Can an employer monitor (i.e. spy on) their employees’ online productivity (i.e. slacker, time-wasting cyberloafing)?  Today I participated in a Lancaster House session on “Cyberloafing, Cyberspying” – two sides of the same labour relations coin, but full of divergent expectations and perspectives.  I learned a ton from my fellow panelists, Dan Scott and Susan Munn, who represent unions and the government respectively, as well as the moderators, Shana French and Anne Gregory. 

The common thread throughout the program was how to work through divergent expectations of privacy in the workplace. 

Expectations of Privacy

This expectation of privacy informs whether online activity on company time is cyberloafing that can translate into a type of employee time theft, or whether efforts to monitor reasonable online activity is in fact cyberspying that stomps on the privacy rights of individuals.

At the end of the day, it’s all a matter of perspective:  age, generation, living near quick and cheap internet access, as well as how much you participate socially and consume information online and thus see it as everyday behaviour.  For most millennials and employees now entering the workforce, it’s just part of life – how can you quickly access information and your professional network without regular, if not frequent online activity?  The theory is that time spent on a quick tweet or text is counter-balanced by the benefits and increased efficiency on work related tasks. 

And that’s assuming you can pull apart what is a personal versus professional task.  It’s now old news that so many of us blur our professional and personal lives, and that the online universe is very much the driving engine of this new reality.  That doesn’t mean, however, that any clear answers have emerged to answer how to balance employee privacy with the employer’s need to ensure security of its electronic assets, or how to balance personal online activity during the work day with the relentless demand of work after hours.

How to Monitor (Spy on) Your Employee

The practical question discussed in the Cyberloafing & Cyberspying conference today was whether an employer had the right to monitor its employees’ online activity, and if yes, how to do so within the limits of the law.  A brief blog post couldn’t capture the full hour and a half discussion, but suffice it to say that there was general consensus that the starting point is to always consider what is the purpose for monitoring an employee’s online workplace activity. 

If the purpose is a targeted, covert operation to build a case against an employee without any reasonable cause to suspect problem behaviour, an employer will run up against serious evidentiary and procedural problems, let alone privacy law complaints.  If, however, the purpose of the monitoring is part of a system-wide, random audit of the company’s server and electronic systems generally, and employees are put on notice that such regular monitoring shall be conducted for the purpose of system security, the odds are that the employee will have difficulty making a case for any cyberspying-type activity.

Most monitoring/spying falls in a grey area between these two extremes.  As with so many privacy and online issues, the context and purpose for gathering the information is critical, and should be the starting point for most online monitoring of employees, but is only the tip of the iceberg of the various land mines (and/or vast opportunities) of which to be aware in the new online world.