Protecting employee privacy as more people work from home

Employers should strive to maintain worker privacy with video calls, after-hours work and monitoring software

Protecting employee privacy as more people work from home

With so many people working from home these days, the line between a person’s professional life and personal life has blurred. But that doesn’t mean employers have a right to cross the line, and there are several considerations around privacy they should keep in mind, say experts.

For one, video tools such as Zoom, Microsoft Teams and Skype expose the home space of employees, be it their kitchen, dining room or bedroom. To that end, employers and HR might want to encourage some attempt at privacy.

“A lot of the video conferencing services provide the ability to put up a blank digital background, so I would encourage that as part of policy or practice, so that there isn’t any personal information of employees or others that gets involved in the video conferencing,” says Ryan Berger, a partner at Lawson Lundell in Vancouver.

“Not every employee went into the pandemic with lots of space to set up a grand home office, and many are working at their kitchen table or even a dresser in their one-bedroom apartment. But even there, they should be able to set up their device so that the video conference doesn’t reveal anything other than the shoulders and head of the employee and a wall or something behind them.”

In addition, employers should be wary of automatically recording meetings, he says.

“The employer has to have a reasonable basis to collect that employee information. There may be some cases in which that’s appropriate, but I would typically recommend that not be the prevailing policy and that any recording would be an exception and, of course, the employee should be notified of that recording in advance.”

Monitoring considerations
Even before the surge in remote work, many employers were using monitoring software to gauge employee’s productivity and engagement. And while the temptation may be there to install or ramp up such technology with more people at home, employers should consider whether the monitoring is necessary to meet a specific need or issue, says Anna Abbott, an employment lawyer at Blake Cassels & Graydon in Toronto. 

“If it’s just precautionary — rather than in response to something that the employer is seeing happening in the workplace — it may be harder to justify from a privacy perspective.”

Then, employers need to consider what type of monitoring to put in place and how it’s going to be effective to meet the need or address the issue that’s been identified, she says.

Company policies should also be updated to reflect this new way of conducting day-to-day business, says Justine Lindner, an associate in the labour and employment law group at McCarthy Tétrault in Toronto.

“Employers should look at updating their technology and/or their work-from-home or telecommuting policies and ensuring that, in preparing those policies, that employees have to acknowledge or sign them back,” she says.

“With that explicit acknowledgement, you’re setting clear expectations and guidelines for employees on what the employer may require of them and what the employer expects around the use of technology in particular. Many employers, especially when you raise the issue of monitoring, that’s often a primary concern.”

Sometimes, employers need to be creative in establishing buy-in from employees, according to a tech executive of a company that helps people manage privacy online.

“Sometimes, throwing a carrot in with a stick is an effective best practice we’ve seen HR departments do successfully. I boil it down to a clarity of communication and is there something in it for the employee because, as an employee, if all you’re telling me is, ‘Hey, you’re going to watch my activities because now I’m not working in the office,’ that doesn’t exactly make me feel great about my employer [but] it’s nice if the employer has something that’s a sweetener or something that’s also perceived positively by the employees,” says Rob Shavell, co-founder of online privacy company in Boston.

“What we’ve seen some HR departments do is come to us to say, ‘Hey, can we give our employees this DeleteMe service that removes that information from a lot of places that you can find it online, their personal information?’ At the same time, we roll out a program to make sure we’re tracking and managing the data about [their] newly remote workforce.”

Before installing monitoring tools, employers should also embark upon a confidentiality checklist, says Abbott.

“It’s important for employers to look at what they were already doing when employees were in the workplace and what they’ve identified for employees as the levels of monitoring that they already have in place, and then thinking about what they want to implement; then going through the privacy analysis for whatever it is they think they need. Employers need to be mindful about whether that information is necessary and what they’re going to do with it once they collect it.”

Prominent role for HR
Human resources should have a prominent role in managing privacy, and confidentiality must be assumed, says Lindner.

“HR can take the lead in helping to prepare these policies but also providing people managers the tools to implement those policies and to put in place the processes and procedures that will help them because performance management, for example, is going to look very different in this new environment,” she says.

“We need to communicate more with employees about our expectations about privacy because employees who have privacy concerns, for example, should also know who they can turn to with those concerns. Whether their concerns are privacy related or whether they’re related to accommodation or child-care issues, whether they’re looking for a different kind of working arrangement, like a flex-time arrangement, HR needs to be a part of those conversations.”

And HR should take this opportunity to focus on a privacy and cybersafe culture and developing that, too, says Berger.

“There’s lots of ways they can do that, from educational modules [or] they can be doing sessions about their privacy policy if they’re updating things as a result of new technologies or new modes of work. It’s a good opportunity for them to engage employees about that and the best practices they’d like them to have.”

Storing data
In addition to establishing policies behind monitoring, employers need to be aware of some of the rules around collection and storage of data, says Abbott, as they vary by region.

“In Ontario, there are no specific rules from a privacy perspective in the private sector for provincially regulated employees, so it really is going to come down to common law principles of privacy, and you definitely don’t want to be retaining sensitive private information for any longer than is necessary for whatever purpose you’ve identified,” she says.

“A lot of employers have already considered a lot of these issues in the context of working in the office, so things haven’t really changed in the context of working from home in terms of what you monitor and what you collect. You should be following your basic record-retention policies that most employers already have in place with respect to private information.” 

Latest stories