Surveillance of employee communications has long been a regulatory requirement, and that alone is challenging for firms to master. Now the pandemic has turned employee surveillance into a business imperative as well: managers need greater assurance about what employees are doing while they work remotely.
So how can firms do that well? Nobody likes being subject to surveillance, after all. If you implement enhanced surveillance poorly, that can lead to a revolt among employees, litigation risk, regulatory problems and a soured corporate culture. How do compliance officers and senior executives navigate such a rocky path?
Several business professors researched this question last summer. They analyzed roughly 1,000 businesses that had moved to work-from-home policies because of the pandemic and adopted enhanced surveillance as part of that shift. They published their work in an MIT Sloan Management Review article — and compliance officers would do well to consider their conclusions.
1. Define and explain the business case for more surveillance
The plain truth is that many firms do need more surveillance, either to satisfy regulatory obligations or simply to assure that employees working without direct supervision don’t bring liability to the business.
For example, if everyone is chatting through a variety of online collaboration tools, that means new avenues for misconduct to fester. In the office, someone might see or hear that immediately and report it. In the virtual world, the company might need to surveil communications more closely than it previously had.
The question for compliance officers and senior managers is how much surveillance is really necessary. “Tattleware” that logs keystrokes, snaps webcam photos every few seconds, or searches employees’ web browsing histories — those are much more invasive tools than software to search for “insider trading” in your message archives.
Could surveillance so invasive be truly necessary? Perhaps. But employees will want to see how that surveillance aligns with business objectives. If you don’t provide that, you risk souring corporate culture and inspiring employees to circumvent your surveillance, rather than accept it.
2. Define the limits of surveillance and impose safeguards
This point goes hand-in-glove with the first. Compliance officers need to anticipate how surveillance data might be abused, and then build effective controls to prevent that abuse.
For example, searching web histories or chat messages could reveal personal information about an employee (say, pregnancy or illness) that a manager might use to discriminate against promotions or pay raises. That creates a mess of litigation, compliance and privacy risk. So how could the company prevent such sensitive information from falling into the wrong hands? Do you train managers to ignore it? Do you block them from seeing it? Do you not bother with that level of surveillance at all?
To win employee acceptance of enhanced surveillance, you must consider how not to use surveillance. Then communicate those limits to employees clearly. Put those limits into corporate policy. Build controls to enforce those limits — and test them.
3. Remember what you need most: trust
The more employees trust each other — within a department; across business units; up and down the chain of command — the better their performance will be. The more quickly they can respond to changing business conditions, and the more successful the business will be overall.
Everyone can appreciate that concept. The challenge for compliance officers is how to preserve trust even as the company rolls out enhanced surveillance — which, by definition, implies a certain amount of distrust: “We know you’ll work hard and do the right thing. Now please excuse us as we install new software to verify that.”
You always need to be mindful of employee trust as you develop your surveillance policies, procedures, and technologies. It’s worth noting that the word “trust” comes from the Old Norse traust, which meant “help, confidence, protection, support.”
That’s what employees will want as you roll out enhanced surveillance: confidence that they’ll be protected from the potential abuses and irritations that surveillance can bring. How can you reflect that in your policies, procedures, and executive leadership? How can you demonstrate the limits you’ll impose?
We’ll need to answer those questions, because remote work is not going away any time soon. Neither, then, will the need for more surveillance — or the need to keep employee trust as you roll that surveillance out.
Author: Matt Kelly, Editor and CEO at Radical Compliance
About the Author
Matt is editor and CEO of RadicalCompliance.com, a blog and newsletter that follows corporate governance, risk and compliance issues at large organizations; it includes the Compliance Jobs Report, a weekly update on compliance professionals moving around the industry. He also speaks on compliance, governance, and risk topics frequently.
Kelly was named as ‘Rising Star of Corporate Governance’ by Millstein Center for Corporate Governance in the inaugural class of 2008 and named to Ethisphere’s ‘Most Influential in Business Ethics’ list in 2011 (no. 91) and 2013 (no. 77). In 2018 he won a Reader’s Choice award from JD Supra as one of the Top 10 authors on corporate compliance.
Kelly previously was editor of Compliance Week, a newsletter on corporate compliance, from 2006 through 2015.
Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.
We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…