How to Create an Ethical Computer Monitoring Policy

Though it preceded always-on smart devices and pervasive social media, the Electronic Communications Privacy Act of 1986 (ECPA) provided the foundation for ethical computer monitoring policy across workplaces and organizations.

Under certain conditions, the act allowed employers to track team members' real-time activities and locations. Companies began monitoring their employees' behavior through GPS technology, written and verbal communications, and other technology-driven tools.

As of 1986, employers were — and still are — responsible for sharing their computer monitoring policies with their staff. This transparency gives workers confidence that the company handles their data appropriately and follows legal boundaries.

A written policy, provided during recruitment or employee onboarding, ensures employees understand why the company collects data and how they use it to inform business decisions.

Implementing a computer monitoring policy is legal in every U.S. State and territory. However, many states have since enacted laws protecting workers from unnecessary invasions of privacy from their employers.

For example, Hawaii has rules that stipulate "employers [may not compel] employees to download a mobile application to the employee's communication device that enables the employee's location to be tracked or the employee's personal information to be revealed."

Delaware prohibits employers from intercepting email without providing written or electronic notice to employees.

And, New York Code § 52-C*2 (May 2022) requires that all employees subject to computer monitoring are "informed via a written notice when they are hired.”

What does computer monitoring include?

Employee computer monitoring includes:

• Intercepting email

• Visiting websites

• Tracking locations during work hours

• Capturing video in some work areas

It is essential to recognize that employee monitoring is only one component of an overarching employee monitoring policy designed to enhance employee productivity, reduce risks associated with data theft, and protect company assets from abuse.

Because companies own the computers, printers, cell phones, and other tools employees use when performing tasks, the ECPA allows employers to monitor activities on these devices.

There are some exceptions, however. For instance, where monitoring incoming and outgoing calls is legal, call tracing and voice recording may require a court order.

Furthermore, video surveillance in areas where employee privacy is expected, such as changing rooms and restroom facilities, violates privacy laws and workplace monitoring standards.

Ethics and benefits of employee monitoring

Beyond creating an employee monitoring policy that is fully compliant with federal, state, and local privacy laws, there is an expectation that the policy is ethical and beneficial for both the organization and employees.

While business goals may focus on company property protection and workforce productivity, you must keep employee data secure and protected with ethical data sharing policies.

Another example that benefits the business and employees is monitoring hours logged.

Tracking clock in and clock out times provides a mechanism for business leaders to monitor overtime while also documenting employee shifts. On-time team members indicate a responsible work ethic, and this behavior should be encouraged.

Ethics of employee monitoring

When it comes to ethics of employee monitoring, a policy has three primary components: transparency, employee consent, and data privacy.

Transparency

Even if your business is located in an area that does not have more protective privacy laws, transparency should lay the foundation of your computer monitoring policy.

Your written policy should include how, when, and why you monitor activity. It should be accessible and available. Sharing your written policy with new hires is a great starting point. You could also post the policy in areas where workers will see it.

Have your policy on a prominent page of the employee handbook, signs and posters in break rooms, and employee gathering spots. Include it on the company intranet, a policy page on your website, and any other easily accessible place.

Employee consent

The second part of a good policy is gathering informed consent from everyone subject to monitoring.

This step is two-fold. First, it notifies and informs employees. Second, you'll have a signed document that protects the organization from false accusations that the employee was unaware of privacy and data collection policies.

Some states, including Connecticut, provide sample poster templates to help employers design public notices and informed consent forms.

Data privacy

The third component of an employee monitoring policy conforms with data privacy and security standards.

Plans should address state and federal guidelines. Some states offer employees an opt-out option. Confirm the privacy laws in your state when deploying personal data protection tools and protocols.

Remember that the written company policy must limit or exclude monitoring when it would violate a reasonable expectation of privacy, such as in restrooms and locker rooms, as mentioned above.

Learn about employee monitoring ethics in our recent blog on the growth and ethics of employee monitoring.

Benefits of employee monitoring

Ethical and privacy-focused employee monitoring offers benefits to both employees and employers:

• Computer monitoring at work can prevent misuse of company property. For example, monitoring websites accessed on company computers by employees can prevent malware and spyware attacks.

• Monitoring business-related activities provides valuable insights into internal workflow patterns and processes. Specifically, acquiring this data may help companies identify bottlenecks and help optimize operational processes.

• Business leaders can identify understaffed areas by using monitoring to inform scheduling decisions.

What to include in your computer monitoring policy

The benefits for businesses and employees stated above barely scratch the surface of what to include in your computer monitoring policy.

A comprehensive computer monitoring policy covers everything a worker needs to know, from why the company monitors them to what data is collected and how it is used.

Here is a brief outline you can use to make sure your policy covers all the basics.

Explain why the company has decided to monitor employee computers

Your policy should clearly define that employee monitoring is part of the overall workforce management plan.

Brainstorm with department managers to make a thorough list of goals, objectives, and the wins you hope to obtain through monitoring. Then, design your plan around achieving those action items.

Detail how employee computers will be monitored

Along with explaining why your company chooses to monitor digital activity, employees need to know what kinds of activity data will be collected. Some valuable data collection points include:

• URLs and apps accessed

• GPS tracking data from cell phones or mobile devices

• Screenshots documenting proof of work

• Employee activity (including working hours spent on company versus personal projects, including social media and non-business-related internet usage)

Inform whether or not personal devices will be monitored

Workplaces that follow a Bring Your Own Device (BYOD) policy should provide full transparency regarding whether or not personal devices will be monitored or data collection will occur on them.

