Fostering a Better Climate for Employee Surveillance
Surveillance of employee communications has long been a regulatory requirement, and that alone is challenging for firms to master. Now the pandemic has turned employee surveillance into a business imperative as well: managers need greater assurance about what employees are doing while they work remotely.
So how can firms do that well? Nobody likes being subject to surveillance, after all. If you implement enhanced surveillance poorly, that can lead to a revolt among employees, litigation risk, regulatory problems and a soured corporate culture. How do compliance officers and senior executives navigate such a rocky path?
Several business professors researched this question last summer. They analyzed roughly 1,000 businesses that had moved to work-from-home policies because of the pandemic and adopted enhanced surveillance as part of that shift. They published their work in an MIT Sloan Management Review article — and compliance officers would do well to consider their conclusions.
1. Define and explain the business case for more surveillance
The plain truth is that many firms do need more surveillance, either to satisfy regulatory obligations or simply to assure that employees working without direct supervision don’t bring liability to the business.
For example, if everyone is chatting through a variety of online collaboration tools, that means new avenues for misconduct to fester. In the office, someone might see or hear that immediately and report it. In the virtual world, the company might need to surveil communications more closely than it previously had.
The question for compliance officers and senior managers is how much surveillance is really necessary. “Tattleware” that logs keystrokes, snaps webcam photos every few seconds, or searches employees’ web browsing histories — those are much more invasive tools than software to search for “insider trading” in your message archives.
Could surveillance so invasive be truly necessary? Perhaps. But employees will want to see how that surveillance aligns with business objectives. If you don’t provide that, you risk souring corporate culture and inspiring employees to circumvent your surveillance, rather than accept it.
2. Define the limits of surveillance and impose safeguards
This point goes hand-in-glove with the first. Compliance officers need to anticipate how surveillance data might be abused, and then build effective controls to prevent that abuse.
For example, searching web histories or chat messages could reveal personal information about an employee (say, pregnancy or illness) that a manager might use to discriminate against promotions or pay raises. That creates a mess of litigation, compliance and privacy risk. So how could the company prevent such sensitive information from falling into the wrong hands? Do you train managers to ignore it? Do you block them from seeing it? Do you not bother with that level of surveillance at all?
To win employee acceptance of enhanced surveillance, you must consider how not to use surveillance. Then communicate those limits to employees clearly. Put those limits into corporate policy. Build controls to enforce those limits — and test them.
3. Remember what you need most: trust
The more employees trust each other — within a department; across business units; up and down the chain of command — the better their performance will be. The more quickly they can respond to changing business conditions, and the more successful the business will be overall.
Everyone can appreciate that concept. The challenge for compliance officers is how to preserve trust even as the company rolls out enhanced surveillance — which, by definition, implies a certain amount of distrust: “We know you’ll work hard and do the right thing. Now please excuse us as we install new software to verify that.”
You always need to be mindful of employee trust as you develop your surveillance policies, procedures, and technologies. It’s worth noting that the word “trust” comes from the Old Norse traust, which meant “help, confidence, protection, support.”
That’s what employees will want as you roll out enhanced surveillance: confidence that they’ll be protected from the potential abuses and irritations that surveillance can bring. How can you reflect that in your policies, procedures, and executive leadership? How can you demonstrate the limits you’ll impose?
We’ll need to answer those questions, because remote work is not going away any time soon. Neither, then, will the need for more surveillance — or the need to keep employee trust as you roll that surveillance out.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.