Published on the 30/06/2021 | Written by Heather Wright

Significant workforce privacy gap flagged…

The desire to monitor employees is winning out over privacy concerns according to a new report which suggests businesses are paying lip service to protecting employee privacy.

Of the 1,249 global IT and security professionals surveyed by Ponemon Institute, including in Australia and New Zealand, 65 percent said their organisations have increased monitoring of remote workers because of the perceived increase in risk these employees pose to sensitive information.

Much of that monitoring is being done on the sly: Just 46 percent say their organisation is transparent about its tracking practices and only 53 percent say their employees are aware of how their activities and behaviours are being monitored.

“A reckoning is coming.”

Dtex Systems chief customer officer Rajan Koo, in response to the report, suggested companies were viewing workforce privacy as simply ‘a feel good goal’.

“The workforce is a source of incredible intelligence, yet organisations continue to fall into a ‘big brother’ surveillance approach that erodes trust and transparency,” Koo says.

“Draconian tech solutions in the marketplace are only worsening this problem. The findings of this report make it clear – a reckoning is coming.”

Employee monitoring has been on the up with the rise of remote working, but balancing the push to measure employee productivity and engagement without violating privacy is proving tricky.

While being able to view analytics data in collaboration and productivity software isn’t new, increasingly sophisticated analytics have upped the ante. And while there are certainly benefits, including greater understanding of working patterns and trends and the all-important issue of security risk, it comes with increasing anxiety and concern on the part of employees.

Last December, Microsoft watered down the tracking abilities of its Productivity Score tool in Microsoft 365. It had offered up 73 pieces of granular data about worker behaviour – including hours spent in Teams meetings, time spent active on Microsoft applications, and even the number of times certain emails were sent – all associated with employees by name, prompting researchers and privacy advocates to call it a ‘privacy nightmare’ when it first launched with little fanfare in late 2020.

The tech giant copped further flak with the launch of its Viva employee experience platform, but denied it was the next step to complete employee transparency.

Scanning of files was the most popular form of employee monitoring, according to the Ponemon Institute report, with 60 percent reporting they use the technique. Data access and usage followed closely at 59 percent, with online file sharing employed by 54 percent.

More big brother-ish, however are the 46 percent who record screens and the 39 percent logging keystrokes. On the flip side, 45 percent said invasive surveillance such as keystroke logging and screen capture isn’t required to detect insider risks and protect organisational data.

Emails (65 percent), internet activity (60 percent) and social media were most often monitored, with GPS location tracking (47 percent) and ‘idle time’ (40 percent) also featuring highly.

But despite all the tracking, companies are aware of the danger side, with 64 percent admitting it’s difficult to track employee activity and performance without affecting morale or trust in the organisation.

Larry Ponemon, research director and president of the Ponemon Institute says the findings illustrate that organisations need a new approach to workforce privacy – ‘one that embraces the long-standing privacy-by-design approach both in philosophy and in the technology chosen to harvest workforce intelligence’.

“This is supported by the fact that only 38 percent of respondents said their organisations have the right technologies to mitigate risks and promote efficiency without invading personal privacy.

“With the other 62 percent of organisations missing the mark, it’s critical employers shift their mindset about why and how they learn from their workforce.”

The report, State of Workforce Privacy and Risk, says companies can minimise the negative impacts by collecting data anonymously and minimising the amount of data being collected – two things respondents admitted they were not doing. In fact, less than half (47 percent) anonymise data and 65 percent say collecting more data than necessary can overtax endpoints and the network, further negatively impacting employee productivity.

And be warned: Gartner has cautioned that it expects increasing numbers of workers to attempt to trick AI driven tracking systems. In fact, it estimates 10 percent of workers will be doing just that come 2023, whether in the interest of lower workloads, better pay, simple spite or just as a game.