Employee monitoring: is ‘bossware’ right for your company?

Things may not always go smoothly at work and bosses and workers may not always agree on many things. But there may be another “threat” in the city: remote employee monitoring. In some cases, employee monitoring software, also called “bosswareand “tattleware”, threatening to drive distance between employers and employees.

Done well, bossware can help protect organizations from theft and legal risk, and even drive important increases in productivity. But it’s also a privacy minefield that can ultimately demotivate your employees and expose your organization to lawsuits.

But in the new work-from-anywhere era, managers are increasingly tempted to monitor their distributed workforce. Given what is at stake, careful planning should be the watchword for any organization considering employee monitoring.

What is bossware?

Bossware is an umbrella term for various employee tracking tools. While the functionality of the software varies, at a high level it will track what programs workers use during the day and for how long. A more intrusive oversight might record workers’ screens and log their keystrokes. Bossware will ideally be installed on employees’ PCs or devices with their explicit knowledge and consent, although this is not always the case.

Employee monitoring is more popular than you might think, driven by the surge in remote work sparked by the pandemic. One study found that 60% of companies with remote workers are now using some form of bossware, and 88% of them have fired workers after implementing the software. That may be because more than half (53%) of workers whose activity was monitored were found to spend three hours or more each day on non-work activities.

Monitoring can include:

• Email (content and sender/recipient)
• Browser history
• Application usage
• Computer screen and keystrokes
• webcams
• Telephone usage and call content
• CCTV footage (in the office)
• GPS vehicle tracking
• Access badge location tracking
• Fitness tracking vital signs and mood

pros and cons

Bossware advocates say that judicious use of monitoring software can help their organizations in a number of ways, including:

• Track stress levels among the workforce
• Helps improve productivity – by showing which workers are less focused and which are spending too much time on manual and repetitive tasks which can be optimized
• Building a fairer workplace by making sure everyone is working hard
• Mitigate the risk of intentional/accidental data leaks and poor security hygiene

On the other hand, there are potential downsides, such as:

• Employees can find solutions, thus negating potential gains
• Limited computer/device based tracking may fail to record time spent thinking, problem solving, and other non-digital tasks – giving managers a myopic view of worker productivity
• This increases stress levels, and can demotivate staff and undermine morale
• Privacy and legal implications for employers

Legal and privacy implications

Modern privacy and data protection laws add an additional layer of risk for organizations seeking to implement bossware. It is very important that any scheme is implemented in accordance with local laws and regulations.

• EU-wide GDPR do enable workplace monitoring, but within a certain set of guidelines. Organizations should establish clear policies for informing their staff of any employee monitoring schemes, and work hard to make deployments as unobtrusive as possible. Covert and thorough monitoring of matters such as internet usage and communication content is not allowed. Organizations wishing to monitor private communications such as e-mail must also outline a clear legal basis for doing so. And there are strict rules in place to protect employee data, ensuring data is only used for the purposes for which it was collected, and only relevant information is collected, for the minimum time required.
• In America, federal privacy law Electronic Communications Privacy Act (ECPA) allows monitoring of electronic communications such as email as long as they are for legitimate business purposes and are performed on office-issued devices/computers. It also sanctions monitoring of social media and internet activity, and even keylogging and screen recording. However, while federal law does not require advance notice of such activity, some state laws may require employers to obtain approval before implementing employee monitoring. Organizations are also responsible for the security of any data they collect, and all must have clear policies on employee monitoring.

Implement fair staff monitoring practices

It should be clear from the above that employee monitoring is not a workplace initiative to be taken lightly. No two organizations or legal frameworks are alike, but some high-level best practices may include:

• Consider and outline the legal basis for implementing the scheme.
• Make sure monitoring is necessary and proportionate and doesn’t interfere too much with the lives of your employees.
• Consider the extent of your monitoring. Does this include e-mail, application and internet use, and calls? To avoid legal issues, it may be helpful to remind staff to only use their personal devices for personal matters, and only work devices for company matters.
• Be as transparent as possible with staff about what you are planning and why – fully documented in clear policies and standards.
• Ensure that any data collected is protected from loss, damage or theft and is visible only to authorized users.
• Follow data minimization practices by deleting collected data as soon as it is no longer needed.
• Consider alternatives to staff monitoring such as training sessions and/or regular performance reviews.
• Consider whether monitoring is needed across the organization or if it can be limited to smaller parts of the business.

The best policy will strike a difficult but necessary balance between an organization’s business demands and its employees’ privacy rights. Transparency and dialogue are key to retaining staff in the new era of hybrid work.