Privacy in the workplace: organizations must find ways to accommodate employees' personal technology use while also meeting regulatory and other requirements.

Author:Sheth, Parthiv


Digital technology has changed workplace behavior--and expectations--for both employees and their employers. The ubiquitous use of smartphones and other devices, company issued and personal, places communications and data management continually at users' fingertips. Internet use alters the traditional dimensions of employees' work flexibility requirements and need for expression, as well as employers' need to monitor employees' online activity.

Employee concerns have been amplified by the ever-evolving technologies and data collection methods that can seem personally intrusive. Any privacy expectations employees may have are being curtailed by privacy policies, privacy pop-up screens during computer log-ins, background checks, and other workplace measures. At the same time, governments worldwide have issued regulatory guidance to address privacy issues, but guidance often falls short when it comes to balancing employers' needs to monitor and employees' expectations of privacy. Both noncompliance with regulations and balancing privacy needs represent major concerns.

Of respondents to PricewaterhouseCoopers's (PwC's) Global State of Information Security Survey 2016, 32 percent of security professionals say their board members review security and privacy risks--up from 25 percent in 2015. Employees remain one of the most-cited sources of compromise, with 34 percent of respondents citing current employees as sources of security incidents and 29 percent saying former employees were sources. Organizations have legitimate reasons for wanting to keep tabs on employee data, but employees also want some measure of protection from prying eyes. Evolving expectations on both sides are changing where employees, and their employers, draw the line. Internal auditors tasked with examining privacy in the organization should know where the risks lie, and what requirements their clients may face.


Historically, employee monitoring has been limited to checking internet and email usage. Today, digital disruption trends powered by mobile devices, social media, analytics, big data, and the Internet of Things have opened up a host of additional channels for employee activity. Plus, increased competition has fueled mergers and acquisitions, as well as use of offshoring models and reliance on third parties, resulting in constantly changing privacy expectations in the workplace. Organizations are also starting to apply data analytics to better match people to jobs and to more efficiently and cost-effectively recruit, manage, and retain talent. Employees have a need to be heard and to contribute, and they use internal messaging boards and social media sites to do that. Most organizations do not even realize how much data is being collected and analyzed--and exposing them to legal and compliance risks.

Employee Expectations With the rise of a constantly mobile and fluid workforce and the consumerization of technology, trust is essential in the digital world. More and more employees expect to use their own devices and applications at work, as well as cloud services they're familiar with, because they believe those mechanisms make them more productive.

As employees use these devices with greater frequency, and as they become increasingly responsible for the data they hold in their cloud accounts, trust becomes a more significant factor. For instance, who's responsible if cloud data gets stolen or a device gets hacked? If disabling software is installed to protect the employer, what is that employer's...

To continue reading