Employee monitoring and tracking technologies implemented to ensure remote employee productivity for remote work during the COVID-19 pandemic need to be handled carefully. California employers seeking to learn whether employees surfed the internet or posted to social media for non-work purposes have increasingly used a variety of technologies, including keystroke monitors and other productivity software on phones and laptops, GPS trackers on work computers and work vehicles, and website monitoring on computers to monitor employees’ activities. Some employers monitor logins, activity on messaging, and collaborative programs and applications such as Slack, Google Workspace, Microsoft Teams, and Microsoft Office to track employees’ work time.
The Electronic Communications Privacy Act of 1986 (EPCA), passed by Congress, is the federal law that governs the monitoring of electronic communications in the workplace. The Act prohibits employers from intentionally intercepting and monitoring their employees’ work communications. However, there are some exceptions that allow employers to get around the Act. The first is the Business Purpose Exception, which permits employers and companies to intercept their employees’ work communications, when the company can prove that a legitimate business purpose exists. The second exception is when the employer receives consent from their employee allowing the monitoring and intercepting of the employee’s oral, wire, and electronic work communications. Employers often seek written consent during the orientation process as part of the onboarding documents.
California has additional protections beyond federal law. California is one of the only states that provides its employees and citizens with an express constitutional right of privacy. Article 1, Section 1 of the California Constitution expressly provides that each citizen has an "inalienable right" to pursue and obtain "privacy. Similar to the ECPA’s Business Purpose Exception, the right to privacy can only be overcome (a) if informed consent is given to violate the privacy right, or (b) if the employer can demonstrate that they have a valid need to invade the employee’s privacy that is compelling enough to overcome the reasonable expectation of privacy. See Hill v. NCAA, 7 Cal 4th 1 (1994). This balancing test is referred to as the ‘compelling-state-interest-test’. Thus, it’s important for the California employer to demonstrate that informed consent was provided, or be able to identify what the compelling business need that allowed for the intrusion into privacy is, in order to successfully counter any invasion of privacy lawsuits. Also, many California employers are required to give employees notice of data collection and other provisions of the CCPA/CPRA.
There are a few tips that California employers should be aware of in the face of the digital age. For one, California employers should attempt to lower any expectation of privacy by notifying employees in writing that they are subject to monitoring and tracking on work devices, during work hours and explaining the monitoring and tracking with specificity. Disclosing surveillance provides a sense of fairness and helps diminish or in some cases eliminate any reasonable expectation of privacy. This is crucial because the presence of a reasonable expectation of privacy is the most important factor which creates grounds for invasion of privacy lawsuits. Better yet, employers should try getting their employee’s written consent to monitor work devices, during work hours. A written consent agreement provides both notices to the employee of the lowered expectation of privacy, and express permission to the employer to utilize monitoring and tracking technology, especially if the employees use their own device for work purposes. Unionized employers should be aware that any attempt to secure such agreements from bargaining unit employees likely will have to be bargained for, before implementation.
Even if a California employer has a legitimate business purpose for monitoring their employees or receives consent, it’s important to be aware that monitoring and tracking is not without its limits. Employers and companies should not monitor or track their employees during non-work hours and minimize the risk that any monitoring/tracking software continues to provide information during non-work time.
It is also crucial for employers to safeguard the data they receive from monitoring and tracking employees. Failing to protect data and letting it get into the hands of employees or outside entities who do not have a legitimate need to know could result in sensitive information being exposed and potentially harm the employee and company. On top of that, failing to protect data could lead to successful litigation by the employee.
With long-term hybrid work and remote work arrangements becoming increasingly popular, California employers should re-evaluate any monitoring and tracking practices, provide advance notice, and when appropriate, get written consent from their employees, to cover all the bases.