It has become common understanding among people that when they begin work at an organization, there is a high chance that their activity will be monitored. While most employers are well within their rights to monitor activity that occurs within their business, there are both legal and ethical considerations to keep in mind. Employee monitoring has produced a lot of positive contributions to organizations, however as tools have advanced so too has the complexity of negative impacts as well. Exploring the ethics of employee monitoring can help you to understand whether you should monitor at your organization, if so then how you will implement employee monitoring. This article will explore the ethics, legal considerations, and impacts of employee monitoring. By the end of this article you should have new questions and frameworks to explore this topic through. So let us begin!
What are Employee Monitoring Ethics?
Before diving into the ethics of Employee Monitoring it is important to define very quickly what ethics are, and what context we will explore them through here. Ethics can simply be defined as “a set of concepts and principles that guide us in determining what behavior helps or harms sentient creatures” according to Dr. Richard William Paul and Dr. Linda Elder who are both leading authorities in the fields of ethics and critical thinking. When people, institutions, or society is considering how to act in a given situation there are two popular forms of ethical consideration, teleology and deontological. Both of which are important to understand when it comes to a topic such as employee monitoring.
Ethics is never really a consistent exercise for most people as we all operate within three spheres of ethics: micro (personal), meso (organizational), and macro (sector-wide/society). Wherever these spheres of ethics interact we face greater tension in our decision making. For example you (micro ethic) may value liberty and freedom at all costs for society, but employee monitoring as a practice (meso ethic) could conflict with your personal view. Resolving these ethical tensions is a common challenge we all face and as a result we develop forms of processing these tensions.
Teleology (utilitarian) is a form of ethical consideration that places the consequences or outcomes as the central basis for moral judgement. In other words, under this view the “ends justify the means.” the ethical action under this view is which ever produces the most effective outcome for the most people. Meanwhile, the deontological perspective of ethical consideration places actions and motives as the primary basis for what is right and wrong. Under the deontological prism, an action can be ethically good even if it produced a negative consequence. The most important factor here is consistency of action. Something such as always being truthful for example, could be considered right. When it comes to security it is very common that writers will briefly touch on ethics, and often it is from a purely teleology perspective. This often results in poor guidance for respecting employees and siloing security off from the other ethical considerations of business and government.
Top Posts in Insider Threats & Monitoring
- The Decline of the Rogue Employee: Utilizing Behavioral Trends
- How to Create an Insider Incident Response Plan
- Creatures of Habit: How Behavioral Analytics Can Deter Insider Threats
- The Victim Click: The Psychology Behind Making Employees Click
Employee Monitoring & Ethical Considerations
Do the ends justify the means? This line is common when questions about security arise in organizations, however by not questioning the means of implementation, monitoring policy, impacts, or even legal violations some organizations can find themselves in trouble. Before rushing to monitor employee it is important to consider why you seek to do so. Is it to mitigate insider threats? Protect critical assets? Process optimization? It is important to understand why you seek to monitor employees as it sets the ethical foundation when you work with stakeholders to carry out your plan. The most important stakeholder beyond yourself here are your employees, whose labor hold up the organization. With a variety of tools at your disposal will you monitor every keystroke, every email, every mouse movement? Will there be exceptions such as when they’re on their personal bank accounts? These questions come up often which reveal some of the flaws of a pure “ends justify the means” approach towards security. One ethical question starts to become at which point does employee monitoring impose on their personal privacy? It depends of course on the means of how you apply the employee monitoring. One of the things to be considered is where an employee’s time is being spent.
Top Posts in Productivity
- Insider Threat Statistics: 8 Convincing Findings [Infographic]
- How to Prevent Insider Threat Data Breaches in 2018: The Top Experts Speak
- 4 Different Types of Insider Attacks [Infographic]
- The Most Dangerous Cyber Risk: Insider Threats
Productive vs. Non-Productive Activities
The ongoing challenge for organizations continues to be productivity, which means there is a lot of personal information and data being used on your network. According to a study from September 2017 cyberloafing is a massive problem with employees spending up to 2 hours a day using their work computers for personal surfing. That means up to 25% of work time is spent on personal tasks and loafing at work. During this time it would be reasonable to assume that employees are spending time on social media, checking bank accounts, shopping, or the worst offense watching cat videos. Despite the clear violation of most company policy, would it still be right to collect each employee’s password to all of their personal accounts?
Thankfully, there are a few alternatives that are usually built into monitoring software. Beyond simply watching employees and logging each of their keys, you can also preemptively block any websites that could be considered personal leisure. The other option is somewhat more complex but possible, you can prevent your software from recording which on protected websites (such as banks). The technology options available to us are not so black and white in what is possible when it comes to security. Neither should our thinking be.
For employee monitoring it becomes increasingly important to understand how much time is potentially being spent at your organization on non-productive activities. If you can identify those non-productive activities, they you can make a more flexible monitoring program. However, the question still remains should you monitor in the first place?
Employee Monitoring: Outcomes and Motives
Should a business just not monitor what happens on it’s network and trust that employees are always doing what they have been tasked with? Not necessarily, see businesses have a responsibility to create a safe work environment for employees. If for example an employee is watching graphic or politically charged content at his workstation regularly, it creates a hostile work environment which violates U.S. labor laws regarding harassment. By not monitoring that activity a company can expect a visit from the Equal Employment Opportunity Commission (EEOC). Another scenario, is a data breach. If an organization is not properly monitoring all data and communications that comes through it’s network then they become a very attractive target to hackers and malicious employees alike. Additionally a data breach that was not adequately protected against could create a crisis of trust for any potential customers or clients of the company. Imagine if a business that you frequent did not take adequate measures to protect your credit card information. Months later you find out that either employees or hackers were using your card in small increments. It would be infuriating and a gross violation of law in some states. When it comes to security there is not really a replacement for employee monitoring.
Is Employee Monitoring Legal?
Employee monitoring is legal, however there are some stipulations that must be followed in some states. In states such as Delaware and Connecticut employers must inform employees that they are being monitored electronically. Additionally there is federal legislation in effect which may impact your ability to monitor to the scale you want. Specifically the Electronic Communications Privacy Act (ECPA) which essentially bans monitoring of electronic communications. However, like any regulation, there are exceptions and for businesses they allow to monitor employees as long as there is a “legitimate business purpose,” which means a dragnet style of employee monitoring would violate the law if there was no sound cause for it. Additionally do you have any European clients? If so then you now also have to follow the General Data Protection Regulation in addition to all U.S. federal and state level laws.
The question of legality in regards to employee monitoring is an example of meso level ethics in tension with macro level ethics.Of course many organization comply with the macro level ethical paradigm, the mention of this is to highlight the ethical boundaries of decisions as codified into law.
Is Employee Monitoring Ethical? How?
Security by its nature must be utilitarian, meaning the “ends justify the means” which in this case is to protect not just the business, but the integrity of each employee and stakeholder who engages with the organization. It is easy to rally around safety and security at the expense of privacy while on the company network. Security fails without stakeholder support and commitment. This is where the consistency requirement of the deontological approach towards ethics merges well with the utilitarian. The deontological is not concerned with the positive or negative side of the outcome, just that one’s actions are consistent. When it comes to employee monitoring it should consistently apply to everyone in the organization including executives and administrators. With both a positive outcome being pursued in a consistent manner, employee monitoring would be considered good in many cases. Just remember the dragnet approach towards employee monitoring will violate ethical standards at the federal level of government. Which can lead to massive fines and prosecutions, so ensure you are keeping tabs on where your surveillance limits end.