- If your AI-generated code becomes faulty, who faces the most liability exposure?
- These discoutned earbuds deliver audio so high quality, you'll forget they're mid-range
- This Galaxy Watch is one of my top smartwatches for 2024 and it's received a huge discount
- One of my favorite Android smartwatches isn't from Google or OnePlus (and it's on sale)
- The Urgent Need for Data Minimization Standards
Organisations are struggling to monitor remote employees – IT Governance UK Blog
I don’t think any of us would have thought in March 2020 that remote working would be as popular as it has become.
The scepticism perhaps came from the hurriedness with which the measures were implemented, as many people worked from kitchen tables and between childcare responsibilities. Or maybe it stemmed from organisations’ historic reluctance to adopt remote working.
Their reason for that is understandable: remote working makes it almost impossible to keep an eye on employees and make sure they’re acting responsibly.
For many, the concept of employee monitoring conjures the idea of a workplace-turned-panopticon, with bosses logging each toilet break and checking every website you visit to make sure you’re on task.
The reality is that most companies wouldn’t have the resources to do that even if they wanted to – and many don’t care how many times you go to the toilet as long as the work gets done.
This is something that’s come to fruition during the pandemic. It quickly became normal to rearrange meetings because a team member had to after their child, or to work late because we went outside for the first time in two days at lunch and the weather was finally picking up.
Those delays tended to mean that employees worked more, rather than fewer, hours. An Office of National Statistics study found that remote employees worked five hours a week more on average than those who worked in the office. They also did six hours of unpaid overtime on average per week, compared to 3.6 hours for those who never work from home.
In most cases, therefore, employee monitoring is – or at least should be – less about reviewing productivity and more about preventing scenarios that jeopardise the organisation’s safety, such as employees visiting dodgy websites or misappropriating sensitive information.
These are perfectly justifiable reasons to monitor employees, and thanks to various tools, organisations have unobtrusive ways to track their teams and ensure they remain safe. Yet, those programs aren’t nearly as popular as you’d expect.
In fact, the UK government’s Cyber Security Breaches Survey 2021 found that fewer organisations are performing user monitoring during the pandemic (32%) than they were in the year before (38%).
If employee monitoring was the biggest obstacle to remote working before COVID-19, why is not being done now that solutions are widely available?
Would you know if your organisation suffered a data breach? Employee error is among the leading causes of security incident, and without a way to monitor their behaviour, the risks increase.
If you’re looking for help tackling this threat, IT Governance is here to help. We offer a range of data protection and cyber security training, tools, software and consultancy services – all of which can be delivered remotely.
Technological creep
Remote monitoring software provides a variety of features that give employers insights into the way their teams work. For some, this extends beyond the websites they visit and the apps they use and into the analysis of productivity, such as recording keystrokes and reviewing desktop sessions.
Although there may well be valid reasons for doing this, organisations may fear that it does more harm than good.
Unlike the anecdotal evidence that comes with monitoring employees in the office, remote monitoring software codifies the practice, creating reams of records that turn employee activity into a series of metrics.
This information may be the only alternative to reviewing who is the first one in the office, who stays late and who takes lengthy sojourns during the day – but it undoes much of the goodwill that employees feel about flexible work.
According to a TUC (Trade Union Committee) study, 56% of employees believe that introducing employee monitoring software damages the trust between workers and employers.
Meanwhile, 60% said that unless it was carefully regulated, the use of such technology could increase unfair treatment in the workplace.
And this is without mentioning the GPDR (General Data Protection Regulation) compliance issues.
Although organisations are permitted to use monitoring software under the GDPR, it takes substantial effort. In addition, employees must be given a clear understanding of when information about them is likely to be obtained, how it will be used and to whom it will be disclosed.
This is a something organisations have struggled with during the pandemic, according to the TUC. It found that only 31% of employees were consulted when new forms of technology were introduced to the workplace.
If organisations are going to use monitoring software, this is something they must address.
Employee monitoring and the GDPR
Organisations that are subject to the GDPR and that want to use employee monitoring software must conduct a DPIA (data protection impact assessment).
These are essentially a type of risk assessment that help organisations identify and minimise the data protection risks of a project.
When performed correctly, they ensure that employee monitoring is performed only when necessary, helping you avoid privacy issues and preserving your employees’ trust.
This remains a top priority even after Brexit, not only to protect your employees but because the same requirements are in place in the UK’s equivalent of the GDPR.
If you’re looking for advice on where to get started, IT Governance can steer you in the right direction. We offer a range of data privacy and cyber security training, tools and software – including our DPIA Tool.
Developed by data protection experts, this tool guides you through the six steps you must complete to ensure your assessment effectively measures the level of risk involved in data processing activities.
You don’t have to be a GDPR expert to complete the assessment. Our DPIA template shows you the questions you need to ask and how you can find the answers.
It even provides links to the relevant sections of the Regulation, so you can check why each process is necessary.
We’re currently offering a free 30-day trial of our DPIA Tool. Simply add the subscription you require to your basket and proceed to checkout.