A Guide to Employee Monitoring in the US

2024

Written by Asim Qureshi
By Asim Qureshi, CEO Jibble

In the modern workplace, employee monitoring has become more of a common practice, raising important questions about privacy and ethics.

With technological advancements and the increasing reliance on digital communication, employers have gained the ability to monitor various aspects of their employees’ work activities. From tracking computer usage to monitoring internet browsing, social media activities, and email communications, these practices aim to ensure productivity, protect company assets, and maintain security. However, this growing trend has sparked debates about the balance between monitoring and employees’ rights to privacy. How much employee monitoring is too much? Is it all even legal?

In this article, we will explore the topic of employee monitoring in the United States, examining its legality, different methods used, potential implications, and the ethical considerations surrounding this practice.

This Article Covers

US Monitoring Laws and Legislation
Understanding Consent and Notification in Employee Monitoring
Monitoring Employees’ Devices
Monitoring Employees During and Outside of Work Hours
Messages, Emails, and Phone Conversation Monitoring
Screen and Video Monitoring of Employees
GPS Monitoring of Employees
Monitoring Internet Activity and Employees’ Social Media in the US
Monitoring Employees for Workplace Safety
Legal Protections Offered to Employers When Monitoring Employees
Legal Protections Offered to Employees When Being Monitored

US Monitoring Laws and Legislation

What is the American Data Privacy and Protection Act (ADPPA)?

Introduced in July 2022, the American Data Privacy and Protection Act (ADPPA), also referred to as H.R. 8152, is a comprehensive federal law that establishes the framework for data privacy in the United States.

This legislation encompasses various aspects of personal data collection, including storage, sharing, and computer monitoring.

The primary objective of the ADPPA is to limit data collection, specifying that employer-collected employee data may only be processed or transferred for legitimate administrative purposes.

What is the US Constitution Fourth Amendment?

The Fourth Amendment of the United States Constitution protects individual privacy rights and restricts the government from conducting unreasonable searches and seizures.

It establishes the requirement for warrants based on probable cause and specifies that the warrant must precisely detail the items to be searched or seized.

This constitutional provision applies to all branches of government at the federal, state, and local levels.

What is the Electronic Communications Privacy Act (The Wiretap Act)?

The Electronic Communications Privacy Act (ECPA), commonly referred to as the Wiretap Act, prohibits the interception of phone calls without the consent of at least one party involved. This means that employers are generally not allowed to wiretap or eavesdrop on their employees’ phone conversations unless there is a legitimate reason and proper legal authorization.

Furthermore, the ECPA extends beyond phone calls and also applies to employee monitoring in general.

Employers must comply with this law when monitoring various forms of communication, such as emails, mail, and other forms of electronic communication between employees.

However, it’s important to note that there are exceptions to this rule. Law enforcement authorities, for example, may have the authority to wiretap individuals suspected of criminal activity, including employees.

What is the Computer Fraud and Abuse Act (CFAA)?

The Computer Fraud and Abuse Act (CFAA) is a significant law to combat cybercrimes. The act states that it is illegal for anyone, including employers, to access an individual’s device without a valid reason and without permission. 

Employers can face legal consequences under the CFAA if they access an employee’s device without obtaining their permission.

What is the Stored Communications Act (SCA)?

The Stored Communications Act (SCA) is part of the Electronic Communications Privacy Act and is aimed at addressing issues related to computer hackers and corporate espionage.

This act prohibits employers from intentionally intercepting and storing electronic messages of their employees without their consent.

Violating this act can result in litigation.

What is the Biometric Information Privacy Act (BIPA)?

The Biometric Information Privacy Act (BIPA), enacted in 2008 as an Illinois state law, governs the handling of biometric data such as fingerprints, facial recognition, and iris scans.

It imposes requirements on companies to obtain written consent from individuals before collecting their biometric information and mandates the protection of its security and confidentiality.

BIPA establishes significant statutory damages for violations of the law. In cases of negligent violation, individuals can seek damages of up to $1,000, while intentional or reckless violations can result in damages of up to $5,000.

