Zita Goldman explores why it’s critical to establish and keep to red lines when monitoring employees
Employers have traditionally been opposed to remote work, as the absence of physical proximity significantly diminishes opportunities to contain employees’ tendency to slack off with the double deterrent of monitoring and group pressure. The pandemic, however, left them no choice but to allow their staff to work from the comfort or, occasionally, turmoil of their homes.
In their anxiety that their workers will take advantage of staying under the company radar, CEOs and HR departments, especially those of large companies, resorted to monitoring software, which, in certain cases, border on surveillance. The technology was readily available and mature and there were practically no legal hindrances.
The scope and types of employee monitoring
Monitoring employees’ activities is legal in the UK and in Europe, although theoretically a balance needs to be struck between business interests and employee expectations of privacy in line with data protection and privacy legislation such as the Data Protection Act, the GDPR or the EPDPC (Employment Practices Data Protection Code).
Although it’s a requirement that subjects get previously notified of being monitored, their consent is not necessary in most cases – and even if it was, its genuineness couldn’t be guaranteed due to the employee’s interest to conform in order to keep their job.
The right of the employer to track, on the other hand, is not limited to company devices. Private laptops and mobiles can also be monitored, as long as they hold work-related information.
There are various forms and degrees of employee monitoring. Soft-touch types will search for keywords in emails or social media posts and send alerts if red-listed items come up. So-called network monitoring tools focus on general activity and flag up patterns that may pose serious security threats.
Others, meanwhile, are much more intrusive providing granular, personal data on browser activity, recording computer idle time or the hours the employee spends off-line and triggering nudges if toilet breaks, for example, exceed the pre-set amount.
The ones resembling surveillance tools will even take regular screenshots, use webcams for making videos of employee activity and keep logs of each and every keystroke made on the device.
Moreover, the GPS in mobiles can serve as a handy tool to alert employers when their workers leave the perimeters of their home office for no apparent work-related reason.
Legitimate reasons and the “surveillance arms race”
As clients of banks, insurers or investment funds, no one would underestimate the security challenges of the home office. A rising tide of hacking, phishing and insider threat incidents during the pandemic makes a compelling case for the heightened monitoring of employees working with sensitive data in confidential sectors.
Those working in these areas have a higher tolerance of being monitored for compliance anyway, in both physical and online settings. No one doubts that intellectual property, trade secrets and sensitive personal data need to be protected from rogue or negligent colleagues, although effective identity and access management can go a long way to achieve that.
The deployment of excessive and intrusive surveillance technology to track employee productivity, however, sounds like an overkill and may prove to be rather counterproductive.
Not only did the sales of employee monitoring software soar in the first months of the pandemic but so did sales of anti-surveillance solutions. Until a coding loophole was closed, software setting one’s Slack status as permanently active – a digital version of leaving your coat and briefcase in the office while popping out for a lunch date – was a major hit.
In a phantom employee engagement award ceremony, the second prize would probably go to another solution that can convincingly imitate mouse movements while the actual employee is busy being entirely unproductive, at least from a work perspective.
How closely should bosses monitor their people?
But businesses ideally play these sorts of technological catch-up games with their cyber attackers, while their relationships with employees should, according to management gurus, be built on trust, which surveillance can easily undermine.
Also, an approach that assesses performance based on the hours that knowledge workers are glued to their screens is a relapse to the old days when employees were sometimes just twiddling their thumbs at their desks until the time to clock out arrived – and which output-oriented flexi-work was to replace in the first place.
In order to have it both ways – spurring on employees to be more productive without eroding trust – employee monitoring can be turned into wonderful self-assessment tools. After all, each of us, for example, is susceptible to cyber-loafing or, in other words, procrastination by roaming the Internet, to a certain degree.
Learning how many productive hours we spend on our computers while convinced we are working our socks off – the score for the average UK office worker is 3 out of 8 hours – can be sobering.
Digital self-monitoring can also be a useful means to prove to demanding bosses that a task genuinely takes more time to accomplish than they would like to think, or the other way round, as well as for settling all kinds of disputes that require hard evidence.
Intrusive and disproportionate employee monitoring can also increasingly backfire. The red-lines into the no-man’s land that digitalisation created in this area are being drawn in front our eyes.
Microsoft has recently watered down its productivity score before its launch and decided to reframe it as a measure of an organisation’s adoption of digital technology rather than a way to monitor employee behaviour.
Barclays, with already a track record of trying to push boundaries, scrapped its monitoring system in response to employee feedback this February and the H&M Group was fined for a record €35.3m (£32.1m) in Germany in October 2020 for an employment-related privacy breach of the GDPR while collecting and analysing work behaviour data of hundreds of its employees.
There is a pressing need to create hard and clear rules about the dos and don’ts of employee tracking. It could both prevent knowledge workers getting disengaged under the prying eyes of their employers and save companies from learning the hard way where the red lines are supposed to be.
Zita Goldman is Business Reporter‘s technology editor