We as Americans tend to have very strong opinions about privacy. A Pew Research Center study showed that 74 percent of respondents ranked the ability to control who can get information about you as being “very important” and 67 percent ranked “not having someone watch you or listen to you without your permission” as very important.
Context does play a big role, though. While more people may balk at online commerce or social media sites collecting personal information, tools that allow parents to monitor the children’s activities, or even tools that allows employers to monitor employees, are more commonly accepted. While large enterprises with thousands of employees may be deploying sophisticated and costly monitoring systems, small businesses can often accomplish what they need with less expensive tools, often originally designed for parenting situations.
On the parental front, savvy parents must know that WhatsApp is now the communications tool of choice among young people and simply looking at your kids’ Facebook page is no longer enough. Parents want to know what their kids are saying on WhatsApp and that’s not quite as straightforward.
Today, many tools used by small businesses are also used by parents -- basic website monitors and website blockers are standard equipment at schools and libraries and increasingly used by private businesses to reign in the incidence of superfluous Web surfing on company time. Despite its origins as a communications tool targeted at the youth market, WhatsApp is just starting to make some inroads as a business tool, and just as quickly as that is happening, tools like XNSPY, a tracking and monitoring app for Android and iOS devices, are appearing on the market with new features to track WhatsApp, giving employers (and parents, too) a way to look into whether WhatsApp and other communications apps are being used appropriately.
What’s up with WhatsApp in the workplace?
It’s a real-time, cross-platform messaging app, often used by young people as a social communications tool, although some small businesses are starting to discover its utility as a tool for doing business as well. Recently bought by Facebook for a record $19 billion in cash, shares and stock, the app is likely to be more popular with new millennial employees who are just entering the workplace. “With the Facebook acquisition propelling WhatsApp into the limelight, corporate security managers are only just now recognizing the need to address WhatsApp in their security policies, and update their monitoring tools accordingly,” said Sean Polinski, Manager of Product Development at XNSPY. “WhatsApp is no more dangerous than any other instant messaging tool, and may even be useful as a business tool, but a monitoring policy has to be in place to ensure legal compliance, and promote a safe workplace.”
Currently there are only a small handful of web apps that monitor WhatsApp, including XNSPY, which lets employees view WhatsApp call logs, read chat threads, and view pictures, as well as check senders’ names and numbers, and view time and date stamps. It can monitor both Android and iPhone smartphones, and works by installing a small piece of software on every smartphone or tablet that needs to be monitored.
Is it legal to snoop?
Often, use of monitoring tools in the workplace isn’t a matter of snooping, or even a perceived need to keep employees off of social media platforms or offensive websites. It’s simply a legal requirement that could keep you out of trouble if, at some point in the future, the government demands to see your electronic records.
Many employers are motivated to monitor employee activity over concern about potential litigation. Lawsuits, compliance with government mandates and the potential for government investigations all require companies to create more of a digital paper trail than ever before, and security experts will always tell you that more is always better. At some point, you may be called upon by a judge to produce documents and if that happens, you had better be able to produce all of them. Saving some -- but not all -- employee emails, for example, would eliminate any possibility of using emails as evidence in a court case.
The lesson -- if you’re going to electronically snoop on your employees, do it across the board, for everyone (including yourself), save your files and document your actions and have a written policy documenting precise procedures for doing so.
The need to retain electronic documents -- including emails, text chat threads and even WhatsApp threads -- became more important with the passage of the Sarbanes-Oxley (SOX) Act of 2002, made into law in response to high profile court trials in which companies participated in fraudulent financial reporting. SOX attempts to put into place a set of practices designed to prevent the alteration of digital documents, including emails and messaging threads.
Most employers do some sort of monitoring -- whether it’s MBWA (Management By Walking Around), or installing software on desktops, notebooks and cell phones -- but XNSPY recommends a written and uniformly applied security policy in order to ensure full compliance with the law. Regulations regarding employee monitoring are surprisingly light, and Sarbanes-Oxley compliance is really more about what to do with and how long to store electronic records such as employee emails and chat threads, rather than asking whether it should be done at all. That it should be allowed is seen as a given from a legal perspective.
According to XNSPY’s best practice guidelines, employers wishing to monitor employees’ online behavior must follow a few basic rules:
- Apply monitoring uniformly. When electronic records are demanded by court action, if you have not retained records strictly according to policy, you may not have the proof that you thought you had when you face the judge. If you monitor one employee, you must monitor them all.
- Approach employee-owned electronics with caution. Although the practice has become more common, employees may still have a reasonable expectation of privacy on their own devices, and installing XNSPY on an employee’s personal device is not advised. However, it is fully within the law to install it on the employer’s equipment. For that reason, some companies are embracing the practice of employer-issued smartphones.
- Create a written policy manual. Lay out expectations and rules in writing, and advise employees that use of electronic equipment may be monitored.
Other questions as to legality arise when using GPS to track employees in employer-owned vehicles. Many of the software tools on the market have multiple features, as does XNSPY, which also includes a GPS tracker. But using GPS may be done for more reasons than simply knowing whether your employees are stopping off at the donut shop one too many times, it can be very useful as a dispatch tool as well as a safety tool in case of accident. But regardless of the reason for deploying the GPS feature, courts have generally held that use of GPS in company-owned equipment is allowed. California, Minnesota, Tennessee and Texas do have separate laws that prevent mobile tracking devices to be used to track other individuals, but even those statutes will not apply to GPS software installed in employee-owned vehicles or employee-owned equipment.
Employers love it, but will employees?
The need and desire for privacy has to be balanced against compliance requirements, the need for workplace safety and the financial considerations of the employer. And while, as the Pew survey revealed, consumers will bristle at commerce sites that collect personal information, employees are more likely to accept monitoring by an employer. According to the survey, only 28 percent ranked “not being monitored at work” as very important to them, with 22 percent saying it was not very important.
Small businesses can benefit from employee monitoring, in the right circumstance – so long as it is transparent, employees understand that it is being done and for what reason and that it is used uniformly across the board. In addition to satisfying the needs and concerns of employees, doing so will also satisfy legal requirements for electronic document retention.