The Fraud Examiner

Employee Monitoring: Legal Restrictions and Best Practices

Ron Cresswell, J.D., CFE               
Research Specialist, ACFE

 As part of their fraud prevention strategies, many organizations monitor their employees’ activities in the workplace. Video surveillance can be used to deter and detect theft by employees. The monitoring of employee emails might reveal internal fraud schemes. Confidential business information can be protected by monitoring how employees use their computers. For each type of employee monitoring, however, there are legal restrictions that vary by jurisdiction. A company’s employee-monitoring program can be legal in one country but violate the laws of another.


Employee Monitoring Laws: A Global Perspective


The U.S. has relatively weak privacy laws. As a result, U.S. companies can engage in almost any kind of monitoring as long as the monitored employees receive prior notice. The notice usually takes the form of a written policy stating that the company may monitor all company equipment and employee communications. If the company requires its employees to read and sign the policy, this generally satisfies the notice requirement.


Privacy laws are more stringent in European countries, where privacy is viewed as a fundamental human right. For example, in Germany and Italy, employees must give voluntary, written consent to any form of employee monitoring, and the consent may be challenged in court on the ground that it was not truly voluntary. In France, employers generally cannot access employee emails that are identified as “private” or “personal.” Most European countries have data protection laws that restrict the collection, disclosure and transfer of personal information. These laws may also give employees the right to access and correct the personal data collected by their employers. In some European countries, works councils or data protection authorities must be notified before an employee-monitoring program is implemented. There are additional restrictions for countries that are members of the European Union (EU). For instance, EU guidance states that employee monitoring must be no more intrusive than is necessary to achieve a legitimate business purpose.


Outside of Europe, the laws are varied. India and most Australian states have no laws specifically restricting workplace monitoring, while China, Japan and Singapore require notice of employee monitoring but generally don’t require consent. In the United Arab Emirates, employee monitoring requires consent from all affected employees.

Sign In

Not a member? Click here to Join Now and access the full page.