Data loss prevention raises legal concerns
- Harvard Business Review (HBR) reports that companies are tracking employees' activities through data loss prevention (DLP) technology, looking for behavior patterns that violate workplace policies or put trade secrets at risk. They're using network traffic monitoring, keystroke logging, natural language processing and other methods, HBR says, and those action may create legal risks.
- Employees have protections, too, including federal and state laws that govern worker monitoring, gaming, wiretapping and data breaches. HRB says before using DLP to track employees, companies must understand the requirements and the risks.
- HBR says that HR can ask: Are you monitoring employees only or also third parties? The latter could present global legal challenges. What are you monitoring? Many state wiretapping statutes bar electronic data interception without users' consent. Where is monitoring taking place? If software is set up on personal devices used for work, state laws on computer crime and spyware could kick in.
Employers have legitimate reasons for tracking in-house activities; a separate HBR report says that internal cyber threats account for 39% of all breaches. And companies need to ensure that proprietary information isn’t leaked.
But to accomplish this with employee tracking, employers need to know what federal, state and local law require. Some suggest that strong policies and regular employee training may be a less-risky option, especially if employees are using personal devices for work. One of the biggest cybersecurity risks is "bad habits," so such training could go a long way in protecting the company overall.
- Harvard Business Review The Legal Risks of Monitoring Employees Online