Workplace Monitoring and Employee Data Privacy Are on a Collision Course
With more than six major proposals aimed at strengthening employee data privacy under consideration in the US since the middle of 2022, are employers prepared to ensure their workplace surveillance tactics don’t put them at risk of legal violations, individual lawsuits and damaged reputations?
There’s a storm coming, and it’s going to hit US-based employers right at the intersection of HR, legal, compliance, employee experience and information technology.
Consider these developments.
In July 2022, the American Data Privacy and Protection Act (H. R. 8152), a federal bill focused on personal data and computer monitoring of employees, was introduced, directing employers to only process or transfer employee data for “valid administrative purposes.”
At the end of 2022, the National Labor Relations Bureau issued a memo warning employers against the use of workplace surveillance.
In January 2023, the “employee exemption” clause of California’s data privacy law (CCPA) officially ended, substantially increasing PII-related obligations of qualifying employers toward employees, independent contractors and job applicants.
Then, in February 2023, the “Stop Spying Bosses Act” called for employers to provide full disclosure on employee surveillance and the use of data for employment-related decision-making. The Act also prohibits the use of automated technology to predict employee behaviors.
If passed, said Sarah Anderson, founder of US-based SWA Law LLC and creator of LegallyCyber.com, qualifying employers in violation may be subject to criminal investigation and private lawsuits by offended employees.
With eight out of 10 of the largest private employers in the US tracking and monitoring employees, HR has to ask the inevitable question: Is “bossware” on a collision course with the rapidly evolving employee data privacy landscape?
Batten Down the Hatches: How Prepared Are US Employers?
Surveillance software by its very nature collects user data to create analytics-based insights. Despite — or perhaps because of — employee surveillance practices going mainstream since the pandemic, regulations around employee data privacy rights — a previously under-regulated area — are picking up steam.
No doubt there are many reasons why companies deploy workplace surveillance, some of them justified and perhaps necessary to create a better employee experience. But are employers prepared to address not just increasing legal obligations toward employee privacy but also their perceived obligations toward team members?
The latter is crucial in an environment where employee experience is becoming a central KPI for HR teams. Workers today are more aware of data privacy rights and are more particular about the brands they buy from and work for. They judge them on their sustainability, fair trade practices and, yes, data privacy practices.
To be seen as responsible corporate citizens, legally compliant business entities and trustworthy employers, companies need to balance three compelling factors:
Related Article: Amazon’s Reported Censorship Plans Raise Questions About Corporate Surveillance
3 Steps to a Balanced Approach to Workplace Monitoring and Employee Privacy
There are three important considerations for employers seeking to avoid collision:
1. Create a Vision Beyond Compliance
The sudden shift to remote and hybrid work during the pandemic meant that companies scrambled to put worker monitoring software in place, often without a big-picture plan or a strategic view of the long-term implications of their tactics.
But in post-pandemic 2023, bossware is still ubiquitous. ‘Function creep’ — the continued use of surveillance and workplace monitoring tools beyond their original intent — is, well, creeping in. A 2022 survey shows ten different types of employee monitoring activities that remain common.
Today, there are close to 200 tools in the “workplace performance or productivity monitoring” category, and that marketplace is only growing. Unfortunately, many of these products — and their features — are unregulated, and use cases are left to the discretion of employers.
An unintended side effect of increased surveillance during and after the pandemic is a growing concern for employee privacy, said Anderson, especially because it is now known that some employers have failed to properly document, distribute and notify employees of their ongoing electronic monitoring measures.
As a result, there are new variables for employers to contend with. Not only is it increasingly difficult to keep up with rapidly evolving and geographically fractured regulations, but an unstructured approach to surveillance can also pose a serious reputational risk.
“The pandemic created an explosion in the sale and use of employee surveillance technologies, but that has also increased the [legal and compliance] risk for employers who are not accustomed to providing a new level of transparency or security to employees about the data being collected and retained,” said Debbie Reynolds, founder and chief data privacy officer of Debbie Reynolds Consulting, and host of popular privacy and technology-focused podcast “The Data Diva.”
That’s why, Reynolds said, that while compliance-focused data audits and privacy policies are a must, they are no longer enough.
The increase in regulatory action and employee awareness has led to the acknowledgment that a more strategic, responsible and long-term approach to workplace monitoring can create a real competitive advantage.
Using “privacy by design” frameworks — that is, baking privacy into the very design of each employee-monitoring or data-related process rather than as an afterthought — creates two advantages. First, it brings more flexibility and responsiveness to an evolving legal landscape. Second, it offers concrete evidence that the company is as serious about the data privacy of employees, partners and job applicants as they are of customers’.
For organizations committed to privacy by design, responsible employee monitoring is not an employer’s right or privilege that exploits weak laws but a justifiable initiative designed for the benefit of all stakeholders. An added benefit, said Reynolds, is that by proactively addressing privacy concerns, organizations can effectively minimize barriers to technology adoption and mitigate potential issues associated with employee-tracking systems.
Related Article: Is Responsible Employee Surveillance Possible?
