78% of survey say excessive employee monitoring would impact their decision to join, or remain at their employer.
According to a survey of over 150 business and consumer responders by privacy firm Privacy1 (www.privacyone.co) 78% of respondents said they would think twice about joining or even remaining at a company that employed excessive or unethical employee monitoring, further, 97% of those surveyed said that employers should be 100% transparent about the specific purposes the data is used for and the types of data collected.
The survey shows that 78% of employees would not want to work for an employer who monitors them
With maturing digitisation, employee monitoring systems are becoming increasingly deployed and increasingly detailed. Traditionally used, for example, to detect fraud, cybersecurity attacks and malicious employees, new technology capabilities are now being used to monitor productivity, activity and social interactions. This has led to vast amounts of data, including personal data, that can violate basic human rights and impact business negatively if proper data protection and operational management are not observed.
The capability to monitor staff in detail has advantages, so much so there are new services emerging from firms like PwC to deploy such systems and policies. The tool vendors state that such technologies give you protection against security threats, effective productivity gains and reduced operational costs. But, with all this data are you losing sight of the value of the employee?
Technology - just because you can, doesn't mean you should !
These advanced tools are designed to blanket capture as much data as possible, the ethical liability lies with the employer to manage. Some systems boast “absolute employee control” and capabilities to deploy in “stealth mode, without your employee’s knowledge” some even enable the capability to “live stream desktops with historical playback”. The survey suggests that there are some data types that employees feel are legitimate and necessary such as file uploads/downloads (41% approved) email (39%) and application sessions (38%). However only 30% of respondents consider it’s ok to monitor employee productivity with these technologies.
Survey shows that some measures are better understood and accepted by employees being monitored
Conversational related data monitoring scored much lower; Audio monitoring (14%) Social media monitoring (12%) and elements like keystrokes and screen snapshots are seen as highly unethical. What’s worth noting is that more than a quarter of respondents considered it is not acceptable to monitor any data in a work environment.
“just because you can doesn’t mean you should”
With blanket capture of data approach there is a considerable cost in integrating to all these data sources and applications, maintaining the interfaces to constantly changing apps and deploying tech like network interception. Additionally, content like audio, video and screen scraping are storage hungry, and it is indiscriminate with the risk of capturing personal data that you did not intend, and that the business has no purpose or legal basis to capture or use. So, there is an argument to consider, as with many things in life “just because you can, doesn’t mean you should”
Privacy — more personal data, more corporate liability
From a privacy perspective your legal liability exposure will depend upon where you operate. If we consider Europe as it is the most stringent, firms must have a purpose of processing for every data element captured and it must be legitimate, necessary and final as well as being proportional. This record must be maintained and kept up to date. If you capture video, you should consider location and time in this context.
For example, if you are based in Houston and are monitoring a sales employee in the UK by turning on the webcam on their work laptop, you could very well be capturing images, video and audio from within their home during their non-working hours. You could capture data not only about your employee, but also their spouse and children who all have rights to have that data protected.
Survey shows that some business purposes for employee monitoring are viewed as more ethical than others
According to the survey, employees consider some purposes more ethical than others. Legitimate purposes such as intellectual property and security are better accepted, whereas areas such as work place/time tracking employees find too invasive.
“you should consider very carefully what you want to achieve”
Regardless of the law, you should consider very carefully the purpose of collection and what you want to achieve from a business perspective. Some types of data such as “logon time” is much easier to categorise and apply a purpose to than more indiscriminate sources of data, such as chat logs, audio and video.
Collecting vast amounts of data without this consideration, will mean your privacy team has to manage all these data categories, purposes, reasons for processing and legal basis. You as a business will also have to manage the legal and reputation risks of inadvertent personal data capture from your employees, and, potentially anyone in video or audio that they spend time with.
You should also consider transparency. European laws state that you must be transparent both before and after capture and in most cases have the consent of the user to capture that data for the purposes stated. If you are blanket capturing, you should ensure that you have a flexible and interactive consent system and that you have clear policies to be as transparent as possible with your employees, even if you are not in Europe, as their buy in is vital to prevent alienation.
The Human — the most critical element
This survey attempts to expose this most critical element of employee monitoring, as stated above “just because you can doesn’t mean you should” and this is never truer when considering people. Not many of us work better when the boss is looking over your shoulder. If you have sales, marketing, programmers and creative people, they often do not conform to normal working hours, and they often employ “out of the box thinking” to come up with new ideas, solutions to customer problems, new campaigns etc.
