I had a really interesting discussion with my students during class this week about employers’ use of electronic means to monitor employees. When I first started teaching Privacy Law at Roger Williams Law School eight or nine years ago (time flies!), the section on workplace privacy was so brief that I had to combine that subject matter with another to fill the class time. The reason was because, back in the day, there were few laws relevant to employees’ privacy in the workplace, as most employment in the U.S. is “at will,” and employees, in general, don’t have an expectation of privacy in the workplace (with a few obvious exceptions).

That tide is changing, which was very evident during the class discussion this week. In general, companies have always had the right to monitor employees while in the work place, including as technology advanced, and most employees understand that their employers are monitoring their use of company computers, phones, and key cards. With a more hybrid workforce, employers monitor when employees come into the office, when they log into the VPN, monitor email traffic and can prevent employees from accessing websites that are deemed inappropriate. Employees for the most part are aware of this type of monitoring and do not believe it is intrusive.

But when you start talking about keystroke technology, collection of biometric information, and geolocation monitoring, my students pushed back and the discussion became lively. They found this type of monitoring to be much more intrusive and unreasonable, and really blurring the line between information that an employer is entitled to and that which started to creep intrusively into private lives. They felt it was offensive that employers have such little trust in them and felt they were not treating them professionally. The major sentiment in the room of twenty-somethings was distrust of employers who would stoop to such means. We bantered about the legitimate needs of businesses to monitor employee productivity and other laws (such as wage and hour laws) that could complicate the ability of employees to work off-hours, and there was some acknowledgement of those points, but not much. This issue is going to get more and more complicated for companies as the hybrid work model develops and the quest for talent continues to be challenging.

Affirming my students’ reaction to electronic monitoring, in addition to federal law, states are getting into the mix by adopting laws that require employers to give notice of (and in some states, written acknowledgement and consent to) their electronic monitoring of employees. Three states have adopted such laws (New York, Connecticut, and Delaware) requiring private employers to provide notice to employees of electronic monitoring, and New Jersey requires employers to provide notice to employees if a tracking device is used in an employee’s vehicle. Other states have similar bills in the works, including California’s Workplace Technology Accountability Act. (See Linn Freedman quoted in the related SHRM article here.)

In addition, the National Labor Relations Board has indicated that it is looking into including electronic monitoring as an unfair labor practice without notice and consent. All of this is to say that workplace privacy laws are popping up with greater frequency than ever before, and employers may wish to follow them closely. Employers may want to consider how certain monitoring technology might also have legal compliance obligations, as well as affect workforce satisfaction.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.