Given that employee monitoring is a sensitive area that deals with individual privacy, it is only natural to assume that there may be a need for employees to be notified of the monitoring activity taking place and for them to give consent in order for their devices or activities to be monitored.

Further, employers will want to be well-informed about the guidelines and necessary permissions they must obtain prior to implementing any monitoring measures.

Should employees be notified of monitoring activities in the US?

Federal legislation in the US does not mandate employers to inform their workers about when they are being monitored. 

However, four US states have mandated employers, through passing legislation, to provide prior notification to their staff regarding the use of monitoring software. These are as follows:

In the remaining US states, employers have the legal right to monitor employees without obtaining their consent. Additionally, privacy laws generally grant employers discretion in determining the extent to which monitoring software can be utilized.

According to US law, activities carried out on employer-provided devices are not considered private, which means that employers may not be required to inform employees about monitoring in these specific instances.

When it comes to the monitoring of employee devices, except in cases where the employee is using a company-owned device, employers are legally obligated to inform employees about the monitoring of personal devices.

Is consent a requirement for monitoring employees in the US?

Generally, employers in the US do not have a legal obligation to seek consent before implementing monitoring measures in an employee’s work environment. 

However, there are still four states that mandate employers to provide notice and obtain consent from employees. These states include Connecticut, New York, Texas, and Delaware. Failure to obtain consent for monitoring in these jurisdictions can be deemed as spying. 

Certain monitoring activities that excessively invade an employee’s privacy necessitate their explicit consent since privacy laws remain in effect. 

Failure to secure this consent will entitle the employee to take legal action for breaching their personal boundaries.

Should employers have policies and codes for monitoring employees in workplaces in the US?

Businesses in the US are required to have policies and a code of conduct in place for monitoring employees.

When it comes to monitoring in the workplace, it is advised that:

  • These policies should be clearly defined and well-documented. 
  • They should explicitly outline the methods and scope of monitoring that will be conducted.
  • A written acknowledgment would be obtained from employees regarding these policies.
  • It should be made clear in the policies that employees have little to no expectation of privacy when using company property. 
  • The policies should state that the gathering of data unrelated to work performance will not occur. 
  • There should be restrictions on the disclosure of employees’ personal data to third parties.

Monitoring Employees’ Devices

In today’s digital age, the line between work and personal life has become increasingly blurred.

With employees often using their personal devices for work-related tasks and their work devices for personal matters, the question arises as to what extent employers can monitor these devices.

Can employers monitor company-owned devices in the US?

Under the laws of the United States, employers are authorized to monitor systems that they own. 

As stated in the Electronic Communications Privacy Act (ECPA), if an employer supplies a computer that belongs to the company, they typically have the right to monitor all actions performed by employees on that device. 

Such monitoring encompasses activities like accessing stored documents/files, downloads, internet usage, and tracking active or idle time. 

Furthermore, company-provided devices used outside of the workplace may also be subject to monitoring.

Can employers monitor company-owned phones in the US?

According to US law, if an employer provides a device to an employee, such as a computer or smartphone, that device is considered the property of the company.

As a result, the employer has the legal authority to monitor various aspects of the device, including internet activity, GPS location tracking, and even viewing the content displayed on the screen.

Can employers monitor employees’ personal devices in the US?

Federal law may seemingly restrict employers from monitoring personal devices such as laptops, tablets, and phones.

However, the law allows for monitoring if there are established policies, such as Bring Your Own Device (BYOD) policies, that support monitoring the use of employee personal devices for work-related purposes.

Can employers monitor employees’ personal computers in the US?

The US Constitution safeguards employees from unauthorized searches of personal belongings, as outlined in the Fourth Amendment.

It should be noted that this protection applies only to the government sector and does not extend to unreasonable searches and seizures in the private sector.

However, an employer can gather information from an employee’s personal computer under certain circumstances, such as with a court order or a clear workplace policy allowing computer monitoring within the company premises.

Monitoring Employees During and Outside of Work Hours

Employers today have the ability to monitor various aspects of their employees’ activities, both during and outside of work hours. This alarmingly raises important questions about privacy, consent, and the limits of employer control.

