Are you being watched while working? What hybrid workers need to know

In today's post-COVID work landscape, hybrid working models are commonplace. If organisations provide adequate legal notice to employees, they may monitor employees through cameras, audio, keystrokes, and mouse movements, even in remote work settings. 

“Some employers do not think about the legality of workplace surveillance, let alone which surveillance activities are reasonable,” says Peter Leonard, a Professor of Practice for the Schools of Management & Governance and Information Systems & Technology Management at UNSW Business School. 

With the rise of remote and hybrid work, there has also been a boom in remote workplace surveillance technology, with a recent analysis finding well over 500 related technology “bossware” products available on the market. Furthermore, the global employee computer monitoring software market is expected to grow by $US488 million to $US1.7 billion by 2029. 

Workplace surveillance of hybrid and remote workers is on the rise for a few reasons. Chief among these are concerns about productivity.  

Recent media coverage, for example, highlighted the case of an employee working from home who was fired after the number of her keystrokes were counted, and found to be unsatisfactory. This among other factors led to her termination. 

Cases such as these have prompted questions about the legality of such monitoring. Is it fair and is it legal? 

What is legal? 

When it comes to what’s legal (and what’s not) there is no simple answer, says Prof. Leonard. The legality of monitoring employees who are working remotely varies from state-to-state in Australia.  

“Surveillance is broadly illegal except where the law expressly permits it,” says Prof. Leonard, who was a founding partner of Gilbert + Tobin Lawyers, advising technology, data and communications businesses across the region for more than 30 years. 

“The Workplace Surveillance Act NSW mandates that companies provide employees with a 14-day notice if they intend to use surveillance in the workplace. This includes activities such as monitoring computer keystrokes, recording conversations, and optical surveillance.  

“Only notice is required: employers are not required to get prior consent from affected employees,” says Prof. Leonard.  

Section 16 of the Act addresses situations in which employees are working remotely. The Act allows surveillance of such employees who are using work devices when they are not at their workplace. 

Prof. Leonard says: "If you are working from home and you are using equipment or online services provided at the expense of the employer, then, with prior notice, the employer can undertake surveillance.” 

This also includes using for-payment software services provided by the employer. For example, if an employee is using employer paid-for Microsoft 365 Professional on their personal computer and logged in using their work-related email, the employer may monitor their activities while using the software service. 

Why does workplace monitoring happen? 

“There is understandable concern among employees about employers spying on their activities. There are many examples where employers are demonstrably intrusive and disrespectful in their monitoring practices.  

Some employers simply don’t understand how to implement responsible data governance practices that limit monitoring to that which is reasonable, necessary, and proportionate”, says Prof. Leonard. 

Employers may monitor employee’s work devices for several reasons. Prof. Leonard says: “In some limited circumstances, an employee’s legitimate expectations of privacy may need to give way to concerns and legal responsibilities of employers to protect workplace safety, information security or commercial confidentiality.  

“For instance, assume that I log in to a work-provided service from an uncustomary overseas location. My employer might use geo-locating features to query whether it was me logging-in. To ensure information security, some employers also use keystroke technology, analysing patterns of keystroking that may indicate a person typing is not the individual entitled to use a particular user account.” 

And cyber security is a very real concern in the age of hybrid and remote work. Since the start of the COVID pandemic, ransomware attacks have increased by nearly 500 per cent.   

Employers also have a role in safeguarding the security of their remote workforce. In practice, employers should ensure that remote staff maintain current operating systems and practices such as installing up-to-date security software. Prof. Leonard says such measures help create a secure and protected environment for remote work, benefiting both employees and the organisation. 

How to approach remote workplace surveillance  

 The surveillance of hybrid and remote workers can be a two-edged sword for organisations, particularly when it comes to issues such as perceived trust, responsibility and accountability, and how this impacts workplace culture. 

A US research study even found that monitored employees were more likely to break the rules, through unapproved breaks, disregarding instructions, damaging workplace property, stealing office equipment and purposefully working at a slow pace. 

Prof. Leonard acknowledges that balancing the interests of employers, rights and legitimate expectations of employees is not an easy equation to get right. “Workplace surveillance should be done carefully and for the right reasons,” he says. 

Transparency on both the employer and employee sides is one of the most important elements to consider. “Hybrid workers should start by thinking about how they use resources and equipment provided by their employer,” says Prof. Leonard. 

“If employees are concerned about workplace surveillance practices, they should ask their employer for a full description of those practices and associated policies. Employers and employees should each expect a respectful workplace dialogue about when and to what extent monitoring is justified. There should also be full disclosure as to technical and operational safeguards and controls put in place by the employer to ensure that monitoring is a reasonably necessary and proportionate means to a justified end. Transparency, and dialogue, are key.” 

Prof. Leonard also says that individuals who are unhappy with workplace surveillance policies and practices should contemplate their choice of devices for personal activities. The prudent assumption is that if you are using a work device or work-paid resource, then your employer may be monitoring your use.