Is it legal to spy on remote employees?

Virtual communication and Zoom calls have become an integral part of everyday life to keep workforces connected and to allow businesses working. But, without being able to see and hear what staff are up to in the office, some employers have become suspicious that remote staff aren’t actually working when at home. This is supported by an alleged increase in the number of employers buying spy software and an increase in the demand for companies providing these services.

Apparently, employer have invested in a variety of monitoring tools such as keystroke monitoring, technology that intercepts Zoom conference calls and workplace communications on platforms such as Slack.

Under the Telecommunications Regulations 2000, employers are able to monitor staff members without gaining consent first, but only for one of the following purposes:

• If an employer believes that the employee is doing something they shouldn’t
• If an employer believes that the employee may be involved in criminal activity
• If an employer is acting in the interest of national security
• To maintain the standards of communications systems (e.g. detecting viruses)
• For quality control, business continuity or regulatory compliance purposes

If the employer must monitor business transactions they should always take ‘reasonable steps’ to let staff know that their virtual communications might be observed and must also take note of the Data Protection Act (DPA) as intercepting emails would be considered a form of data processing and therefore be regulated by this act. Employers must also consider whether looking through emails would be an unnecessary invasion of privacy.

Employers should:

• Spot check communications rather than monitoring them continuously
• Only monitor high-risk areas whenever possible
• Monitor traffic data instead of email content
• Automate monitoring wherever possible to avoid content becoming available to third parties.