Employee monitoring: the issue of monitoring employees

Section one of the Personnel Today Management Resources one stop guide on employee monitoring, covering: how and why employee monitoring is being used in the workplace and the impact of changes in electronic communications and legislation on employee monitoring. Other sections .

How to use this guide

This guide aims to act as a practical one-stop source of information and advice

It will help you comply with the law and develop best practice in monitoring employees

Each section is prefaced with a list of ways in which it might be of use

Our objective is to allow you to get to key information and guidance easily and quickly. Where it may be necessary to find additional information, we have provided a thorough list of printed and online sources

 

What this guide covers

The term employee monitoring is used in this guide to refer to any acts of employee surveillance in the workplace using technology, including monitoring, recording or intruding on live speech telephone calls or electronic communication such as e-mail or the internet; auditing computer disks; and observing employees by means of closed circuit television and video.

The areas covered in this guide are

  • The law

  • Deciding whether to monitor and how, including how to carry out an impact assessment

  • Developing policies and procedures on areas, including the acceptable use of electronic communications and the use of CCTV

  • The guide also has a section on resources, with a list of useful reports and other publications, a list of contacts, and a glossary of jargon

    Why monitoring staff is an issue

    Employers are increasingly adding employee monitoring to their ammunition box in their bid to combat problems related to employees misusing and abusing technology at work. These include legal liability, reduced productivity and the threat of the exposure of trade secrets and intellectual property.

    In one survey,1 54 out of 63 companies monitored employees' use of e-mail or the internet at work, and an increasing number of employers have developed policies on the acceptable use of electronic communications and are using monitoring to ensure compliance with these policies.

    The rapid changes in the field of electronic communications and legislation add to the pressure on organisations to regularly review and revise their policies. HR needs to make sure these policies are well-tailored to deal with the latest problems such as instant messaging, online defamation ('cyberlibel'), copyright infringement, negligent virus transmission, inadvertent contracts, and harassment due to downloading pornography. But HR also needs to review policies to avoid creating a hostile, Big Brother-style work environment and meet changing legal requirements - treading a fine line in an arena which, in the case of privacy law, remains relatively uncharted.

    More than half of companies in the US engage in some form of employee e-mail monitoring and enforce e-mail policies with discipline or other methods, according to a study by the American Management Association.2 The same study also found that around 22 per cent of firms had fired an employee for e-mail breaches.

    Around 20 per cent of UK companies surveyed in 2002 said they monitored employee and e-mail use.3

    Vicarious liability

    Employers can be held liable for their employees' activities when using the internet and are responsible if staff send e-mail messages which breach confidentiality or which are defamatory. In the case of Western Provident Association v Norwich Union, Norwich Union was forced to shell out £450,000 in damages and costs for slander and libel after Western Provident discovered damaging and untrue rumours on Norwich Union's internal e-mail system about Western Provident being in financial difficulties and being investigated by the DTI.

    If an employee commits an act of harassment or discrimination via e-mail or by downloading and distributing inappropriate material, the employer is also vicariously liable even if the act was unauthorised. Employees can sue employers failing to provide a workplace free of harassment, which can extend to the distribution of offensive material from the internet.

    In the US in 1995, the Chevron Corporation had to pay $2.2m in a sexual harassment case after an employee distributed an e-mail listing 25 reasons why beer is better than women.

    In the UK, in the case of Walker v Charles Russell, Ms Walker, a black secretary working at the City law firm, resigned then sued the company after one of the firm´s solicitors sent an e-mail requesting a busty blonde as a replacement. The case was settled out of court for an undisclosed sum.

    For a discrimination act to be brought, the case of Morse v Future Reality showed that there does not just have to be a direct act. Employers can be liable even if the distribution of sexually explicit material is seen to be creating a general atmosphere of obscenity.

    Nearly a quarter of organisations have had complaints about staff accessing internet chat rooms and 17 per cent have had complaints relating to games on the web, according to Personnel Today research.3

    Employee e-mails are increasingly getting their bosses into trouble. The first high-profile case in which e-mail provided crucial evidence was the US Justice Department´s case against Microsoft in the late 1990s. The US Government used Microsoft e-mails as evidence to back its claims that Microsoft set out to inhibit the use of Sun Microsystem´s Java programming language, including one from Microsoft chairman Bill Gates, saying that Java "scared the hell" out of him.