2. Co-Create the 'Employee Privacy Experience' With All Stakeholders
Employees want to be seen and heard but not by invisible surveillance devices. Unfortunately, the practice of data collection has become so mainstream and normalized that HR may not even be aware of the depth of employee data being collected, processed and stored in functional silos across the business.
For instance, even commonplace collaboration and project management tools purchased by functional managers without HR or IT involvement can collect data and auto-generate reports. Simple plug-ins also allow surveillance trackers to integrate with these innocuous tools. Such activities, if unregulated, can put the entire business at risk of violating emerging employee privacy regulations, even inadvertently.
How McDonald’s Drove Productivity Through an Elevated Employee Experience
In the new remote/hybrid workplace, work/life boundaries are blurred and workplace stress is a top driver of mental health needs.
How to Future-Proof Your Employee Experience Strategy in 2023
A framework to navigate through economic uncertainty
Challenges to Efficiency in 2023: Your Employees Need the Digital Workplace of the Future
The era of asking employees to do more with less is upon us
The Essential Role of Communicators in Fostering Wellbeing in the Digital Workplace
Join us for practical insights on how digital communicators can support employees to thrive in the digital workplace
Addressing Employee Needs and Wants with a Digital Workplace
The workplace is getting more and more digital – both in how we work and where we work
Maintaining a Human-Centered Approach During Digital Transformation
When it comes to digital transformation - people drive change, not technology
We’ve already seen this same scenario play out when it comes to consumer data privacy, which companies, led by marketing and sales, are finally making a strategic business priority.
So first, HR needs to align with business functions in terms of employee monitoring and data collection happening at the line-of-business level. This should include IT, which tracks and collects employee device and internet usage data.
Second, said Anderson, is ensuring alignment with legal. Every employer should ideally have their employee handbook reviewed by legal counsel each year, as well as in response to any major change to technology systems that are in any way connected to the employee privacy experience “to ensure compliance with relevant legislation and jurisprudence within its jurisdiction.” Employers, she adds, need to ensure that their device policies and electronic access controls are clear and consistently enforced to avoid confusion and gaps in security.
Finally, the most progressive employers understand there’s more at stake than the legal and operational consequences. In the near future, violations of employee data privacy may cost a company as much in employer brand reputation and talent retention as it may in fines, if not more.
A large-scale 2019 Accenture study found that 64% of employees felt their personal data was at risk in the workplace, indicating fears that employee privacy already existed pre-pandemic. More than half of them said they’d consider leaving an employer that didn’t use workplace data responsibly.
So, it makes perfect sense that HR should also involve the most important stakeholder — their employees — when designing responsible performance-tracking strategies that are mindful of their privacy concerns.
Co-creating the employee privacy experience — all the interactions that involve collecting or using employee data — with workers requires clear and transparent communication, jointly defining terms such as productivity and performance based on the industry, nature and level of the role, and getting buy-in for the strategic value of responsible, non-invasive performance tracking and monitoring.
3. Putting Boundaries Around Autonomous Technology
Where tools and technology are involved, can AI be far behind?
Innovation continues in areas like facial recognition and biometric-based tools that can detect employee emotions and concentration levels from video footage and spoken words. Text analysis can detect emotions and intentions (planning to quit, start a family or join a union, for instance) from typed words. Employees in industries such as transportation and logistics are already expected to use wearable tracking devices.
With the increasing use and sophistication of productivity monitoring and performance analytics tools, it’s useful to consider how much autonomous decision-making authority the technology has or needs to have.
That’s because the technology doesnt just collect and analyze the data. It also uses AI to interpret it and make recommendations. For example, some recruitment platforms monitor video interviews for the tone of voice and word choices, and use these insights to score candidates for recruiters. Other surveillance trackers may decide that a worker who logs too many or too few phone calls or emails is not focused enough on work.
This 2021 paper from UC Berkeley makes a case for worker technology rights, warning that while technology is not inherently good or bad, it isn’t neutral either. Regulation is all the more important, the authors remind us, because employers themselves often do not understand the systems they are using.
As a result, calls for stricter legislation around workplace technologies are growing. Earlier this year, the White House Office of Science and Technology Policy proposed an "AI bill of rights" to limit the use of powerful tracking and decision-making technologies in the workplace.
“While data can provide valuable insights, it cannot tell the whole story, and relying solely on technology can lead to employee dissatisfaction and even revolt,” cautions Reynolds.
Technology can’t know when people are working offline, on paper or having verbal discussions to come up with new ideas, for example. But companies that prioritize finding the optimal balance between technology and human judgment will have a competitive advantage over those that do not, she said.
Related Article: The Right Way and the Wrong Way to Measure Remote Work
A Wake-up Call — and Opportunity — for Employers
It makes good business sense to place employee privacy first, but stricter regulations may soon accelerate the process. Employers must prepare themselves for a world where employee experience and worker rights are as important to the business as legitimate and responsible workplace monitoring.
At a time of quiet quitting, a more aware generation of workers and a more active regulatory environment, being able to better balance legitimate workplace monitoring with employee privacy rights may be the best move yet to attract and keep top talent.
About the Author