Ethics in Tech: Should You Monitor Employee Business Communications?
Technoethics, or the ethics of technology use, is an increasingly popular conversation as new technology becomes interwoven and inseparable from our work and personal lives.
Many consumer technologies give users more choice (to a degree) in how much personal identifiable information (PII) to share. Consumers have the option to not use the technology or app.
But business-related technologies are different — and they are tied directly to performing required tasks. Organisations rely on communication tools and apps like Microsoft Teams, Zoom, Slack, and WhatsApp to drive collaboration. Should these be captured, stored and monitored?
Before we even get to this question, it's important to know the laws and guidelines surrounding business-related communications data.
It’s a legal and regulatory requirement
Organisations in regulated industries are required to collect certain types of employee data. Under rules including FCA Chapter 9 and MiFID II Article 16, financial services organisations must capture, archive, and monitor their employees’ business communications. Whether the communication was sent or received on free Wi-Fi, on personal devices, encrypted channels like WhatsApp, or through personal accounts, employers must have records of these messages if they were for the purpose of conducting business of the firm.
There’s no debate here. Failure to capture and retain digital communications data can incur heavy fines, termination of those in charge, and reputational harm.
However, it is also important to note that there are also laws regulating the collection and processing of personal identifiable information (PII). The European Union's General Data Protection Regulation (GDPR) and country-specific data privacy regulations affect every organisation operating at the global level. They must be carefully reconciled by local privacy and regulatory experts to define retention policies in order to meet both sets of requirements and define the scope and scale of surveillance efforts.
Beyond regulatory requirements, why should organisations monitor employees' business communications?
An immense amount of data is sent through digital communication applications as employees collaborate or coordinate internally and externally. There’s opportunity to use this data to:
- Reduce employee misconduct and workplace policy infractions
- Reduce misuse of customer data
- Improve employee productivity
- Boost company morale and culture
Applying practises that monitor communications enables organisations to discover policy violations and vulnerabilities across multiple functions and business processes. Legal, HR, infosec, audit and investigative teams are all engaged in spotting red flags that range from loss of intellectual property, security exposures and privacy violations, to a variety of workplace policy infractions.
Is it ethical to monitor employee communications beyond regulatory requirements?
In the recent Annual Banking Operational Risk Management Summit, this was one of the most asked questions. But like many ethical questions, the answer depends on additional questions:
- What’s the business requirement fulfilled by collecting data?
- How will the data be used?
- What happens with the data after it’s captured or used?
- How can potential misuses of that data be identified and rectified?
There is a simple starting point to address these questions: anonymise collected data. This way, it’s less about monitoring and analysing individuals and more about understanding how information value and risk are being harnessed and managed by the organisation.
This is where artificial intelligence really shines. Rather than having human eyes looking through communication data, AI and machine-learning technology can automatically:
- Strip PII from collected data
- Flag malicious language in context
- Cull through thousands of daily messages
- Identify misconduct with fewer false positives
No one likes the idea that every letter of their communications is being scrutinised and analysed — but that shouldn’t be the point of monitoring employee business communications.
So, is it ethical to monitor employee communications? Like many ethical thought experiments, the answer to this question is that it all comes down to intent.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.