Ethics in Tech: Should You Monitor Employee Business Communications?

March 10, 2022by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Technoethics, or the ethics of technology use, is an increasingly popular conversation as new technology becomes interwoven and inseparable from our work and personal lives.

Many consumer technologies give users more choice (to a degree) in how much personal identifiable information (PII) to share. Consumers have the option to not use the technology or app.

frustrated stressed business man laptop featured img

 

But business-related technologies are different — and they are tied directly to performing required tasks. Organisations rely on communication tools and apps like Microsoft Teams, Zoom, Slack, and WhatsApp to drive collaboration. Should these be captured, stored and monitored?

Before we even get to this question, it's important to know the laws and guidelines surrounding business-related communications data.

It’s a legal and regulatory requirement

Organisations in regulated industries are required to collect certain types of employee data. Under rules including FCA Chapter 9 and MiFID II Article 16, financial services organisations must capture, archive, and monitor their employees’ business communications. Whether the communication was sent or received on free Wi-Fi, on personal devices, encrypted channels like WhatsApp, or through personal accounts, employers must have records of these messages if they were for the purpose of conducting business of the firm.

There’s no debate here. Failure to capture and retain digital communications data can incur heavy fines, termination of those in charge, and reputational harm.

However, it is also important to note that there are also laws regulating the collection and processing of personal identifiable information (PII). The European Union's General Data Protection Regulation (GDPR) and country-specific data privacy regulations affect every organisation operating at the global level. They must be carefully reconciled by local privacy and regulatory experts to define retention policies in order to meet both sets of requirements and define the scope and scale of surveillance efforts.

Beyond regulatory requirements, why should organisations monitor employees' business communications?

An immense amount of data is sent through digital communication applications as employees collaborate or coordinate internally and externally. There’s opportunity to use this data to:

  • Reduce employee misconduct and workplace policy infractions
  • Reduce misuse of customer data
  • Improve employee productivity
  • Boost company morale and culture

Applying practises that monitor communications enables organisations to discover policy violations and vulnerabilities across multiple functions and business processes. Legal, HR, infosec, audit and investigative teams are all engaged in spotting red flags that range from loss of intellectual property, security exposures and privacy violations, to a variety of workplace policy infractions.

Is it ethical to monitor employee communications beyond regulatory requirements?

In the recent Annual Banking Operational Risk Management Summit, this was one of the most asked questions. But like many ethical questions, the answer depends on additional questions:

  • What’s the business requirement fulfilled by collecting data?
  • How will the data be used?
  • What happens with the data after it’s captured or used?
  • How can potential misuses of that data be identified and rectified?

There is a simple starting point to address these questions: anonymise collected data. This way, it’s less about monitoring and analysing individuals and more about understanding how information value and risk are being harnessed and managed by the organisation.

This is where artificial intelligence really shines. Rather than having human eyes looking through communication data, AI and machine-learning technology can automatically:

  • Strip PII from collected data
  • Flag malicious language in context
  • Cull through thousands of daily messages
  • Identify misconduct with fewer false positives

No one likes the idea that every letter of their communications is being scrutinised and analysed — but that shouldn’t be the point of monitoring employee business communications.

So, is it ethical to monitor employee communications? Like many ethical thought experiments, the answer to this question is that it all comes down to intent.

Share this post!

Smarsh
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.