Legal aspects of using employee monitoring software

Legal Aspects of Using Employee Monitoring Software

By Maryna Shynkaruk, Analytical Writer, NesterSoft Inc.

June 2015www.worktime.com

http://www.worktime.com/

2

Introduction

Employee Computer Monitoring is a very sensitive area. There are many questions to consider when implementing employee monitoring software in the workplace. Such software deals with the data related to the employee’s whole working days, which might uncover some personal information if used improperly. That is why it is important to pay attention to the legal aspects of the employee monitoring.

The topics of this e-book are: What are the legal regulations for the employee computer monitoring? How to implement computer monitoring software in compliance with the law? What is on the market? What are the Spying Features and the Performance Monitoring Features? How to choose proper monitoring software? All the answers are in this E-Book by NesterSoft Inc.

3

Types of Employee Computer Monitoring Software

There are lots of various types of employee computer monitoring software on the market. All the software can be categorized into two major types: Performance Monitoring Software and Spyware or Spying Software, which are completely different types of software and have diverse business purposes. Most of the software on the market offers both types of features: performance monitoring ones and spying ones.

4

Spyware or Spying SoftwareSpyware or Spying Software is such monitoring software, which collects information that may include personal or sensitive data.Sensitive Personal Data means information or an opinion about: racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record that is also personal information, health information about an individual, genetic information about an individual that is not otherwise health information, biometric information that is to be used for the purpose of automated biometric identification or verification, or biometric templates. » (By Kate Lucente and John Townsend in ‘Data Protection Laws of the World’, May 2015).

5

Performance Monitoring SoftwarePerformance Monitoring Software is focused on performance monitoring only. Such software does not deal with any personal, sensitive data and does not support any spying functionality (Read below in How To Choose Proper Monitoring Software). In other words, such software does not offer any spying functions.

For more definitions refer to the Definitions topic of this book.

So, now comes the question: “What are the spying and performance features?”

Below in this e-book we offer an overview of spying and performance monitoring features available on the market today (Refer to Monitoring & Spying Features topic).

Monitoring & Spying FeaturesHere are the common features that are offered by the employee computer monitoring software suppliers on the market:

6

Attendance MonitoringLogin/Logout Monitoring

Is it spying feature?NO

These functions are not spying ones as no personal or

sensitive data is monitored (for more information refer to the

next column of this table

Is it Performance Monitoring?YES

Monitored information is: employee login name, computer

name and time (login in/out time). Attendance monitoring is a necessary function to monitor

performance, as poor attendance affects performance level negatively. Employee login

name is open information as well as computer name.

7

User Login Name Monitoring






Monitored information is: employee’s system login name (this name is open information,

usually created based on the employee’s last and first names). This is necessary information for

performance monitoring, as employee’s system login name is

required to understand whose performance is monitored.

8

Computer Name Monitoring






Monitored information is: computer name, which is

required to understand if a computer is used for business

purposes. This is open information, that usually belongs to the employer.

9

Active Time MonitoringIdle Time Monitoring






Monitored information is: employee’s login name, time.

This data is required to see when and for how long

employees are being active or idle during working hours.

10

Website URL Monitoring






Monitored information is: employee’s login name, URL / software name and path. It is

required to understand if working time is used for

business purposes.

11

Social Network URL Monitoring








business purposes.

12

Software and Documents Monitoring (Name and Path Only)








business purposes.

13

Keystrokes Logging

Is it spying feature?YES

Monitored data might contain personal or sensitive

information. Any monitoring function that involves content

monitoring might capture private information.

Is it Performance Monitoring?NO

Monitored information is: employee’s login name, keystrokes

pressed, which as a result might provide information about passwords or email / chat /

document / website form content. Monitoring content is not a

necessary function for estimating performance level, there are

other ways to do it (refer above).

14

Content Monitoring: Screen Content, Email Content, Chat Content, Social Media Content,

Website’s Content, Documents & Files Content, Print Content

Is it spying feature?YES

Monitored data might contain personal or sensitive

information. Any monitoring function that involves content

monitoring might capture private information.

Is it Performance Monitoring?NO

Monitored information is: employee’s login name, screen

/ email / chat / document / website form content.

Monitoring content is not a necessary function for

estimating performance level, there are other ways to do it

(refer above).

