Employee surveillance or employee trust? Why not both?

At first glance, employee surveillance and employee trust can seem like polar opposites. While the 60% of organizations that now rely on employee monitoring tools may find nothing wrong with using software to monitor employee performance and behavior, workers are certainly of a different opinion. Evidence shows that employee turnover at companies that use monitoring software is almost twice as high as that at organizations that do not, and one in four employees are willing to take a 25% pay cut to avoid being surveilled.

“Using tracking software sets a tone of distrust, which sours the employer/employee relationship from the beginning,” said Calloway Cook, president at Illuminate Labs, in a recent Forbes interview.

Related: NY latest state to require employers to disclose monitoring to new hires

Nevertheless, it’s also true that many companies use employee monitoring software with good intentions. The same “tattleware” that some workers despise can also help improve well-being and cybersecurity and give staff an equitable way of proving performance. So with both pros and cons to employee surveillance: is it possible to surveil remote workers while also maintaining their trust?

The hidden cost of employee surveillance

The first thing to note is that employee trust is a critical business asset. A 2016 study by PwC revealed that more than one in two CEOs believe that a lack of trust endangers their company’s growth.

“In a high-trust work environment, employees are typically more engaged within the workplace culture, resulting in more productivity and collaboration with peers,” said Dr. Phillip Meade, leadership expert and co-owner of Gallaher Edge, when speaking to Forbes. Employees at low-trust companies report 106% less energy at work, 76% less engagement, and 13% more sick days than those at high-trust organizations.

Unfortunately, low trust and surveillance often go hand in hand. More recent research has found that more than 50% of workers report feeling stressed and anxious when employers use employee monitoring technology. Paradoxically, surveilled employees are also almost twice as likely to pretend to do their job.

On the legal side of things, carelessly deployed employee monitoring processes expose organizations to the risk of hefty fines. Although monitoring employees is legal in the US, poor storage or misuse of data that comes from these types of practices can put companies in breach of laws like the EU’s GDPR and California Consumer Privacy Act (CCPA).

Damage to company reputation is another risk that organizations using employee monitoring tools must contend with. As companies continue dealing with staff shortages, the use of employee surveillance software could put them at a disadvantage when it comes to attracting talent.

Surveilling remote workers while maintaining trust

The key to leveraging employee monitoring as a force for good is being transparent about how and when it is happening — something that employers often neglect to do. Tellingly, although most employers monitor their staff, as many as one in three workers don’t think that their managers are tracking their activities, says a recent ExpressVPN study.

Even in cases where employers let workers know that they’ll be monitoring them, many fail to disclose how, when, and in what context they are, or will be, surveilled. This can lead to feelings of violation of trust on employees’ part. More than a quarter of workers say that monitoring technology can make them feel unappreciated and causes resentment towards their employer.

Yet by being upfront about their monitoring practices, employers can improve employee acceptance rates dramatically. Research by Gartner shows that as long as most workers understand why and how monitoring takes place, they are, for the most part, comfortable with being surveilled online. For instance, according to Gartner, employee acceptance of email monitoring went up by 20% when employers told their workers the reasons for monitoring their email communications.

How to redesign employee monitoring policies

Redesigning employee monitoring policies to incorporate legal, ethical, reporting, and disclosure considerations can be a multi-layered problem. However, one approach that can simplify this process is the Privacy by Design framework.

Building an employee monitoring program that fits within this framework means following the following seven principles:

1. Proactive not reactive, preventative not remedial

Besides ensuring the security of their data storage systems, businesses should think about how they can foster a culture of privacy that protects employee data outside the workplace.

Bad actors frequently use employee personally identifiable information (PII) found on data broker sites to facilitate personalized phishing attacks. A single unsuspecting employee clicking on a malicious link could put everyone’s data collected through monitoring tools at risk.

One way around this is to remove employee PII from these sites. While this can be done manually, a better idea is to provide workers with access to automated tools, like DeleteMe, that can do so on their behalf.

2. Privacy as the default setting

Employee data should be protected without them having to do anything. In particular, employers should:

• Disclose the data they intend to collect through employee monitoring tools and the reasons for doing so at or before the point when this data is being collected.
• Collect only the data that is necessary for the organization to fulfill its goals, whether that’s increased productivity or better cybersecurity. For example, if an organization is using employee monitoring tools to reduce phishing attacks, they probably don’t need to track video communication channels or capture employees’ screens — tracking email and text messages should be enough. Businesses should communicate these business goals and how tracking technology will help them achieve them.
• Keep the collection of PII to a minimum. Monitoring employees’ every move could lead to the organization unintentionally learning sensitive personally identifiable information, like health data, which could put the organization at increased risk and cause a greater power imbalance. Limit the use, retention, and disclosure of employee monitoring data to the relevant purposes agreed to and consented by employees and destroy the data securely as soon as it is no longer needed. Sadly, in a 2019 study by Accenture, less than a third of executives that employ employee monitoring tools were confident that employee data was being used responsibly.

3. Privacy embedded into design

Employee data privacy lawsuits are a growing trend. Consequently, employers need to ensure that the data they collect from employee monitoring tools is encrypted and authenticate anyone trying to access it. Organizations should also test vulnerabilities regularly.

4. Full functionality – positive-sum, not zero-sum

Everyone’s interests and objectives should be accommodated, and there should be no unnecessary tradeoffs. In other words, employee monitoring should not come at the cost of employee privacy.

5. End-to-end security–full lifecycle protection

Employers need to protect employee data throughout the entire lifecycle of that data. This protection should come in the form of appropriate encryption, strong access control, robust logging methods, and secure destruction.

6. Visibility and transparency–keep it open

Employers should ensure that whatever employee monitoring practices they employ work as stated. Employees need to be made aware of employer data processing and privacy practices.

Employers should also have a plain-language Privacy Policy that employees can refer to. In addition, there needs to be a mechanism for employees to ask questions about data monitoring processes, make suggestions and ask for changes, and make complaints.

7. Respect for user privacy–keep it user-centric

Employers should give employees the option to manage their data through employee monitoring tools. Specifically, employers should:

• Seek clear consent from employees regarding monitoring, except where collecting this data is allowed by law. The greater the sensitivity of the data collected, the more explicit this consent needs to be.
• The data collected needs to be accurate. Employees should be able to see the data collected about them through monitoring tools, challenge the accuracy of this data, and amend it. When employees themselves can gain insights from the data collected using these tools, they are less likely to see monitoring as a lack of trust and more as a way to reach business goals and objectives faster and more efficiently.

Monitoring practices don’t need to come at the expense of employee trust

For any organization that wants to maintain employee trust, being clear on the why and how of employee monitoring is crucial. Especially now that the legal landscape regarding data privacy is changing fast, employing systems like Privacy by Design can help organizations stay compliant both legally and ethically.

Rob Shavell is CEO of Abine / DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).

Read more:

• Businesses finding new uses for employee surveillance technology
• Benefits trends of the week: algorithms, privacy, and a tough decision for CEOs
• How to strike balance between cybersecurity and employee privacy