Remote working is here to stay and may very well become the new standard for how employees get their work done. But this leaves IT professionals in a bit of a quandary — how to monitor the activities of their remote employees without breaching privacy protection laws? Let’s take a look at how to best go about it.
With in-office work, it was completely legal to monitor employees’ work computers to ensure they were doing company-related work on company time. Everything from browsing Facebook and spending too much time on Youtube was flagged, and some employers even want as far as creating their own music streaming network so employees wouldn’t spend valuable time fiddling with Spotify.
In any case, this level of monitoring has been the norm, especially since the IT equipment used in the office are company property. It even extends to employees working outside the office but still using company-owned equipment, including cars, laptops, mobile phones, and so on.
However, what if the employee is working remotely but using their personal computers or smartphones to do the work? How do you monitor that? More importantly, is it even legal?
The Short Answer…
Yes, it is indeed possible for IT professionals to monitor their remote employees’ personal computers, provided the employee is using it for company work. This means the employees are connected to the work network during that period.
The network firewalls of the company network can pick up unauthorized activities, such as browsing social media or playing online games, during work hours. If you really think about it, the network is where the bulk of the work gets done anyway when it comes to remote work. Everything from emails and cloud storage to file sharing and other digital assets is hosted on the company’s network.
However, firewalls generally offer entry-level monitoring. This has resulted in the rise of add ons and alternative programs designed for more detailed employee activity monitoring.
What Does The Law Say About Monitoring Personal Computers?
More importantly, how much disclosure should employees receive about such monitoring? There’s no straight answer as there is yet to be a uniform law governing this type of scenario. However, if a country has specific provisions for personal computer monitoring, then such laws are subject to interpretation by the legal system of that region.
In the United States, the Electronic Communications Privacy Act of 1986 allows companies to monitor the activities of their employees who are using their system. This means network administrators can track other non-work activities as long as the employee is still logged in to the company’s network and it involves a legitimate business need.
As you can see, this can present a conflict with other laws with certain provisions covering digital privacy. For instance, across Europe and some regions in the U.S., the General Data Protection Regulation (GDPR) laws give individuals control over what third parties get access to their personal data and how much information they can access. This means there must be consent on both ends — the party doing the monitoring and the party being monitored.
As the employer or IT leader, this is a grey area that may require further interpretation. For example, the employee might log in to their personal Facebook account while on the company network for a quick chat with a friend. You may be allowed to track this activity, but you may be in breach of the GDPR law since the act of monitoring the activity can give you access to the employee’s friend’s information.
What You Can Do About It?
As the idea of remote working becoming a new norm gets further cemented, it’s only a matter of time until we start seeing new legislation that provides clear guidelines for how to track remote employees’ activities using their PCs for work.
In the meantime, you can tackle such matters by setting up a comprehensive company policy to govern remote working. If necessary, get a lawyer to provide professional guidance so there are no grey areas and everyone knows what is expected of them.
For instance, the policy can state that while logged into the company network, employees may not launch any non-work-related emails and chatting apps.
As long as the employee has consented to this rule, then the network admin can carry on monitoring work activity and simply delete any data pertaining to third-party communications outside of work. The company’s HR department can also mete out disciplinary action to the employees for doing non-work related activities on company time.
Since employees are more productive when they are not spending time on outside distractions, it can be safe to assume that companies can reasonably ban the use of all non-work programs while logged in to the company network.
What Do Employees Need To Know?
Generally, employees must be informed if the employer is tracking their work-related activities on their personal computers or mobile devices. However, the employer is not necessarily required to obtain their consent.
Still, providing disclosure and obtaining consent can go a long way in preventing potential issues down the line, especially as remote working takes more center stage.
What If The Employee Is Still Logged Into The Company Network Outside Of Work Hours?
Perhaps it’s the end of the workday, but the employee stays logged in and is now browsing their favourite online store or scrolling down their Twitter feed — it is their PC after all. In this instance, there’s no need to actively monitor the employee’s online activity since it does not pertain to the legitimate business needs of the company.
However, this doesn’t mean that the activity will not be tracked by the network’s firewall or tracking program. The data may be useful in some cases, such as if a security issue occurred during that period, but otherwise, the administrator should simply delete it.
The Bottom Line
Even as governments around the world lifted their imposed lockdowns and declared it relatively safe to return to the office, many employees remain reluctant to resume the daily grind and prefer to continue working from home.
This represents a new workplace dynamic; one that companies need to include in their policies to avoid violating privacy laws.