15

Legal Regulations of Employee Monitoring

Monitoring laws vary depending on the country or state, but despite all the differences, there are certain laws that are common. These common laws form the core principles that both monitoring software and monitoring process have to comply with. In other words there is a set of the strictest rules that have to be followed when applying monitoring in the workplace and when using computer monitoring software. For detailed information per country refer to Appendix 1.

16

Core PrinciplesAccording to Miriam Wugmeister (Comparing the U.S. and EU Approach to Employee Privacy) there are seven principles to follow when applying monitoring: Necessity, Finality, Transparency, Legitimacy, Proportionality, Accuracy and retention of data, Security. Following these principles ensures that monitoring is done properly, stays business related and does not go too far: 1. Necessity. Prior to monitoring, an employer must assess whether the monitoring in all its forms is absolutely necessary for the specified purpose;2. Finality. Data collected through the monitoring activity must respond to a “specified, explicit and legitimate” purpose (for example, the security of the system) and cannot be processed for a different purpose3. Transparency. Monitoring should be transparent. The employer must provide clear and comprehensive notice to employees about the monitoring;4. Legitimacy. Employers may monitor employees only to safeguard their legitimate interests, while not violating the employees’ fundamental rights;5. Proportionality. Personal data processed in connection with any monitoring must be adequate, relevant, and not excessive with regard to the purpose for which they are processed;6. Accuracy and retention of data. Personal data must be updated and retained only for the period deemed necessary for the purpose to be achieved, which generally is no longer than three months; and7. Security. The employer must implement all appropriate technical and organizational measures to ensure that any personal data are protected from alteration, unauthorized access, and misuse.”

17

Main StepsNow, as you have an idea what performance monitoring and spying software are; also as you got familiar with some core legal requirements and professional lawyers’ recommendations, we would like to introduce the main steps for your employee performance monitoring journey:

18

Identifying Your Business Needs and Goals When employers come to the idea of employee performance monitoring, they usually have a need either to improve performance by the employees or they’d like to have a better idea of how the employees spend their working days. The business goal here would be to make the best performance possible. So, here comes the question: What should be monitored in order to respond to the above need and achieve the goal? Here we come to the point of choosing monitoring software.

19

How to Choose Proper Monitoring SoftwareThe most important thing (according to the professional lawyers), when applying employee monitoring in workplace, is to remember your business needs and goals. This is what helps with choosing proper monitoring software; because in this way you have a good understanding of which monitoring features should be in your monitoring software and which ones are unnecessary.

20

Implementing Employee Performance Monitoring

When implementing monitoring software in the workplace, professional lawyers recommend: Stay business related Announce the fact of monitoring to the employees Provide clear monitoring policies Get consent from the employees

21

Quotations From Professional Lawyers“Keep the monitoring work-related. If you offer employees a sound and positive business rationale for monitoring, they are more likely to accept it as a legitimate work-related tool rather than an intrusion. Acceptable reasons include monitoring to respond to a complaint regarding policy violations or to improve employee performance, customer relations, and the quality of products and services.” (By Robin Thomas, from Issues to consider when implementing an employee monitoring program). “An employer may formulate an IT policy for inclusion in its employee manual, specifying that personal online activity not related to work is prohibited during work hours (and/or on company IT equipment). Such a policy should specifically prescribe activities for which use of the company e-mail system is deemed appropriate (if applicable). The employer may require its staff to read the employee manual carefully and acknowledge, in writing, having done so before being formally hired.” (By Ron Cai, Jojo Bai and Kevin Moore in Employee Online Privacy in China). “As to the regulations, we suggest the company to clarify that no private matter shall be handled by the employees in working time or no office equipment shall be used for personal matters; furthermore, it’s also suggested to inform the employees that the company will record the employee’s using of the company computer, software or phone call. Surely, the aforesaid regulation shall be contained in the Employee Manual.” (By You Yunting in Infringement on Privacy, Comment on Enterprise’s Monitoring of Employee’s Chat, Bridge IP Law Commentary). “To qualify, consent may be expressed, as in a written agreement, or implied from the circumstances, as when an employee is informed that all calls and e-mail will be monitored for quality assurance or training purposes.” (By Robin Thomas, from Issues to consider when implementing an employee monitoring program).