    Another high-profile case was that of Merrill Lynch and analyst Henry Blodget whose offhand e-mail saying some stock he was recommending was "a piece of junk" became common knowledge. Merrill Lynch was under the spotlight for allegedly deceiving investors.

    Organisations turning to monitoring need to make sure they are staying on the right side of privacy laws such as the Human Rights Act 1988 and the Data Protection Act 1988. Failure to comply with the Data Protection Act (DPA), for example, can result in hefty fines as well as damages for distress to employees or third parties.

    But complying with the law is not easy, particularly as there are numerous laws affecting monitoring, some of which overlap.

    There has been much confusion among employers over how to comply with the DPA's requirements, such as what constitutes personal information in the light of the Durant v Financial Services Authority case or how to treat images captured by CCTV. There is also confusion over whether it is legal to intercept communications with both the Regulation of Investigatory Powers Act 2000 and the Lawful Business Practice (Interception of Communications) Regulations 2000 governing this area.

    The legal section in this guide will help you wade your way through the minefield, clearing up confusing areas and touching on important case law.

    The need to develop, review and implement policies

    Organisations most likely to have policies on internet and e-mail use are the utilities companies (71 per cent) and those in the financial sector (69 per cent). The least likely to have formal policies are IT firms, according to a Work Foundation report.4

    Employers will have more chances of fighting against a discrimination claim if they can show they took all reasonably practicable steps to prevent the employee carrying out the act of discrimination or harassment. This includes monitoring the use of technology in the workplace and having clear guidelines on its use. It also means taking immediate action to stop misuse or abuse once it has been identified.

    The importance of having in place adequate policies is underlined by the Western Provident case - to reduce liability, employers must be able to prove that they have a policy and that they have taken appropriate steps to enforce this policy.

    Table 1: Health effects of employee monitoring

     

    % of monitored employees reporting following symptoms

    % of non-monitored employees reporting following symptoms

    Depression

    81%

    69%

    Extreme anxiety

    72%

    57%

    Severe fatigue / exhaustion

    79%

    63%

    Neck problems

    81%

    60%

    Source: CWA and University of Wisconsin, US

    Cost of misuse of technology

    Redressing problems caused by misuse of technology is a costly business - be it clearing up the mess of an e-mail breach or paying damages to an employee filing a harassment complaint because of pornographic material being downloaded by colleagues. Some 44 per cent of businesses reported suffering an e-mail breach with the cost of clearing up after such a breach averaging £33,000, according to a Department of Trade and Industry survey.5

    Then there is the cost of lost productivity. One of the problems with staff browsing the internet is that it can become highly time-consuming and unfocused, even if genuinely done for business reasons. Some 70 per cent of pornographic traffic occurs during regular business hours, according to Sex Tracker, a service which monitors pornography site usage. And even if staff are surfing in their own time, they are tying up company resources and their activities may even be costly in telephone charges, although this is uncommon in large organisations.

    A survey of international companies by Infosec estimated that a company employing at least 1,000 employees would be losing $2.5m a year through employees using the internet for non-business purposes.6 US e-mail monitoring firm SurfControl puts the figures even higher, saying a company with 500 employees who are paid $40 per hour could lose $2.5m a year in productivity if employees spend just 20 minutes a day on recreational internet use.

    Of the companies surveyed by Infosec:

  • 35 per cent had no formal policy on internet use

  • 76 per cent of staff were using company time to search the web for new jobs

  • 84 per cent of employees were given unlimited access to the internet.

    Clamping down

    Companies are becoming increasingly heavy-handed when dealing with internet and e-mail abuse, backing up their monitoring policies with firm action.

    In 2002, Hewlett Packard Compaq disciplined 150 workers in the UK, firing some staff for "viewing and sharing unauthorised and inappropriate material". Xerox fired 40 employees in 1999 for what it deemed inappropriate use of the internet and the New York Times axed 23 workers for using company computers to send e-mails it considered obscene.

    Personnel Today research found that UK employers spent more time disciplining staff over internet and e-mail abuse than for any other workplace issue.3

    The three most commonly disciplined cyber crimes were excessive personal use of the internet or e-mail, sending pornographic messages, and looking at pornographic websites. In a number of cases, this had led to dismissal, most commonly because of exchange of pornographic e-mails.

    Employees were almost 10 times more likely to be sacked for exchanging pornographic e-mails than for circulating e-mails which contained damaging information about their employer, according to the survey. Companies reported taking action in 358 cases related to internet abuse, compared to 326 cases for incidents of dishonesty or violence.

