New work patterns are developing as management and staff do their best to keep businesses afloat through these challenging times. The government has asked those who can work from home to do so. With up to 50% of UK workers expected to be logging on from home for some time, new regulatory and personal circumstances are overlapping in a way they never have before.
Employers are naturally worried about maintaining productivity and organisational cohesion. How should they draw the line between management and surveillance to keep the trust of their employees without losing control of their business?
With so many staff working remotely, it’s tempting to use technology to address the problem. But excessive electronic monitoring risks alienating staff and breaking the law.
Staff working at home have a greater expectation of privacy. And the UK regulator, the Information Commissioner’s Office, has a wide range of powers to enforce those rights including substantial fines and enforcement action.
Securys has compiled a helpful five-step guide – focussing on genuine relationship-building and avoiding invasive, possibly illegal, surveillance.
1/ The truth about consent
If we’re perfectly honest, staff do not feel able to deny consent – they are in a subordinate position to the boss who wants to install monitoring software, or to ask questions about their health status. Seeking consent as a box ticking exercise does not automatically mean it’s okay to proceed with new, invasive questions or tech; in fact, across the EU, including the UK, it’s generally assumed by regulators that consent should not be used as a basis for processing employee data.
2/ Bring people together
Working from home doesn’t mean working whatever hours the employee chooses, unless the employer has specifically allowed this. Some of the greatest risks to mental health at the moment come from overwork and loneliness, so setting fixed start and end times to the work day, and asking staff to join regular video get-togethers with a strongly social flavour will maintain your organisational cohesion and help staff with their work/life balance. Just be sensitive to people who’d prefer not to always use video, and respect flexible working arrangements that have been agreed.
3/ Wellbeing and counselling – the right way
Employers might like to make counselling available, via text-chat, phone or video conferencing. Make sure these well-meaning initiatives don’t get misused. Asking about someone’s mood or health, or that of people in their home, is gathering health information which carries additional constraints in law and asks for greater trust. It can be acceptable as part of an occupational health function, but you must be clear that what you’re doing is proportionate and appropriate, the data shouldn’t be used for other purposes, must be stored and processed securely and should ultimately be overseen by a medical professional.
4/ Choose your tools with care
Don’t use basic corporate survey tools like Forms or SurveyMonkey to collect health and wellness information – they’re not secure enough. Don’t use WhatsApp or other consumer messaging tools to exchange this kind of information with, or about, employees either, for the same reason. There are purpose-built engagement and wellness platforms out there that will let you handle this sensitive data appropriately.
Be careful also of some remote working platforms, including Microsoft. Its detailed recording of staff activity risks contravening data protection laws in a way that also borders on the creepy. If staff are working on their own devices, be careful that your remote security and support toolsets manage the division between business and private activity. The regulator, not to mention your staff, will be unhappy if you cross that boundary.
5/ Don’t forget how to manage people
Above all, just because you can monitor a person’s every keystroke, record their screen or check up on their activity in private time, doesn’t mean it’s the right thing to do.
Surveillance risks breaking the fragile bond of trust between employer and employee, as well as possibly being illegal.
Strong relationships breed commercial success, and management is about human connection. Managers should make time for social chats and formal one-to-ones with their reports. Don’t try to replace that essential organisational emotional intelligence with cold software metrics.
Studies so far show that generally speaking productivity is not only about the same as when staff were in the office, but in many cases it’s higher, so there’s no need to overreact.
Securys (www.securys.co.uk) is a specialist data privacy consultancy with a difference. We’re not a law firm, but we employ lawyers. We’re not a cybersecurity business, but we’ve got CISSPs and CISAs on the staff. We’re not selling a one-size-fits-all tech product, but we’ve built proprietary tools and techniques that work with the class-leading GRC products to simplify and streamline the hardest tasks in assuring privacy. We’re corporate members of the IAPP, and all our staff are required to obtain one or more IAPP certifications. We’re ISO 27001-certified (and working towards ISO27701) and have a comprehensive set of policies and frameworks to help our clients achieve and maintain certification. Above all our relentless focus is on practical operational delivery of effective data privacy for all your stakeholders.
Our long and varied collective experience means we go wider and deeper than most. We understand that all businesses – particularly the financial, healthcare and resource extraction sectors – exist in a multi-dimensional regulatory environment. Each regulator has different priorities; sometimes these bring about real tensions between compliance workstreams. Our job is to understand the regulatory continuum and help our clients meet all of their compliance requirements efficiently and affordably. Practically, we’d say.