WORK WITH US
Watch Out: Navigating the Legal Risks of Employee Surveillance Software
The height of the COVID-19 pandemic may be behind us, but the many shifts it prompted in workplace dynamics could be here to stay. One such trend is in the spotlight due to a recent New York Times investigative report: an increasing number of employers are utilizing digital monitoring software that can provide a minute-by-minute account of employees’ activity and quantify their productivity, whether they’re working remotely or in the office. The technological capabilities of this software range from basic activity tracking to taking photos of employees’ screens and faces.
Digital surveillance of employees raises a number of legal concerns, therefore agencies should consult with legal counsel before implementing the practice. This blog post lists some of the salient risks associated with monitoring technology and identifies best practices for risk reduction and effective management.
Possible Bargaining Obligation
While the use of employee monitoring technology is concentrated in the private sector, a number of public agencies in California and beyond are already relying on it to track employee productivity. Unionized public agencies in California must be mindful that the introduction of employee monitoring technology to the workplace would likely trigger an obligation to meet and confer with recognized employee organizations.
California Government Code section 3505 requires employers to “meet and confer in good faith regarding wages, hours, and other terms and conditions of employment” with recognized employee organizations. Electronic surveillance of employee activity can affect the terms and conditions of employment in more than one way: First, the information gathered by monitoring software—such as an employee productivity score or evidence that an employee is engaging in inappropriate or illegal activity on the job—often factors into employee evaluations or disciplinary decisions. Moreover, as discussed further below, close monitoring of employee activity also touches on wage and hour issues, including overtime and measurement of hours worked.
Electronic monitoring software is likely analogous to agencies’ installation of surveillance cameras in the workplace or monitoring of employee internet usage, each of which PERB has held to be a mandatory subject of bargaining. In Rio Hondo Community College District (2013) PERB Decision No. 2313E, PERB reasoned that both practices create a new category of evidence that an employer may rely on to substantiate employee performance evaluations or impose discipline, therefore the agencies in question violated labor laws by failing to negotiate the effects of the practices on the terms and conditions of employment with their employee organizations. Agencies considering implementing electronic surveillance software should therefore provide notice to and engage any recognized employee organizations early on in the process to avoid an adverse effect on the employer-employee relationship.
Wage and Hour Considerations
Depending on the functions performed by the software, employee monitoring technology can become a wage and hour law minefield in the absence of a well-designed policy.
Particularly problematic are the screenshot functions offered by certain employee monitoring tools. This generally works as follows: the software takes a screenshot of an employee’s computer desktop at regular intervals, and if the screenshot captures a moment of inactivity, the software excludes the entire interval from the employee’s hours worked. At least one employer has already settled a Fair Labor Standards Act (FLSA) class action lawsuit alleging this practice resulted in a failure to pay employees for all hours worked and to capture overtime hours—particularly as to offline work not recorded by the software. The Department of Labor also prohibits employers from rounding time in determining an employee’s hours worked in a manner that will “result, over a period of time, in failure to compensate the employees properly for all the time they have actually worked.” Employee monitoring software that systematically rounds down—say, rounds 9 minutes of work down to 0 because a screenshot captured inactivity during 1 minute of a 10 minute interval—risks running afoul of DOL directives.
Also, all employee surveillance software risks imparting constructive knowledge to the employer in the context of overtime work. The FLSA requires employers to pay nonexempt employees overtime wages for all work that the employer knew or should have known the employee was performing outside of normal work hours. If electronic monitoring software is logging employees’ every activity, it becomes much more challenging for an employer to argue that it lacked knowledge of overtime hours worked. On a similar note, agencies that utilize surveillance software to track independent contractors risk a misclassification lawsuit, as the intricate monitoring of a worker’s activity may weigh the scales in favor of classification of those workers as employees.
Finally, agencies using monitoring software to evaluate employees’ productivity must be careful not to penalize employees who engage in non-work related activity during meal or rest periods. Surveillance software that runs constantly in the background cannot be utilized to blur the line between work and personal time.
Employee Privacy Concerns
Monitoring employees’ activity on electronic devices raises obvious privacy concerns—a keystroke logger can log an employee’s passwords, a desktop screenshot may reveal a text from a family member, or a webcam photo of an employee’s workspace can capture….well, you can use your imagination.
The issue of employee data privacy has inspired a bout of legislative activity in California that has yet to become relevant to public agencies—the California Consumer Protection Act, a high watermark in U.S. data privacy law that requires businesses to disclose what information they’re collecting on consumers, how they collect it, and how they will use it, contains an exemption for employers that expires in 2023; in any case, the law does not apply to public agencies. Meanwhile, a bill that would strictly regulate the use of employee monitoring technology by California employers including state and local agencies—AB 1651, also known as the Workplace Technology Accountability Act—is currently stuck in committee.
Despite the lack of federal or California law directly addressing electronic surveillance of employees, several laws create a need for caution and inform best practices. At the federal level, the Electronic Communications Privacy Act (ECPA) prohibits the unauthorized interception of electronic communication or seizure of communications stored on an electronic platform. The ECPA contains two exceptions: (1) employers may intercept and access electronic communications that occur in the ordinary course of business, and (2) employees may consent to monitoring.
At the state level, the California Constitution expressly creates a right to privacy, which attaches only where a court determines an employee had a reasonable expectation of privacy in the electronic data in question. Courts generally find no reasonable expectation of privacy in employer-provided devices or networks when the employer’s policy advises employees to that effect, and where the employee executes an appropriate acknowledgement. California also has its own ECPA, codified under Penal Code section 1546, et. seq., that protects the communications of an “authorized possessor” of an electronic device. While it is unlikely that a court would interpret these laws to allow an employee to exert the rights of an “authorized possessor” and decline a search by the government entity that actually owns and provided the electronic device, this ambiguity in the law underscores the importance of a policy that explicitly notifies employees that electronic devices are subject to monitoring. Finally, neither the California Consumer Protection Against Computer Spyware Act nor the California Data Access and Fraud Act, which prohibit unauthorized spyware installation and data hacking, respectively, contain explicit exemptions for employers vis-a-vis employees’ electronic devices, making obtaining employees’ consent to monitoring all the more prudent.
Summing Up Best Practices
Employers preparing to implement employee monitoring technology should abide by two key principles: transparency and consent. Not only does communicating with employee associations satisfy meet-and-confer requirements, it also increases the odds of employee buy-in—a recent Harris poll found that 77% of employed Americans would be less concerned with their employer monitoring their digital activity on personal or work-issued devices they use to conduct work if the employer is transparent about doing so. Obtaining employees’ written consent to a monitoring policy likewise furthers the goal of transparency while also mitigating the risks created by indeterminate data privacy laws. Open lines of communication can help realize monitoring software’s potential to maximize employee efficiency to the benefit of employers and employees alike.