    Instant messaging

    Companies are also attempting to tackle misuse of instant messaging, which employees treat even more informally than e-mail. The Chartered Institute of Personnel and Development (CIPD) recently urged employers to incorporate instant messaging into their policies. Instant messaging is often not stored on company servers, but it can be monitored and intercepted. Companies are often concerned that proprietary information will be leaked through instant messaging.

    Table 2: Problems encountered by employers in the past 12 months

    Employees accessing inappropriate websites

    35

    Employees sending inappropriate e-mails

    29

    Freelance/contract staff abusing facilities

    8

    Employees sending confidential information out of the company

    5

    Employees accessing other people's mail

    4

    Other

    11

    No of respondents

    56

    Source: CWA and University of Wisconsin, US

    The rights equation

    In any approach that they take, employers need to be sensitive to the fact that the frontier between private and work life is becoming increasingly blurred. Use of technology at work should be examined in a broad context incorporating respect for privacy and the protection of personal data.

    Employers need to strike a balance between being able to detect misconduct, criminal behaviour, abuse of company equipment, and poor work performance on the one hand, and making sure that they protect the employees' rights to privacy and that they maintain staff morale. Overbearing employers that track each and every movement of their staff are hardly likely to be creating an atmosphere conducive to high morale, job satisfaction and high productivity.

    Monitoring is not a replacement for good people management

    Sensitive employers that respect their employees will appreciate the trust element between both parties and will only seek to use surveillance in appropriate situations that are directly related to the performance of workplace duties.

    Having policies on internet and e-mail use in place is worthwhile, but will not stamp out abuse or misuse totally.

    Personnel Today's research found that, despite 86 per cent of organisations having internet usage policies in place, 40 per cent were still receiving complaints about staff wasting time on the web. The survey found that 51 per cent of employers have had complaints relating to pornography sites and 9 per cent to race or other discriminatory website addresses.

    If internet policies are strictly enforced, they can discourage personal internet use at work. Some 23 per cent of employers have dismissed staff for internet misuse, says the study.

    In seeking to get the balance right, employers should bear in mind that working days have lengthened in many cases, forcing people to carry out many errands at work. People are increasingly being encouraged to take care of personal business at work such as online shopping, yet they can then find themselves being criticised for slacking. This is why many employers allow staff access to non-work sites for certain amount of time per day.

    Over-use of employee monitoring

    The TUC recently reported a case of hidden cameras being discovered by local trade union officials in the staff locker room and postroom at Guys Hospital.7

    The management claimed that the police had advised the hospital trust to install cameras to investigate alleged mail tampering. But the police denied giving any such advice and the cameras were removed. The intentions of management may well have been good, but putting in place any surveillance techniques without informing staff is bound to erode trust.

    In another case reported by the TUC, unions found cameras had been installed in a female staff changing room. The employer, Securicor, said the cameras had been installed in the wrong room.

    As long ago as 10 years ago, a report on workplace privacy by the International Labour Organisation (ILO) which looked at evidence from 19 countries, concluded that 'Big Brother' looms large in the workplace and that workers' health and welfare is being damaged as they are scrutinised by computers, cameras and assorted bugs.8

    The ILO report examined research from US government agencies the Office of Technological Assessment and the National Institute for Occupational Safety and Health (NIOSH) and concluded that "not only does electronic monitoring have the potential to adversely influence working conditions which have been shown to cause stress, but may actually create adverse working conditions, such as:

  • paced work

  • lack of involvement

  • reduced task variety and clarity

  • educed peer social support

  • reduced supervisory support

  • fear of job loss

  • routinised work activities

  • lack of control over tasks.

    The ILO report cites a study from NIOSH showing that for data-entry workers struggling to meet performance targets "the use of electronic performance monitoring elicits a pattern of psychological distress and physical discomfort". The group monitored had higher self-ratings of mood disturbances (irritation, time urgency, work dissatisfaction and musculoskeletal discomfort (hand and neck discomfort).

    The TUC is among those bodies claiming that employers' employee-monitoring initiatives have led to an invasion of their privacy, a drop in productivity and an increase in stress levels, saying that such initiatives are actually counterproductive. Employers' use of CCTV is one of the TUC's main concerns.

    Excessive monitoring in the workplace undermines staff, leading to greater job-related depression and poorer well-being, according to research.9

    Stress levels among frontline call handlers in UK call centres were found to be significantly higher than among benchmark groups in other occupations, according to the study from the Health and Safety Laboratory (HSL). Frequent or constant performance monitoring is blamed for poorer well-being among call handlers, particularly those working in telecommunications and IT and in organisations employing more than 50 staff.