22

Monitoring – Good to GoAfter completing all the required steps, like: Defining Goals, Choosing Software, Announcing the Fact to the Employees, Providing Clear Monitoring Policies and Getting Employees’ Consent you are ready to monitor your employees’ performance with confidence and in accordance with the law.

From NesterSoft Inc.By releasing this book as well as many other articles and materials we would like to bring clarity to many various questions, related to the employee computer monitoring area. All provided information is intended to help with choosing your monitoring software that is the right fit for your goals, company or department. This book is basically the set of shortcuts that help you choosing and applying employee computer monitoring software.

23

Appendix 1Monitoring Legislations per Country

ArgentinaGenerally, in case of employees’ awareness it is legal to monitor employees’ computers, laptops, cell phones and any other electronic devices (including its emails, keystrokes, screens content) given by the employer (not their personal) in the workplace.(According to Email and Internet Monitoring/Video and Physical Surveillance by Morrison & Foerster LLP, GLOBAL EMPLOYEE PRIVACY AND DATA SECURITY LAW).

AustraliaOn the whole, employers have the right to monitor employees’ usage of company’s property such as: computers, laptops, cell phones, Internet (including its emails) etc., but workplace monitoring activities are widely covered by the Privacy Act, that’s why employers have to inform employees about monitoring system.(According to Workplace Privacy and Surveillance by Electronic Frontiers Australia).

24


ChinaLocal legislations give employers the right to monitor company’s property usage of computers, laptops, cell phones and other electronic devices given to employees if last ones are informed about the monitoring in the office.(According to Employee Online Privacy in China by By Ron Cai, Jojo Bai and Kevin Moore).

European UnionIn general it is legal to monitor employees in the workplace (computers, cell phones etc.) with their agreement and awareness. But it’s important to follow next basic rules of monitoring: Necessity, Finality, Transparency, Legitimacy, Proportionality, Accuracy and Security.(According to Data Protection at Work by European Commission).

25


IndonesiaThere are no specific labor regulations in Indonesia, which would prohibit employee monitoring. But the local laws and regulations in Indonesia do not distinguish personal data of an employee from personal data of other persons, that makes it possible to implement the monitoring (data collection, use and processing) in the workplace only in case employers follow some requirements: obtain an Electronic certificate from the Ministry of Communication before implementing the monitoring; provide secrecy, totality and the availability of the Personal Data; provide audit track records.(According to Data Protection Laws of the World by Kate Lucente and John Townsend).

United Arab EmiratesEmployers have the right to monitor their property (computers, phones and other electronic devices as well as email’s content or keystrokes) used by employees in the workplace, but only in case of employees’ awareness and agreement, especially when any personal data pertains to an individual's private or family life. If employees do not give their consent, then it is prohibited to monitor them during working hours.(According to Data Protection Laws of the World by Kate Lucente and John Townsend).

26


USALocal legislations vary depending on the state, but in general, it is legal to monitor company’s property usage (computers, phones and other electronic devices as well as email’s content or keystrokes). Employers have the right to monitor their property, but with certain limitations, which apply to employees’ private emails. Also some states require from employers to notify employees about monitoring.(According to Workplace Privacy and Employee Monitoring by Privacy Rights Clearinghouse).

27

Appendix 1Definitions

Personal Data means any information, which can be used to identify an individual. Inappropriate or illegal use of such data may lead to breaching of the law. Sensitive Data - is a type of personal data, which in turn is about an individual’s: health or financial details, biometric information, religious preferences, racial or ethnic origin, political opinion, sexual orientation, philosophical beliefs or criminal history. (According to Data Protection Commissioner, Miriam Wugmeister’s works, Workplace Privacy and Employee Monitoring, and many others). Incorrect use of sensitive data may cause legal problems as well.Performance Monitoring Software is such monitoring software, which keeps track of information required to estimate performance level. Such type of monitoring software does not collect or process any personal or sensitive data that might infringe on individuals’ privacy.Spyware or Spying Software is such software, which monitors, collects or processes personal, sensitive data. Such way of monitoring might infringe on personal privacy.

28

DisclaimerThis e-Book provides general information only. This information is for general

understanding only and not to be used as legal advice. To receive professional legal advice, please consult your lawyer.

WorkTime (worktime.com) - Respectful Employee Performance MonitoringNesterSoft Inc.

July 2015

http://worktime.com/

Legal aspects of using employee monitoring software

Business

Transcript of Legal aspects of using employee monitoring software