While such monitoring can serve legitimate purposes such as ensuring productivity and security, it also poses potential risks to how far it may be channeled.

Is monitoring employees during breaks in the US legal?

US employers possess the authority to oversee the utilization of their owned computer equipment.

This includes monitoring computer usage during work hours, as well as before and after hours, including breaks.

One common reason for monitoring is to ensure that employees refrain from engaging in inappropriate internet activities on company-owned computers. It is important to note that employers are legally permitted to monitor computers when there are valid business justifications.

However, in some cases, obtaining employee consent may be necessary to monitor them during breaks.

Can employers monitor employee activity on a company device outside of work hours in the US?

US employers have the authority to monitor a device owned by the company, even outside of business hours, although there are certain limitations.

If an employee utilizes the device for personal communication outside of work hours, the employer cannot conduct monitoring unless it has been explicitly stipulated in the employment agreement between the employee and the employer.

Can employees be compelled to install monitoring software on their personal devices in the US?

In most cases, employers are not allowed to mandate the installation of monitoring software on employees’ personal devices.

However, the employer may enforce the installation of monitoring software if an employee utilizes personal devices for work purposes to ensure adherence to company policies and regulations.

Messages, Emails, and Phone Conversation Monitoring

In our interconnected world, messages, emails, and phone conversations have become integral parts of communication in various contexts, enhancing teamwork and collaboration, reducing conflict, and increasing productivity.

However, with the increasing reliance on digital communication, the need to monitor these channels arises to ensure efficiency, security, and compliance.

Monitoring employee messages, emails, and phone conversations can help organizations prevent unauthorized disclosure of sensitive information, detect potential risks or threats, and maintain appropriate communication standards.

So then to what extent can such monitoring take place?

Can employers monitor the phone conversations of employees in the US?

When it comes to employee usage of company phones, alongside the fourth amendment, the Electronic Communications Privacy Act (ECPA) of 1986 prohibits the intentional interception of wire, oral, or electronic communications. 

However, certain instances permit such interceptions. For example, employers have the right to monitor company systems as long as there is a valid business rationale behind it. Further, service providers are legally permitted to access electronic communications.

Federal law also allows for the recording of phone conversations with the consent of at least one party (one-party consent law).

However, it is essential to note that each state in the US has its own regulations regarding the number of parties required to provide consent for phone conversation recording.

Can employers monitor employee email content in the US?

According to US law, any email sent or received by an employee on a company system, whether business-related or personal, is considered the property of the employer and can be accessed or reviewed by the company whenever necessary.

The majority of employers in the United States have policies in place that grant them the authority to monitor employee emails.

However, consent requirements vary by state.

For instance:

  • In California and Illinois, employers are required to obtain consent from third parties before accessing employees’ emails.
  • In Connecticut and Delaware, employers must inform workers about email monitoring practices.
  • Colorado and Tennessee have laws that mandate companies to establish email monitoring policies.

Can employers monitor employee private messages and email content in the US?

Under certain circumstances, it is legally permissible in the United States to monitor employees’ private messages and email content.

The legality hinges on whether a private email or message was transmitted or received using the employer’s equipment or network.

If the communication occurred on a personal device, employers may be able to monitor it if there is an established policy in place.

However, the law prohibits employers from monitoring password-protected private messages and email accounts without the employee’s consent.

Screen and Video Monitoring of Employees

The widespread of surveillance today has limited privacy expectations, particularly in public places. In the employment space, technology has enabled the video and screen monitoring of employees.

Screen monitoring allows employers to observe employees’ computer screens, track their online activities, and identify potential inefficiencies or unauthorized use of company resources. Video monitoring, on the other hand, enables employers to monitor physical areas, deter theft or misconduct, and promote overall safety.

However, this practice raises important considerations regarding privacy, trust, and ethical boundaries.

Are US employers allowed to use video monitoring systems in the workplace?

If there is a valid business reason for doing so, the use of video monitoring systems in the workplace is allowed in the US under federal laws. However, there are specific areas where this may be prohibited.

