Keystroke logging violates privacy

Software intrusive and rarely justified, says Alberta’s Information and Privacy Commissioner

Installing software that logs every keystroke an employee makes on a computer is an obtrusive surveillance method that will rarely be justified, Alberta’s Information and Privacy Commissioner has ruled.

The commissioner said the Parkland Regional Library in Lacombe, Alta., violated the privacy of an information technology worker by installing the software on his computer without his knowledge. The employee started working for the library on Jan. 5, 2004. Despite some concerns about his performance, he passed the probationary period.

On May 20, 2004, the library’s director ordered the keystroke logging program to be installed because of concerns about his productivity and the use of his working time. The worker discovered it on June 17, 2004. He immediately disabled it and later removed it.

The commissioner dealt with a number of issues in this case:

Did the library collect “personal information” from the worker as defined in the act? The commissioner said information a worker types into a computer in the course of performing his work may or may not be personal information.

“The content of a transcription of a tape recording may not be the personal information of the transcriber, but if the transcription reveals errors, or the speed of performance of the task, it may have a personal aspect,” the privacy commissioner said. “If most or even all of the information that was collected was (the complainant’s) work-related activity, all of it had a personal component in this case, because it was to be used to determine how much work he did, or his style or manner of doing it or his own choices as to how to prioritize it.”

Therefore, the library was collecting personal information as defined in the act, the commissioner said.

Did the library have the authority to collect the information? The library relied on s. 33(c) of Alberta’s Freedom of Information and Protection of Privacy Act as justification for installing the software. That section permits collection of information that relates directly to and is necessary for an operating program or activity of a public body. The library said it was using it to ensure its computers weren’t being misused.

But the commissioner said the library didn’t have much cause to suspect the employee was behaving inappropriately. The library pointed to only a single incident in which the employee’s supervisor saw the complainant’s personal website up on his screen at a time the supervisor thought was working time.

“It was only one event. I do not accept that this evidence establishes a concern about the (complainant’s) use of his work computer for personal use that was sufficiently serious to warrant collecting all future keystroke entries,” the commissioner said.

Library’s motives questionable

The commissioner was also skeptical of the library’s motives in installing the software. The director said she ordered the installation of the software because she didn’t think he had “heard” or “bought into” concerns she expressed to him at his probationary interview.

But in other parts of her testimony, the director provided a different reason. She said productivity for IT workers was difficult to measure and there were a large number of outstanding call tickets. But the director did not say she had a reason to be concerned that it was the employee’s lack of productivity that had contributed to the backlog. She didn’t know whether he had been working on difficult, time-consuming problems or just goofing around.

“On the one hand, she tied her decision to her concern about his ‘maverick’ working style; on the other she tied it, more loosely, to her inability to know whether he was or was not being productive on routine troubleshooting tasks,” the commissioner said.

The complainant said the library could have figured out how productive he was by looking at the call tickets (requests for technical help) and figuring out how many he had dealt with in a given time. He also said his supervisor sat just a few feet away from him and could see his computer screen. Nobody from the library contradicted this.

The evidence also showed the software was only installed on this worker’s computer, and not on workers who were responsible for similar tasks.

The commissioner said the information the keystroke software collected was not relevant to managing the employee, and therefore the library did not have the authority to collect it.

It would have been relatively easy, in the commissioner’s view, for the library to implement a computer-based method for gauging productivity of IT workers relative to troubleshooting tasks.

“Even just asking (the worker) for an account of his productivity, or how he was using his time, would have been a good first step and far less intrusive,” the commissioner said. “If a more systemic approach was desirable, performance measures and performance reviews based on such measures are widely accepted management tools that could have been applied in this case.”

The commissioner said there may be some circumstances where keystroke logging software was necessary for effective employee management.

“However, because such programs involve a continuous monitoring of an employee’s working life, they are highly intrusive into the privacy of employees,” the commissioner said. “Where such programs are employed surreptitiously, the encroachment of an employee’s personal privacy is even greater.”

When it might be appropriate

The commissioner said information collected by keystroke logging is appropriate only when there is no less intrusive way of collecting sufficient information to address a particular situation.

And, in many cases, the employer should tell the employee the software is being installed. Secretly installing it would only be appropriate if advance warning would mean the information needed would not be collected.

“If keying in text were the primary task for a job and speed and accuracy were agreed performance measures, the use of keystroke logging software might be justified,” the commissioner said.

“However, there would be no reason not to inform the employee that such a measure would be taken, either consistently or periodically.”

Use of such software could also be acceptable if an employer had reason to believe an employee was using office equipment to surf the net on office time.

“However, this would only be after the employer had developed and conveyed to the employees a written accepted-use policy relative to their computers,” the commissioner said.

An employer might also be justified if it had reason to believe fraud was being committed using work resources or for law enforcement purposes.

Worker terminated

The library terminated his employment on June 21. The worker suggested the termination was a reprisal for his complaint to the privacy commissioner. But the commissioner said that was beyond its jurisdiction, and would have to be brought before the Provincial Court of Alberta under s. 91 of the act.

But the commissioner pointed out the worker was terminated before the complaint was brought to the privacy commissioner — thus it’s difficult to argue the library took action against him as a result of the complaint.

For more information see:

Order F2005-003 of Alberta’s Information and Privacy Commissioner.

Software captured banking information

The commissioner was critical of the library for capturing the worker’s banking information. He had been given permission to do personal Internet banking on his computer outside of work hours and this information was being collected by the software.

“There was clearly no justification whatever for collecting this personal information,” the commissioner said. “The failure to resolve this issue before instituting the collection indicates that the action was not well thought out.”

Todd Humber is the editor of Canadian Employment Law Today, a sister publication to Canadian HR Reporter. For more information visit

Latest stories