Beware of leaving 'footprints' | cpjobs.com
Home > Career Advice > Featured Story > Beware of leaving 'footprints'

Beware of leaving 'footprints'

Published on Friday, 04 Jun 2010
Illustration: Bay Leung
Video monitoring of employees is a thorny issue for those workers who don’t like being under surveillance, but companies know they must abide by privacy and data laws.
Photo: David Wong

Technology makes it possible for companies to keep an eye on many aspects of their employees' telephone and internet use by tracking their "digital footprints". Such monitoring, usually prompted by concerns over staff productivity, legal liability and the protection of organisational interests, is regulated by the Personal Data (Privacy) Ordinance and relevant guidelines.

Companies monitor employees to ensure they are doing a good job. But staff don't want their every move or trip to the water cooler recorded, which is the fundamental conflict of workplace monitoring.

For example, if employers intend to monitor staff and discipline them for spending too much time online, the best practice is for companies to state what their expectations are and have an "acceptable use" policy to set boundaries, says Jennifer Van Dale, a partner at Baker & McKenzie, whose practice focuses on general employment advice and data privacy.

She notes that some companies allow employees to use the internet for personal reasons before office hours or during lunch, but reserve the right to discipline staff for excessive non-work-related access.

The law generally says that if staff use the company's office equipment, the employer has the right to view how those resources are used to prevent any abuse, Van Dale explains, adding that it is a qualified right. "Employers need to comply with the Personal Data (Privacy) Ordinance and failure to comply with the monitoring guidelines could be held against them if a complaint is filed," she says.

Many companies monitor Web use at work and traffic volume, but if they don't record such activity, it does not amount to personal data collection. Therefore, unless company policy specifically states otherwise, employees should expect their bosses to scrutinise most of their workplace communications.

Steve Vickers, president and chief executive of International Risk, warns employees using company equipment not to have any expectation of privacy because they are not personal possessions. "As a general rule of thumb, don't make personal calls on your office phone or mobile device, and don't send personal e-mails from your company's computer or laptop." 

Vickers adds that many people forget they will leave trails of "digital footprints", and it is almost impossible to protect personal privacy and data in the information age as monitoring is pervasive.

Employers are just as vulnerable because when staff defect to competitors, they often take sensitive information. Serious data breaches can be devastating to a firm's reputation.

Bruce Lau, a director of ElitePro, a media and political consultancy, believes if staff are self-motivated and disciplined, there is no need for monitoring. He says the issue of staff privacy concerns more than just legal, human resources and IT aspects. "It all comes down to trust," he says. "If we have to breathe down the necks of our employees and check everything they do, that means we have hired the wrong people."


Tread carefully  

  • Have a policy for employee-conduct for online communications and social media
  • Communicate company policy on privacy and data protection (including company data protection)
  • Inform staff if there is workplace monitoring and the reasons for it
  • Allow staff reasonable time for personal Web use and other communications
  • Let staff know that a company mobile phone is not a perk but a responsibility
  • Set up proper channels to recognise and deal with staff grievances

Become our fans