    The HSL report reveals that eavesdropping - electronic performance monitoring by supervisors listening in to calls - is a major cause of work-related stress.

    Some of the methods currently used in workplace surveillance cast the Victorian overseer in a positively lax light, according to another report.10 Persistent, intrusive surveillance frequently leads to stress and discontent among those monitored, along with a sense of insecurity, loss of trust and feelings of inhibition, says the report.

    Surveillance is acknowledged as inevitable in certain industries and can be used to protect staff, such as the use of CCTV in protecting train workers against assault. But some surveillance methods go too far, according to the report. Particularly intrusive examples include intercepting employee e-mails, using computers to count individual keystrokes and listening in to check if call-centre workers are following scripted conversations in a suitably chirpy manner.

    Electronic monitoring represents a major stress factor in the workplace, according to separate research.11

    Using technology to monitor staff should not replace good people management skills, it should only ever be used in support, setting clear boundaries and making sure good management skills are in place at all times and that the working environment balances the rights equation.

    Types of monitoring

    The most contentious types of employee monitoring include CCTV, and e-mail and telephone monitoring.

    Many employers resort to using private detectives and video surveillance in a bid to avoid paying compensation to staff making claims for work-related injuries. Swansea City and County Council was recently forced to pay a social worker more than £200,000 in compensation after she endured a vicious assault 'which could have been avoided'. The social worker was attacked by a client at work, resulting in serious injuries and psychological trauma meaning she could not work again. Despite having been previously threatened by the client, she was told to meet the assailant alone. She was then videotaped by private detectives checking out her injuries. This was condemned by local government union Unison as wrongly questioning the integrity of a loyal employee, reports the TUC.

    Telecommunications giant BT also used private detectives to video one of its engineers claiming compensation for a back injury sustained at work, according to the TUC. BT eventually agreed an out-of-court settlement of almost £300,000.

    Monitoring methods range from closed circuit television (CCTV) to highly sophisticated software which monitors staff´s every keystroke, with a hidden WebCam to prove who is using the PC.

    The main monitoring methods in use are e-mail filtering software, internet monitoring software, telephone recording equipment and CCTV. It is still early days in terms of biometric data - the use of biometric devices to identify fingerprints, hands, eyes or faces - but these devices are getting cheaper and attracting increasing interest from employers.

    Smartcards used in buildings security are increasingly used by employers to track workers' movements, monitoring rest breaks and holding personnel records.

    Any workplace surveillance policies employers put in place should achieve a balance between privacy rights and damage limitation, based on the three principles which can be applied to all working practices:

  • Transparency

  • Respect

  • Reasonableness.

    It is perhaps worth bearing in mind one school of thought that if you make a job compelling enough, most staff will not be tempted to spend hours surfing the internet. And if they have low job satisfaction and low morale, if you take away their browser, chances are they will find something else to fiddle with.

    Types of monitoring

  • Video surveillance: closed circuit television (CCTV)

  • E-mail and internet monitoring

  • Telephone monitoring

  • Biometric data

  • Remote listening devices

  • Smart cards

    References

    1Mark Crail, Sex and surveillance: the internet at work, IRS Employment Review, 7 November 2003

    2American Management Association, E-mail rules, Policies and Practices Survey 2003

    3Firms caught in web of net abuse at work, Personnel Today and law firm KLegal, 10 September 2002

    4The Work Foundation (formerly the Industrial Society), Monitoring internet use and e-mails, March 2002

    5Department of Trade and Industry, Annual security survey, 2002

    6Infosec, Information Security Breaches Survey, April 1999

    7Rory O´Neill, Stop Snooping, Hazards, April 2004, TUC

    8International Labour Office Study of 19 countries in 1994

    9Health & Safety Executive, Psychosocial risk factors in call centres, 2004.

    10Institute of Employment Rights, Surveillance and privacy at work, 1999.

    11University of Wisconsin, Electronic performance monitoring and job stress in telecommunications jobs, US trade union the Communications Workers of America , 1990. Study carried out among 745 workers in the telecommunications industry.

    One stop guide on employee monitoring: other sections

    Section one: The issue of monitoring employees

    Section two: The law

    Section three: Deciding whether to monitor and how

    Section four: Developing the right policies and practices

    Section five: Monitoring methods

    Section six: Resources

    Section seven: Jargon buster