As employee surveillance becomes more common, IT managers increasingly find themselves tasked with establishing and enforcing monitoring policies at their organizations, whether it makes them uneasy or not.
Despite their potential discomfort, IT managers may have a responsibility to help determine how tech surveillance policies are developed, communicated, and operationalized, ethics and surveillance experts told IT Brew.
For starters, the manager of an organization’s IT department should be involved before any monitoring policies are settled on, let alone enforced, said Nancy Flynn, founder and executive director of the ePolicy Institute.
“Putting together these policies is a huge job, and it’s really tough for one person to have to accomplish this,” Flynn told IT Brew. Ideally, she said, a policy team should be formed with representatives from senior management, human resources, and legal or compliance, along with the IT director or CIO.
Companies should also seriously consider whether monitoring is needed in the first place, said Reid Blackman, the founder and CEO of digital ethical-risk consultancy Virtue. If the answer is yes, he advised, organizations need to conduct a feasibility analysis that goes beyond examining technical requirements to consider ethical questions.
“You actually have to have a problem to solve, right?” Blackman told IT Brew. “There is pressure to use various kinds of tools because maybe you’ll find a problem. But I’m not sure that’s a particularly good reason to do it.”
“What’s the cost of those ethical violations in terms of, say, reputation?” Blackman added, noting that reputational costs can extend beyond consumers and clients to an organization’s “brand as an employer.”
Ensure policies are fair and well-communicated. But, even then…According to Flynn, monitoring policies should be clear, well-communicated, and enforced in line with strict procedure.
“When an organization supports their policy with employee training, and management explains to the employees why [they] are monitoring, employees tend to be more compliant with policy, and they tend to relax more about monitoring,” Flynn said.
Chase Thiel, the Bill Daniels Chair of Business Ethics at the University of Wyoming College of Business, has worked on research that shows that monitoring can backfire when employees believe they aren’t being treated fairly. He and his coauthors found that contrary to what managers might expect, monitored employees can be substantially more likely to cheat, disregard instructions, work at a purposefully slow place, or violate other rules.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Thiel told IT Brew that this effect isn’t necessarily because employees are resentful but because poorly constructed monitoring policies can undermine their “sense of agency, which then has this effect of causing them to displace their moral responsibility for their choices.” The effect is particularly pronounced when employees are “treated poorly, and monitoring was done frequently,” he said.
If an organization must implement monitoring policies, it should only do so after coming up with conscientious plans for how data will be collected and who will have access to it, as well as consultation with affected workers, Thiel advised. Another approach is to rethink what the purpose of monitoring is in the first place—for example, collecting productivity data with the intent of providing insights to employees rather than surveillance by managers.
“Like hey, did you know that you were most efficient at these times, these are kind of your peak productivity times?” Thiel said.
A February survey from 1E found that 73% of IT managers are uncomfortable telling their staff to deploy employee productivity surveillance tech, with nearly one-half of them reporting that their firms don’t notify workers they’re being monitored or how. The majority (87%) of IT managers said their companies have had negative consequences from productivity monitoring.
Don’t go fishing. Since IT departments have overall responsibility for installing and maintaining monitoring software, organizations need to be wary of the risk of blurring operational lines with other departments like HR, according to Blackman, who warned that IT personnel’s role in monitoring should be limited to facilitative functions rather than serving as watchdogs.
“People in IT don’t specialize in qualitative assessments, let alone ethical assessments,” Blackman told IT Brew. “They specialize in technical assessments, quantitative assessments.”
Flynn said that while IT departments are often in charge of monitoring, they can avoid wading into HR territory by automating violations reporting as much as is feasible, and having clear procedures on who, outside of IT, should receive those reports. They also need clear guidelines on what activities merit reporting.
“What I would really caution employers is [that] you only want to look for policy violations, for exposure of confidential or sensitive information, or for violations of the privacy of patients or customers or consumers,” Flynn told IT Brew. “If you come across, you know, photos of an employee drinking martinis…that’s really none of the company’s business.”