This kind of thinking is stagnated if you are heavily monitoring such roles. People use crazy ideas as inspiration and brain storming, but not many are open to you recording them, hence, you can stub out the very essence of what makes these kinds of people the innovators in your business.
People in different roles work differently, some work in the office, some in the field, some keep irregular work hours, some are offsite at customers, suppliers and business partners. Hence you will need to have a proxy and policy for monitoring different kinds roles that respects different working styles, and, consider the privacy ramifications of location, time and 3rd parties.
“hire the best and trust them”
There is a strong argument for a balanced way to manage people. Great leadership and solid fair, human, people management inspires trust and commitment. As an employer people will work for a longer tenure, will go over and above the 9 to 5 if they feel they are trusted and valued. If you have management that inspires, hires the best and trusts them you will get much more value from your staff than if you subscribe to the “every minute lost is lost productivity” thinking.
Survey shows 97% of employees feel they should be made aware if employee monitoring is used
The survey shows that transparency is vital to get buy in for employee monitoring. If you have to deliver bad news as a business, tell them why up front and in good time, the same is also true for monitoring. If your purposes are clear and your staff understand the threats and solid reasons they may not like being monitored, but they will understand. If you secretly collect data about their social activity, each and every keystroke, each and every door access, track network patterns, capture images from webcams you are more likely to alienate the majority of great employees you have while trying to weed out a few bad actors.
Operations — cost vs business value
If you deploy a system that captures lots of data, especially large data sizes like audio, video and images, you should also consider the costs and effort to manage such volumes. Monitoring each employee in detail, remotely over the network will increase bandwidth consumption, storing and backing up the data will increase storage consumption, and, these have management and cost overheads.
We think the biggest operational and technical challenge, however, is the monitoring operations themselves. How do you correlate data from multiple sources and multiple formats and analyse it with context to be able to extract reports that would be useful to management? Many firms are seeing the need for a team of people just to manage these systems which of course also comes with cost overheads. Should you use AI to analyse? Is the data and processing passed to a 3rd party, even another country? How do you manage the security and privacy of all that personal data with the 3rd party?
Privacy operations also need to be considered, how will you manage all the retention times for each and every data element, keep your records accurate and make sure data is deleted at the correct time. How do you ensure that you have all the consent, purpose, legal basis for processing all the data elements that may be captured by wide scale monitoring?
The costs here are significant, over and above the cost of the monitoring software and its architecture, implementation and consulting, you should account for the costs of integration into your systems, additional storage capacity, additional network bandwidth, load and capacity of the privacy team, heads for the analysis team and costs of an AI platform or outsource. Operationally this is a big project, so you should weigh up what do you want to achieve and is it worth it ?
In Summary
It is clear from this survey that employees also see the purpose and necessity in some monitoring, in fact many assume that it takes place without their knowledge. But, excessive and detailed monitoring, especially if undertaken covertly can have a big impact on the trust bond with majority of well performing staff, and may even contribute to skills drain and poor retention. There are good arguments for proper monitoring of valid metrics, but if wholesale data capture is employed, you have to question the operational costs and risks against the potential business benefits. You may also want to look at how consent is captured and managed and how you will change the data you hold based on the consent choices of your staff.
With the costs and risks growing exponentially with the complexity and scope of the data captured, and employee motivation and trust inversely proportional to that same scope, there is a balance to strike between the cold critical needs of the business, and the warm human interaction with a trusted manager.
If you feel that employee monitoring will be of value to you as a business, then careful consideration of the purposes, actual benefits and how you will develop a proxy to monitor different kinds of people in different roles and locations under different privacy laws would be prudent. Getting employee buy in and blending the use of such technologies with solid, respected management practises and experienced managers who can use these tools as a part of balanced approach that respects the human needs and rights of your staff will be vital to ensure your success and ensure you keep the great employees you currently have.
About Us — Privacy1 (www.privacyone.co) is a software company headquartered in Stockholm that develops technologies for practical management of personal data. With a vision to empower the consumers and citizen to manage their own data consent, and provide tech to help companies and governments encrypt, secure and automate to ensure they fulfil their privacy promises, Privacy1 is about building trust to reset the data privacy balance to the advantage of all.
Comments