19

I am interested in privacy at the interface between one's personal and professional lives. This question is adjacent, but not identical to others related to IT system use (1, 2). Given a workplace IT system which is necessary to complete one's job duties, what rights, if any, do you retain as an employee to withhold your consent? For example, can you maintain that you do not personally consent/agree to be monitored even if your system states "by logging in... you acknowledge and consent to the monitoring of this system"? It seems unremarkable for an employer to ask for acknowledgement/compliance with system policies, but consent/agreement seems too much to demand. (Sub-question: by extension, could an employer require an employee to consent/agree to a physical search?)

I am specifically curious about law in the United States of America, but if there are relevant answers for other nations, those would be acceptable, too.

feetwet
  • 22,409
  • 13
  • 92
  • 189
Halyn Betchkal
  • 347
  • 4
  • 10

2 Answers2

38

Given a workplace IT system which is necessary to complete one's job duties, what rights, if any, do you retain as an employee to withhold your consent?

Essentially none, unless you personally, or your union, negotiated a contractual term for your employment that provides otherwise.

You have essentially no legal rights to privacy from your employer about what you are doing while you are on the job.

U.S. states vary considerably, in contrast, regarding how much information an employer can ask about your activities when you are not at work.

For example, employers in most states are not allowed to ask about how you voted in an election for public offices. Similarly, most Colorado employers are not allowed to discriminate against employees based upon their lawful away from work activities (like smoking).

IT monitoring is particularly common in the finance industry to discourage embezzlement and other forms of financial fraud. I have a relative who works in the back office of a bank who is required to take a complete two week vacation with no remote work every year to allow auditors to review their computer files and work in a context where the employee doesn't have any ability to interfere.

Sub-question: by extension, could an employer require an employee to consent/agree to a physical search?

There are jobs, such as working in a mint (i.e. a manufacturing facility for coins), working in gold or diamond mines, working in factories that manufacture controlled substances, working in advanced biotech labs, working in secret national security facilities, and working in prisons and jails, where this is common. As a practical matter of employee satisfaction and finding a way to hire new employees, it isn't very common where the need to do so isn't obvious, but it isn't legally prohibited.

Other Examples

Law enforcement officers, meanwhile, are frequently required to wear body cameras on the job.

Truckers and delivery people often have GPS systems that report back to headquarters to monitor their every move and speed at all times and dash cams. Bus drivers often have this monitoring and also constant security cam and dash cam monitoring. On airplanes, the "black box" records everything done by the pilots and everything said in the cabin for a certain period of time before a crash.

The U.S. President's use of computers and communications on the phone are tightly monitored and recorded.

ohwilleke
  • 257,510
  • 16
  • 506
  • 896
25

Monitoring employees is generally prohibited.

An employer must not monitor employees to an extent not necessary by its duties. That means for instance that the employer cannot monitor the internet pages someone visits, even when he's using a company computer. The employer might set up rules on internet usage (e.g. that private browsing during work hours is not allowed or that certain pages are not to be visited), but supervision of this cannot be done using automated tools but instead must be based on the social level or on trust (e.g. if every time the boss walks past one's desk some youtube clip is being played, he may ask for an explanation).

I know from an employer who once tried to install a firewall that was capable of acting as an SSL proxy, deciphering all traffic for "security reasons". Even though they assured the measure was for network security only, they had to shut it down again after being pointed at the relevant law.

This does not mean that employee surveillance is never allowed, but there must be a business reason for that. And just "safety reasons" is not enough, neither is a general suspicion against all employees.

Here's more information on this. (german)

PMF
  • 9,285
  • 2
  • 28
  • 61