The Situation
Many companies have embraced the positive impact new technologies can have on business efficiency, while also being careful to protect the company’s image and reputation.
Respecting privacy in the workplace makes good business sense. However, in an increasingly regulated business environment, it is now common practice to run background checks and monitor web-browsing and computer usage. Using technology to help detect dishonest conduct is also commonplace. Striking a balance between the “need to know” of employers with an employee’s right to privacy is often a challenge.
Most companies agree that employees’ internet access presents significant risks if it is not adequately controlled. These risks include confidentiality breaches due to workers posting sensitive information online, damage to a business’ reputation and lower productivity due to excessive personal use during office hours. As such, it is advisable to reserve the right to monitor employees’ use of IT resources, including emails, mobile phones and instant messaging systems.
The Challenges
If there is indeed improper personal use of corporate IT resources, such as viewing inappropriate websites or misusing confidential information, monitoring IT usage is a reasonable response. Accessing employees’ workplace communication in a controlled and proportionate manner – as a means of confirming well-grounded suspicions and gathering evidence of any misconduct in internal investigations – would be legitimate in such circumstances.
Most employees use social media daily. However, if comments are made about work which disclose confidential or proprietary information, this exposes the company to the risk of losing valuable trade secrets or even being sued by third parties for breaching confidentiality.
Likewise, employees sometimes use social media sites to vent anger or frustration. This can involve derogatory comments about managers and co-workers, which may amount to cyberbullying and even be viewed by some as defamatory. These posts can also potentially lead to negative publicity for the company, causing costly damage to its reputation.
Social media can also be invaluable for gathering evidence in any internal investigations. For instance, when looking into complaints of sexual harassment, earlier postings showing reciprocal relations – which may have subsequently turned sour – can be useful for establishing whether or not a complaint is justified. In such a scenario, comments posted on social media, which may have started off being private, will become matters of concern to employers.
Wearable devices are another means of gathering invaluable data on employee behaviour. Most people think of wearables as fitness devices. However, there is now an array of workplace wearables that can potentially boost productivity and enhance workplace safety.
Employers cannot by law compel employees to use wearables. Should employees voluntarily agree to wear such devices, they must be clearly told what type of personal data will be collected and what uses will be made of it. Otherwise, the range of data collected could potentially be widened to an abusive extent, from the amount of sleep employees have had the night before and how often they exercise to what activities they do after work.
The possibilities for collecting more information than is appropriate are much greater than ever before and employers should be careful not to overstep the mark.
The Advice
Employers would be advised to put in place a number of measures. First, establish a set of multidisciplinary governance policies and identify the broad nature of data that may be collected. Implement a robust IT and system usage policy and issue clear guidelines on social media use. Companies should also implement a data protection policy, with procedural guidelines to staff responsible for collecting personal data.
Employees should be clearly told how personal data collected in the employment context will be used and for what purposes. If workplace monitoring is to be carried out, a monitoring policy should be in place. Companies should also be careful when choosing an external partner to help collect and analyse data.
In designing monitoring policies and data management procedures, employers should ensure clarity in the development and implementation of such policies. They should also explain the nature of and reason for monitoring, and safeguard personal data. Such measures can ensure a happy balance is struck between the need for company security and respecting the privacy of employees.
This article appeared in the Classified Post print edition as Is there a right to privacy in the workplace?