Employees assigned company equipment such as work laptops or cell phones should also know whether the company will monitor those devices.

Policies should address the following questions:

• If employees receive a company cell phone or laptop, will monitoring include only the business-provided apps or all activity on the device?

• Does the company have a blocklist?

• What are the sanctions for failure to comply with web surfing or usage policies?

• Are workers allowed to use personal devices for business purposes or remote work? If yes, will their devices be subject to monitoring systems within the workplace or on work wifi?

• Can team members use company computers to access private email or handle personal matters?

• If applicable, how and when will phone calls be monitored? Will they be recorded or tracked for phone number data?

Clarify the rules regarding personal use of computers

You should specify if employees can do anything not work-related on company devices when they are not on the clock.

Can employees have access to their personal email? What about social media and general internet usage — is that allowed or prohibited on company assets?

While deciding on the best policy for your company, consider these findings reported by Harvard Business Review:

• More than 50% of businesses have banned social media access at work

• 76% of employees using social media for work took an interest in other organizations they found on social media (potentially driving employee resignations); a rate 16% higher than the number of employees primarily using social media for leisure

• Employer-sponsored social media accounts can lead to higher morale, which improves retention rates

Some research indicates that business leaders who monitor employee social media activity can better understand their workforce in some cases. An inside perspective can improve workflow creation, employee productivity, and employee morale.

State who will have access to the collected data

Your written policy must clearly state who has access to the collected data. Will third-party organizations, law enforcement, human resource managers, and other company employees be able to access the data?

Can other people access the information through a court order? What about the monitored employee — can they see their own collected data?

Also, explain data sharing policies and what measures are in place to protect against unlawful invasion of privacy.

Describe whom exactly the policy applies to

Describe in depth who is subject to the employer policy and who, if anyone, is exempt. It's of utmost importance that you use caution when setting collection and access policies.

Wording matters, so be sure to avoid language that may appear to be racist or discriminatory.

If the policy has different computer use policies for other employee groups, make that clear, and explain why approaches are different.

For example, a commercial janitorial company might make distinctions between managers who assign cleaning jobs and janitors who clean the buildings.

The janitors may be subject to GPS tracking to ensure they arrive at each client's office location on time, while managers don't require GPS tracking because their tasks occur in the company headquarters.

When you don't explain why some employees are tracked and others aren't, you could give the perception of bias or favoritism.

The network of federal and state regulations is complex. Some states rely solely on ECPA guidelines, while some states create their own supplemental laws that govern employee monitoring.

As mentioned earlier, several employee monitoring laws should be aware involving employee and computer monitoring practices.

When creating your own computer monitoring policies, you must consider all state and federal laws to avoid making a policy that puts your company at legal risk.

Federal law: Electronic Communications Privacy Act

Three parts of the ECPA, Title I, Title II, and Title III, provide specific instructions to businesses. ECPA guidelines apply to protect data transmission and storage via:

• Oral communication, such as telephone conversations

• Wiretapping and electronic eavesdropping

• All forms of electronic communication

• Any electronic data storage tools, such as backups, cloud-based storage, internal phone data records, digital personnel files, and other computers

Laws change through amendments periodically. Updating the employee monitoring policy as workplace laws evolve is the only way to ensure your plan follows privacy laws and ECPA standards.

State computer monitoring regulations

Each state has its own privacy laws for the workplace. In one state, an employer's right to monitor employees may be more limited than in another.

The variance in audio recording regulations is one such example. In many states, a company must have permission from at least one participant to record conversations.

In other states, privacy laws prevent a business from recording conversations unless all parties involved have given their permission to record.

When creating your employee and computer monitoring policies, we recommend checking specific state regulations for your area to ensure full legal compliance.

A transparent, well-distributed computer monitoring policy is mission-critical when complying with regulations and protecting employee privacy.

An incomplete or flawed policy design could lead to expensive legal challenges. Failure to comply with state or federal laws surrounding informed consent or security breaches that compromise personal data may also involve paying millions of dollars in fines or fees.

Fortunately, many excellent employee monitoring software solutions on the market help businesses keep track of computer usage while being legally and ethically compliant.

Hubstaff, for example, provides computer monitoring software that complies with all federal and state personal data collection, sharing, and protection rules.

The first step in achieving your business monitoring goals is to create a computer monitoring policy. It should detail whose devices are subject to monitoring and how they will be monitored — and then be as transparent as possible regarding your policy.

An ideal computer monitoring policy protects company assets and provides enhanced employee privacy and personal data security coverage. When you inform employees about any data collected and give them clear expectations, their trust in you will grow. 

Hubstaff supports businesses like yours by providing easy-to-use software that eases employee workflows while enhancing managerial insight.

Want to learn more about Hubstaff's employee monitoring software? Sign up for a free trial and take it for a test drive. Employee monitoring systems are not made for micromanaging, but for helping your team have a productive workday. We believe transparency goes both ways, and while there is a legitimate business reason for using workplace monitoring, it should be done with transparency and honesty. 

Not ready to dive in just yet? Schedule a demo to explore software features and how to implement our time-saving tools with your business.