States like California, New York, and West Virginia have regulations that restrict the use of video monitoring systems in places such as restrooms, locker rooms, and other areas where individuals have a reasonable expectation of privacy.

Additionally, employers have an obligation to inform employees about the presence of video monitoring systems and obtain their consent in certain cases.

It’s important to note that video recordings should not include audio, according to federal wiretap laws in US states that require consent from all parties involved (Two-Party Consent States).

Can employers monitor employees through a web camera in a device in the US?

It is possible today for employer-provided devices like cell phones or laptops to be used in the US for surveillance purposes, including activating the device’s webcam. 

However, it is crucial to emphasize that monitoring employees through their personal devices in such a manner is against the law.

Can employers monitor employees through a web camera outside of work hours in the US?

Engaging in monitoring activities beyond work hours could be perceived as an infringement on an individual’s personal privacy and space, which may result in potential legal conflicts.

Can employers monitor employee screen contents and keystrokes in the US?

On an employee’s work computer, it is permissible for employers in the US to monitor the screen contents and the number of keystrokes entered per hour.

It is important to keep in mind that employers have the ability to access any activities conducted by an employee on their work computer, particularly when there is a well-defined and documented workplace policy in place.

GPS Monitoring of Employees

Employers now have the ability to utilize GPS tracking devices to oversee the usage of company-owned vehicles or other equipment by employees during their work responsibilities.

Additionally, GPS tracking may be employed by employers to monitor employees stationed in distant or perilous areas or those who have job requirements involving travel.

So, to what extent can this tracking apply?

Is tracking employee locations using GPS allowed in the US?

Regulations regarding GPS usage vary across different states. 

In general, if an employee utilizes a company device, the employer is typically permitted to monitor the employee’s geolocation. 

This means that if an employee takes a company-provided laptop outside of the office, the employer has the authority to track the device’s location.

However, if the vehicle in question is owned by the employee, employers are required to obtain consent from the employee before implementing GPS tracking.

Can employers track a company car using GPS in the US?

Company-owned vehicles give the employer the legal right to monitor their geolocation, even when the employee is off-duty.

There are restrictions on the scope of information that employers can gather through GPS tracking.

It is prohibited to utilize GPS tracking for monitoring an employee’s personal activities or collecting data pertaining to their religion, political opinions, or other legally protected attributes.

Can employers track employee location outside of work hours in the US?

Unauthorized tracking of an employee’s location without prior agreement and written consent between the employer and the employee is not permitted and is considered spy tracking.

Generally, employers are required to acquire the employee’s consent and provide notification before implementing GPS tracking.

Monitoring Internet Activity and Employees’ Social Media in the US

With the ability to share information, opinions, and personal experiences at the click of a button, social media has blurred the lines between personal and professional lives.

In employment, this has prompted many employers to explore the practice of monitoring employees’ social media accounts.

Among the primary motivations for such monitoring are protecting the company’s reputation and brand image, ensuring compliance with policies, and assessing an employee’s suitability for a specific role or promotion.

Can employers monitor employee internet and social media activity in the US?

In the US, employers generally have the right to monitor employees’ internet usage during paid hours to ensure it is work-related, with each state having its own regulations.

This includes monitoring websites visited, time spent online, and implementing restrictions on certain sites.

Regarding the monitoring of social media activities, it is generally legal in the US, with each state having its own regulations.

Some states allow employers to conduct pre-employment background checks and establish policies limiting social media use during working hours.

However, certain states have laws protecting employees from being required to provide their social media account credentials, including user names or passwords, to employers.

Can employers monitor employee internet and social media activity outside of work hours in the US?

Monitoring an employee’s internet activity outside of work hours without their consent is considered unlawful

However, if the employee is using a device provided by the company, the employer may have the right to monitor their internet usage.

Can employers keep collected data on employees’ internet activity in the US?

US employers are allowed to keep the data collected from their employees’ internet activity.

However, using it for personal purposes or sharing it with third parties without the employee’s consent is prohibited.

