Home » Physical Security » Employee Protection

In Depth

Employee Monitoring: Watch This Way

What you don't know about how your employees are using company resources can hurt you. But remember this: There are acceptable, and not so acceptable, ways to monitor employee activity.

By Daintry Duffy

Page 2

Open communication is the key to formulating the right policy and putting it into practice. CSOs that are explicit about what the company does in the way of monitoring and the reasons for it, and who actively educate employees about what unacceptable behavior looks like, will find that employees not only acclimate quite quickly to a policy but that they also reduce the CSO's burden by policing themselves. Here are some of the best practices that companies have shared with us for formulating and rolling out monitoring policies and the advice that CSOs have offered for determining how much monitoring is appropriate for your company.What You Can Monitor: Can I See Your Hall Pass?Different industries have different pressure points that necessitate tracking and storing e-mail. The Securities and Exchange Commission mandates that all incoming and outgoing correspondence (including e-mail) for brokerage firms must be reviewed by a compliance officer, and e-mail messages must be stored on a diskette that can't be deleted or overwritten; and it must be preserved for no less than three years to ensure that companies haven't made claims that are beyond the scope of realistic investing. Some industries also have limitations on how tracking is done. The privacy protections provided by HIPAA, the Health Insurance Portability and Accountability Act of 1996, place a responsibility on companies to account for how health-related information is protected and transmitted. Collective bargaining agreements with labor unions curb monitoring of their members, and Fourth Amendment protections also restrict monitoring by government employers. In addition, laws restrict what kind of physical monitoring can be done in the workplace. For example, the law limits monitoring in areas where employees have a legitimate or reasonable expectation of privacyfor example, putting a closed-circuit camera in a bathroom or entering a locker for which a lock has been provided. Laws governing the recording of sound are also limitedphysical surveillance systems are not permitted to record sound, and federal law dictates that phone conversations cannot be recorded unless an employee consents. Many states require the consent of all parties before a phone conversation can be monitored.

While there are laws limiting specific kinds of surveillance, in general, private employers largely have free reign to monitor and scan electronic communications. (See "Monitoring by Law," Page 36.) Deborah Weinstein, a labor and employment law attorney at the Eckert, Seamans, Cherin & Mellott firm in Philadelphia, notes another caveat: Employers may not monitor or intercept e-mail while it is in transit. Once it has been stored, it may be scanned as part of a regular business activity. It is also critical that any scanning or tracking be applied to every employee equally. Companies that do monitor can get into real trouble here. For example, a company may have a policy that mandates scanning every e-mail for product names to deter intellectual property theft. If a potential case of theft is uncovered, it will be important that the company show evidence was discovered in the course of a standard business practice of scanning e-mails. Otherwise, the employee might argue that his communications were scanned in a discriminatory manner. "You can't routinely watch the activities of younger people more than older people or do surveilling by race," Weinstein says.