As surveillance technology becomes cheaper, more powerful, and more widely used, many companies want to monitor productivity through surveillance to protect confidential information and ensure compliance with company policies.

However, employers face many legal risks and obligations as job-related electronics increasingly spill into workers’ homes and personal lives.

Whether an employer is tracking keystrokes, using GPS, monitoring email, or installing cameras, it is essential to understand what is legal, what is not—and what is just unwise.

The Legal Landscape: Privacy, Consent, and Compliance

Most states allow some form of workplace monitoring, especially on employer-owned devices and networks. However, employers cannot assume they can monitor without limits.

Federal and state laws – including the Electronic Communications Privacy Act and various state wiretapping and privacy laws – restrict how and when employers can record or intercept employee communications. Several states, including Maryland, require two-party consent before recording conversations.

Employers also must avoid infringing on areas where employees have a reasonable expectation of privacy—such as restrooms, locker rooms, or, in many cases, their homes. These limitations become risky with remote workers, where screen monitoring or webcam use can easily capture personal or non-work-related activity.

The National Labor Relations Act adds another layer. Surveillance of employees discussing wages, hours, or working conditions—even if unintentional—can violate employees’ rights to engage in protected concerted activity. That risk is especially acute if employers monitor messaging platforms or social media without clearly defined, neutral purposes.

Liability Risks in the Remote Work Era

The proliferation of remote and hybrid work has blurred the line between personal and professional spaces—and with it, the legal exposure tied to surveillance.

Employers that monitor work outside of regular hours could inadvertently create wage and hour liability if non-exempt employees are “working” off the clock. Surveillance logs, if not carefully managed, may support claims for unpaid wages.

There is also a growing risk under data privacy and biometric laws. Some states require explicit written consent before collecting biometric information (like facial recognition or keystroke dynamics), with steep penalties for noncompliance.

Any data collected, especially if it includes personal communications or home-based recordings, must be stored securely and deleted when no longer needed. Data breaches can expose employers to regulatory investigations, class actions, and reputational damage.

Best Practices

To reduce legal risk and preserve employee trust, employers should:

• Provide clear notice of any monitoring.
• Obtain consent where required.
• Limit surveillance to work-related activities and avoid continuous or covert monitoring.
• Apply policies consistently to minimize claims of discrimination or retaliation.
• Ensure collected data is secure, necessary, and temporary.

Employee monitoring can be a valuable business tool, but it is not without consequences. Employers who use it wisely—with a clear understanding of the legal landscape—will be best positioned to protect their business while respecting their employees.

For help reviewing your company’s surveillance policies or ensuring compliance with privacy laws, contact Michael Neary at mjneary@lerchearly.com.