Monitoring Employees for Workplace Safety

Although it may seem that employee monitoring primarily benefits employers and not the employees, there are various areas where it safeguards the well-being of the employee.

By monitoring employees, employers can identify potential hazards, risky behavior, or violations of safety protocols that may pose a threat to the safety of workers.

Moreover, monitoring can help investigate incidents or near-misses, identify patterns or trends in safety-related incidents, and take proactive measures to prevent similar occurrences in the future.

Can employers monitor employees to prevent harassment and discrimination in the workplace in the US?

After ensuring that monitoring is conducted in a legal and accurate manner, employee monitoring can serve as a tool for employers to mitigate workplace harassment and discrimination.

By monitoring employee communication, employers can proactively identify and address potential issues.

Can employers monitor employees to detect criminal activity in the US?

Employers have the option to utilize monitoring to identify criminal activity, but they must adhere to specific conditions, such as conducting monitoring activities under the supervision of law enforcement agencies.

Further, employers cannot independently engage in monitoring to detect criminal activity without a valid reason or at their own discretion.

Can employers monitor employees to track personal relationships between employees in the US?

Employers may monitor personal relationships among employees during working hours to address conflicts, ensure productivity, understand workplace dynamics, enforce policies, and prevent harassment or discrimination.

The monitoring of personal relationships among employees in the US is authorized during working hours, but employers are not permitted to monitor such relationships outside of work hours.

Legal Protections Offered to Employers When Monitoring Employees

The practice of monitoring employees offers several advantages to employers, allowing them to ensure that their staff adheres to the regulations and policies that they have implemented. However, due to the sensitive nature of such monitoring

What US federal legislations protect employers’ rights with respect to monitoring?

Enacted in 1986, the Electronic Communications Privacy Act (ECPA) at the federal level safeguards the employer’s right to monitor employees and their activities.

This act, specifically Title II known as the Stored Communications Act (SCA), grants employers the authority to review files and data produced by employees while on the job, as long as there are legitimate business justifications supporting such actions.

What legal action can employers take with respect to monitoring?

If certain evidence is collected by an employer through monitoring programs to prove certain allegations against an employee, they may have the right to initiate legal action against the employee.

However, it’s important to note that the employee can make a counterclaim if the employer violated any laws or regulations during the monitoring process.

Legal Protections Offered to Employees When Being Monitored

US regulations allow for various employee monitoring practices to take place in the workplace, including the tracking of location, video surveillance, and social media activities monitoring. But, how exactly do these laws protect the employee’s rights and safeguard their privacy?

What laws in the US protect employee privacy in the workplace?

Under US data protection laws enacted in 1998, employers are obligated to safeguard the “sensitive personal information” of employees. 

Further, both federal and state laws exist to protect employees’ privacy in the workplace including the Video Privacy Protection Act and the California Consumer Privacy Act (CCPA), which provide employees with the right to request information about the collection of their private data. Also, the legislation safeguarding written, oral, and electronic communications is the Electronic Communications Privacy Act (ECPA), enacted in 1986.

It is important for employees to recognize that their privacy rights are constrained within the workplace, as workplace policies may limit certain privacy expectations, particularly in relation to company-owned equipment.

What legal action can employees take with respect to monitoring?

US employees have the option to take legal action against their employer if they have violated monitoring laws, which can occur as a breach of confidentiality if the employer makes an employee’s personal information publicly accessible to third parties constitutes a violation of privacy or as a violation of privacy if the employer performs excessively invasive monitoring practices, such as intercepting personal messages, wiretapping, keylogging, and similar actions, which can infringe upon an individual’s personal boundaries.

What are the consequences of violating employee monitoring laws?

Non-compliance with employee monitoring laws can have severe consequences, including lawsuits, financial penalties, reputational harm, and in certain instances, potential criminal charges.

Important Cautionary Note

When making this guide we have tried to make it accurate but we do not give any guarantee that the information provided is correct or up-to-date. We therefore strongly advise you seek advice from qualified professionals before acting on any information provided in this guide. We do not accept any liability for any damages or risks incurred for use of this guide.