”) it is important for companies to think carefully about the kind of surveillance they do, and the legal limits of workplace surveillance. Employers should also be transparent about what employees can expect in terms of their workplace privacy rights. The disagreements (and lawsuits) can come when the conversation turns to “what is acceptable surveillance?”
The Limits of Workplace Surveillance
When deciding what kinds of workplace surveillance to put in place, compliance professionals need to consider the risks of each form, and work with colleagues in legal, operations and HR to ensure that each action adheres to applicable workplace privacy laws, and that employees are regularly apprised of their rights. Cross-functional discussions should occur around forms of surveillance such as:
- Security Cameras: Most employees—especially in some industries such as retail and manufacturing—understand the need to have security cameras in many areas of operations. Nevertheless, absent a compelling reason, or clear and convincing permission by all parties, surveillance in areas and of activities with high expectations of privacy are off limits. These include bathrooms, locker and changing facilities, designated breast feeding locations and any other areas where personal, private activities occur.
- Company-Provided Computers and Phones: Companies need to set the expectation that any company-provided computer or phone—and the communications, searches and data stored on them—are being monitored and may be subject to search or seizure at any time. However, companies should not presume this right absent notification and awareness to the affected employees. The company policy should be clearly stated in the Code of Conduct and in other applicable policies (such as those related to IT security and use of company assets). Limits of use and the repercussions of failing to follow those guidelines should also be clear and regularly revisited.
- Social Media Monitoring: Most employees probably do not expect surveillance of personal posts on social media sites, especially when they are not made on company computers or assets. But in many cases, we would be wrong. (As was evidenced in a recent, eye-opening New York Times article.) More and more often, companies are searching social media sites looking for negative, defamatory or illegal statements (e.g. insider tipping) about the company. In some cases, employees have been disciplined or companies have demanded usernames and passwords to social media accounts. This is an area where the law and practice is still developing, and compliance professionals should step very carefully.
Fostering a Culture of Trust and Transparency Around Workplace Privacy Issues
To help ensure employees are aware of the ways an organization is monitoring activities—and help them understand the business reasons for doing so, it’s important that companies have the following guardrails in place:
- Create Strong, Clear Company Policies. Policies related to workplace privacy and employees’ privacy rights should be drafted and communicated to all employees.
- Implement Reasonable Limits and Strong Governance for Investigations. There are horror stories and litigation about rogue IT or corporate security people who are charged with conducting legitimate investigations—but then abuse their roles and authority by looking at personal and private information unrelated to their investigation. The authority and limits of investigations should be clearly established and monitored. This not only provides peace of mind that investigations will not run amok, but also ensures that investigations are instituted according to policy and not on a whim.
- Understand and Adhere to Legal Restrictions Related to Employee Privacy Laws. While workplace surveillance may now be an accepted practice, there are state, federal and agency (e.g. NLRA) laws and rules which may impact the limits of surveillance or disciplinary actions that can be taken. Make sure that you understand employee privacy laws, and adhere to them.
Workplace surveillance is now a given; it’s up to a company's leadership team to ensure that surveillance is reasonable, necessary, limited and done with consent. Employees must be regularly reminded to read and understand all organizational policies which might involve surveillance. And in all cases—especially for compliance professionals—assume that what you are doing or saying may be observed by someone else and ask yourself, “Is this activity or comment something I am prepared to share with others?”