Employee Monitoring Software: Essential Tool or Invasion of Privacy

ITAM News & Analysis

Employee Monitoring Software: Essential Tool or Invasion of Privacy

(This article is by Kelly Yip, ITAM Thought Leader and Advisor, the ITAM Forum)

The UK government recently announced a proposal to give more flexibility to workers by offering a compressed four day working week. Considering this, the topic of ‘worker productivity’ has jumped back into conversations. The majority of UK workers believe companies should embrace flexible working models. On the flip side, many companies have concerns around the impact on productivity.

Flexible working models have been on the rise for some time. In 2019, just 4.7% of UK workers worked from home. While COVID accelerated this, according to February 2023 ONS stats, 40% of workers still had some form of hybrid working.

The increase in flexible working practices has brought an increase in companies utilising employee monitoring software. Current predictions expect this rise to continue. This brings questions about ethical and data protection/data security related challenges.

What is Employee Monitoring Software?

This type of software directly monitors the productivity of employees. The most common types include:

• Activity Monitoring Software – Monitors application usage, website visits, and idle time.
• Keystroke Logging Software – Records keystrokes to monitor what employees are typing.
• Screen Recording Software – Records an employee’s screen or captures regular screenshots.
• GPS Tracking Software – Monitors the location of field-based employees.
• Time Tracking Software – Tracks the time spent on tasks/projects.

Data Protection Risks and Challenges

According to a recent ESET study, 90% of workers use their company-provided laptop for personal use. While this poses its own set of issues and challenges, it needs to be considered when establishing the risks associated with employee monitoring software.

Consider the possibility of an employee using their work device to access their private medical data. This may result in employee monitoring software processing what is considered “special category data”. In such a situation, additional GDPR requirements may apply.

Ethical and Security Challenges

In addition to data protection and data security challenges, there are also ethical challenges to address. In 2023, research commissioned by the UK’s Information Commissioner’s Office showed 70% of the public believe it’s intrusive to be monitored in the workplace. Whether the intentions of the employer are legitimate or not, employee perception of employee monitoring software is negative. Such software could risk damaging employee satisfaction, or perhaps, create a power imbalance between the employer and employee.

With 70% of the public considering employee monitoring software intrusive, it’s of no surprise to see an industry built around tricking it. There are countless methods to bypass the software. These include: mouse jigglers, using a VM, disabling the software, and more. These methods add another layer of risk to organisations utilising this software.

Employee Monitoring and GDPR

From a GDPR perspective, the key considerations include whether the tracking is “lawful, fair and transparent”. This not not as simple as it sounds. For example, consent, often sought by employers prior to implementation, might not be considered lawful. This is due to the power imbalance between an employee and employer. Employees may feel duty-bound to agree.

The requirement for transparency and fairness means employers must make it clear what is being monitored and why. With the exception of a few specific scenarios, the monitoring of any employee without their knowledge is considered fundamentally unfair. Any company utilising employee monitoring software should ensure employees are aware of the monitoring and have effective processes for managing this. Furthermore, any monitoring must be considered proportionate, only monitoring employees in reasonably expected ways.

Companies have a responsibility to protect the personal data of their employees. According to Data Protection Law, companies must have “appropriate technical and organisation methods” in place to protect personal information. One consideration is how to minimise the personal data collected.

ITAM Value Assessment

In the ITAM world, it’s important to weigh up the cost/benefit/risk of any new software.

Employee monitoring software may bring tangible benefits, such as improving productivity, identifying security risks, and ensuring compliance with internal policies. However, you need to weight up these benefits against the risk and cost of implementation. Different types of monitoring software carry different levels of risk. The more invasive the software appears, the higher that risk level may be.

When calculating the financial impact, the question is whether the improvement in security and productivity, outweighs the costs. These include the software itself, the costs associated with maintaining GDPR compliance, and any additional security costs associated with managing personal data.

There are many proposed benefits of utilising employee monitoring software, includig safety, security, and productivity improvements. However, these need to be weighed up against the costs and risks associated with navigating complex GDPR rules and the wider impact on the business.

Ultimately, if a productivity issue exists, employee monitoring software may help. But, if productivity is high, employees may view these tools negatively.

Can’t find what you’re looking for?