All posts

How to Implement Employee Screenshot Monitoring in A Legal Way

Let’s answer the main question — yes, employee screenshot monitoring is generally legal in the US, the UK, the EU, and many other jurisdictions. However, an employer needs to obey a range of regulations for the monitoring to be lawful. We are going to explain them in detail and show how you can adopt computer surveillance in the workplace without legal issues.

5 Key Factors to Consider

The main problem with employee screenshot monitoring is its possible collision with the right to privacy. To understand the bottlenecks and ways to avoid them, you should see into the following factors.

Time

Boost Productivity
of Your Employees!

Free Trial Live Demo

It is expected that employees spend working hours performing work-related tasks. As such, it seems that there can be no disputes about shopping online or managing personal bank accounts during the workday. If some workers disengage themselves from their job duties to address personal affairs, they are guilty of violating labor discipline and cannot claim intrusion into their privacy, right? Not completely.

As your staff cannot work around the clock without stretching their legs or having a snack, we arrive at the problem of breaks. Many jurisdictions impose strict requirements on the number of breaks employers must provide for their workforce, their types, duration, and compensation issues. For instance, California requires a meal period every five hours spent by a non-exempt employee in the workplace, with the break lasting no less than half an hour. There is also a mandatory 10-minute paid rest break, San Francisco nursing mother’s rest, and some industry-specific regulations. In addition to compliance with laws, employers should listen to researchers’ suggestions on increasing productivity, improving mental well-being, and boosting creativity with the help of regular breaks.

So, employees are entitled to have breaks and may use this time to perform some non-work activities on devices monitored. And here is where employee screenshot monitoring is likely to clash with privacy, which leads us to another part of the problem.

Device

Suppose, you will be able to address the above-described issue by banning the use of all devices provided by the company for any activity not related to job duties. Right you are, as the company owns the equipment and has every right to check whether it is used in a correct way and for a correct purpose. And if it is prohibited to open personal emails or visit private social media accounts via this equipment, it doesn’t matter if the violation occurs during a workday, a break, or after hours.

Yet, the reality is not that simple. In the modern world, we have an abundance of the workforce working remotely and using home PCs and private laptops. Moreover, there are mobile gadgets galore designed to perform multiple tasks, and your sales manager can make private calls and send invoices in one smartphone. And who owns this device? Wouldn’t you violate your staff members’ privacy when trying to implement employee screenshot monitoring across privately-owned computer equipment?

Besides, even if you ban non-work activities on official laptops, it doesn’t mean your staff will abide by the rules. Yes, those who won’t can be punished for labor misconduct, but if some screenshots happen to capture critical personal information (like passwords to private accounts) and it somehow leaks, it will be difficult for you to fight off lawyers and explain how it corresponds to legitimate business intent. And this is another point to consider.

Purpose

The Electronic Communications Privacy Act of 1986 is the key law addressing employee monitoring on the federal level across the United States. It does permit tracking employees’ verbal and written communications but imposes certain conditions. The main of them is having a legitimate business reason for implementing workplace surveillance. These reasons may include protection from insider or external threats, maintenance of employee morale, compliance with policies established in the workplace, and other reasonable grounds conforming to local and federal laws.

In Europe, the General Data Protection Regulation also allows employee screenshot monitoring, but Article 5 clearly states that any identifiable data must be collected only for specified, explicit, and legitimate purposes. The next article lists the following lawful grounds for processing personal data:

• execution of a contract with the data subject
• compliance with a legal obligation
• protection of someone’s vital interests
• fulfillment of tasks in the public interest
• pursuing specific purposes under the data subject’s consent
• legitimate interests of a controller who determines the purposes and means of the processing or a third party who is authorized to process the data

Based on this, the GDPR accepts legitimate business interests as a ground for collecting personal data but emphasizes that they must not be outweighed by negative effects to the individual’s rights and freedoms.

So, an employer, both in the US and EU, needs to be ready to present a compelling argument for collecting and storing confidential information of their staff.

Consent

Generally, US employers do not need to inform their staff about taking pictures of computer screens within their employee monitoring policies. Neither are they required to get oral or written consent from an employee tracked. However, employers from several states cannot enjoy the freedom of placing their workforce under surveillance to the fullest. Namely, Connecticut and Delaware require employers to notify workers about the types of monitoring conducted, while in Colorado and Tennessee, employers must adopt a written policy on email monitoring (since emails can be captured through screens, these laws are applicable to screenshot monitoring). Moreover, Maryland, Illinois, and California have “all-consent” laws that imply receiving employees’ consent to any type of electronic communication monitoring.

