Employee Monitoring & Privacy Expectations

Technology has allowed employees to enjoy increased autonomy and flexibility with things like telecommuting and mobile working. However the same tools have also been used to facilitate the intrusion of professional life into the personal sphere and sometimes the intrusion of the employer into the private lives of its employees.

Monitoring & Privacy in the US

US employers engage in a variety of work-related monitoring practices for a range of legitimate business purposes. Employees in the US tend to have minimal expectations of privacy in the workplace, while employers usually destroy any remaining limited expectations through notices and warnings regarding monitoring in employee handbooks, computer log-in screens, electronic systems use policies and privacy statements.

Employers in the US argue that there are many good business reasons to electronically monitor employees in the workplace. Here are some of the major reasons for implementing monitoring practices:

  • Monitor employee productivity in the workplace.
  • Maximize productive use of the employer’s computer system when employees use computers on the job.
  • Monitor employee compliance with employer workplace policies related to use of its computer systems, email systems and internet access.
  • Investigate complaints of employee misconduct, including harassment and discrimination complaints.
  • Prevent or detect industrial espionage (e.g. theft of trade secrets and other proprietary information; copyright infringement; patent infringement; trademark infringement).
  • Prevent or respond to unauthorized access to the employer’s computer systems, including access by computer hackers.
  • Protect computer networks from being overloaded by large downloadable files.
  • Prevent or detect unauthorized utilization of the employer’s computer systems for criminal activities and terrorism.
  • Help prepare the employer’s defense to lawsuits or administrative complaints such as those brought by employees related to discrimination, harassment, discipline, or termination of employment.
  • Respond to discovery requests in litigation related to electronic evidence.

A “reasonable expectation” of privacy

As employers compensate employees to perform their jobs, the courts have traditionally granted employers wide latitude to monitor their employees’ work performance and productivity, provided that such monitoring does not violate an employee’s reasonable expectation of privacy. Courts usually act deferentially, even when employers engage in electronic surveillance (e.g. monitoring phone lines, email accounts and internet access), as long as the employer has disclosed its monitoring policy to its employees.

State & Federal Regulations

Before employing any form of electronic monitoring, organizations should be aware of two important pieces of federal legislation:

The ECPA restricts employers from monitoring employee telephone calls or emails when employees have a reasonable expectation of privacy. Organizations may intercept communications when there is actual or implied member consent. Simply notifying members that monitoring takes place can constitute consent.

The NLRA is known for guaranteeing workers the right to join unions without fear of management reprisal, however the Act might have some relevance to internet and network monitoring. The National Labor Relations Board (NLRB) has reported that a company’s computer network is a “work area.” Any rules prohibiting all non-business use of email on a company’s network could therefore be considered unlawful under the NLRA. Organizations can also be in violation of the NLRA when the monitoring of members is found to selectively punish labor organizing activities.

Some states have enacted laws requiring organizations to give notice to members before engaging in electronic monitoring activities. It’s important to note, however, that even in states with legislation covering this issue, organizations wishing to monitor their members are not necessarily restricted. Most state laws covering this issue attempt to impose regulations on the frequency and extent of notification.

ILO’s Code of Practice

The International Labor Organization (ILO) is active in the debate surrounding internet and network monitoring. It has developed a code of practice that may be used as a guideline for other organizations developing their own privacy and acceptable use policies. The Code specifies that employees’ data should be collected and used consistently with Fair Information Practices (FIPs).

These practices include:

  • Notice: Data collectors must disclose their information practices before collecting information from consumers.
  • Choice: Consumers must be given options with respect to how personal information collected from them may be used for purposes beyond those for which the information was provided.
  • Access: Consumers should be able to view and contest the accuracy and completeness of data collected about them.
  • Security: Data collectors must take reasonable steps to assure that the information collected from consumers is accurate and secure from unauthorized use.


US employers engage in a variety of work-related monitoring practices for a range of legitimate business purposes. This article introduces the topic of workplace monitoring in a US context. It also provides an overview of state and federal legislation covering workplace monitoring activities and discusses the International Labor Organization’s (ILO’s) code of practice regarding employee monitoring.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam,  a privacy professional should be comfortable with topics related to this post, including:

  • Employee monitoring (IV.B.b.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>