As to the European workforce, the data subject’s consent is mentioned by the GDPR among lawful grounds for data collection. This point may be taken by some employers as permission to monitor their staff when having their consent with no necessity to follow the other requirements. But the truth is that you need both consent and legitimate purpose to comply with the GDPR since consent received from an employee can be compromised (if obtained under pressure rather than freely given or withdrawn). Besides, consent must be given with a clear affirmative action, be it in an oral, written, or electronic form.

Storage

We have already mentioned the risks connected with storing data collected via employee monitoring. In the USA, stored communications are governed by an act of the same name, which permits access to information stored on an employer’s network but prohibits intrusion into third-party storage. And since the line is vague in many scenarios, unauthorized access to confidential information and data leaks can put an employer in danger of facing lawsuits.

For example, the telecommunication giant Verison was sued in 2013 for its employee accessing a personal email account of a former staffer through a corporate cell phone the latter used while working for the company. The court ruled that Verizon could potentially be liable for the action of its employee since they both weren’t authorized to search the personal emails even though the company had an email and internet usage policy in place.

European courts also take employers’ liability seriously, which is proved by a €35.3 million fine imposed on an international retailer under the GDPR last year. The company failed to protect its employees’ data from unauthorized access due to an IT error, and the Hamburg Commissioner for Data Protection ruled that the business had not taken appropriate steps to ensure GDPR compliant storage of personal data.

On the other hand, an employer is legally bound to store certain records, for example, meetings with employees associated with labor discipline and HR issues. So, if your monitoring software captures screenshots of a video meeting falling under these regulations, you will need to keep the recordings and produce them in court whenever litigation arises.

How to Implement Legal Employee Screenshot Monitoring

Our overview clearly shows that the right to perform employee screenshot monitoring comes with many conditions and responsibilities, making it tricky to implement in the workplace without leaving loose ends. However, that’s not the reason to forgo all the benefits a well-arranged workforce surveillance system can deliver. To be on the safe side, an employer needs to carefully address the above-described challenges, namely:

• to define clear goals they want to achieve through taking pictures of computer screens and link them to legitimate business interests;
• to design a comprehensive employee monitoring policy, informing the staff about the types and means of monitoring, including taking screenshots, its objectives, the scope of data collected, data protection issues, etc.;
• to provide training for the staffers to know how to behave in various scenarios to comply with the policy;
• to ensure secure data storage and specify a limited set of people authorized to access the system;
• to get informed consent in a written form from the employees;
• to constantly monitor data stored for timely removing screenshots that contain sensitive information and do not correspond to the purposes claimed.

Surely, you will also need some employee screenshot monitoring software tailored to your goals, and we have one totally ready for use.

How to Legally Monitor Screenshots with Controlio

The Controlio employee monitoring software is designed to deliver a perfect balance between staff’s privacy and employers’ business needs. You can take screen records to reveal insider threats, resolve work-related disputes, obtain evidence of company policies violations, track workflows, and detect factors affecting your workforce performance, which are all legitimate grounds for employee monitoring. But Controlio comes with multiple features to provide more flexibility in the privacy context.

To start with, Controlio allows choosing types of activities to be monitored for every user or department.

You can go to the Monitoring Profiles section of the dashboard and turn screen monitoring on or off, depending on your needs.

Moreover, you have three options for screen monitoring, including:

• live streaming (real-time screen capturing when a user is online)
• snapshots (thumbnail images recorded every five minutes when a user is active)
• screen recording (full-scale records taken when a user is active)

Selecting a recording method is a privacy-wise feature of Controlio, as it allows excluding apps and websites where employees’ sensitive data can be captured or including only work-related resources to mitigate the risks of privacy intrusion.

When configuring policies for profiles monitored, you are welcome to avail of the Warning Message Text box, where you can write a notice to remind a user about surveillance in place.

The next feature resolves the privacy issue for both off-work hours (like breaks) and privately-owned devices. By pressing one button only, you can allow a user to turn monitoring on and off via a taskbar icon displayed on their screens. This is how they can separate work-related activities from private affairs in one click.

Another way to go is using the Schedule function to specify a time for monitoring according to various schedules. For example, if a remote worker has to work from 10 a.m. till 12 a.m., no screenshots will be taken outside this timeframe.

You can further adjust Controlio’s monitoring features to your business structure and applicable regulations by configuring various types of activities to be tracked.

Surely, Work Examiner developers have provided their customers with the possibility to delete excessive screenshots and other data from the system. Namely, this can be done in the Computers and Users tabs in the System settings.

And to ensure tough data protection from unauthorized access, Controlio allows for creating different security roles, thus limiting the number of people entitled to view and manage certain pieces of data.

While Work Examiner products are full of useful features to find a happy middle ground between the interests of employers and employees, you will be able to legally incorporate employee screenshot monitoring only by taking a holistic approach towards the task.

Share a post