Since remote work has become the norm, digital employee monitoring has been taken to a new level, but the trend raises concerns on employee privacy.
Technology tools can be effective in communicating and assessing staff performance, yet its overuse can lead to micromanagement and erosion of employee trust.
The move to remote and hybrid working has accelerated the use of technology tools, and has, in many cases, changed the way that employers and employees interact. Various work from home policies are meant to ensure responsiveness and mimic in-person communication. Sometimes technology tools are implemented reflexively based on the rationale that automatically equates new technologies with improvement. Employers need to consider a range of factors relating to technology use as it affects nearly every aspect of work, from responsiveness to cybersecurity, productivity to company culture. Thus, the HR function has a critical part to play within the organisation in influencing how employers leverage technology.
Example 1: Camera always on
With the rise of virtual meetings during COVID-19, many organisations require staff to keep their cameras on at these meetings. The intentions are usually good, such as mimicking face-to-face meetings and facilitating communication. Some employers use this rule proscriptively, however, to ensure that staff are actually paying attention and working.
A one-size-fits-all policy causes issues because people interact in numerous ways. Even when staff are in the office together, they don’t always interact face to face. Furthermore, there are significant downsides to spending long periods of time on camera. In 2021, researchers at Stanford University identified negative consequences of prolonged video use, or Zoom fatigue, such as sitting still for too long, excessive eye contact, and increased cognitive load, all of which can induce extreme fatigue and employee burnout.
A better approach is to consider first whether a video meeting is necessary. Can this meeting be an email or a phone call? If it is warranted, does every participant need to be seen? For instance, quick check-ins and brainstorming sessions can be handled differently to small group discussions and debates.
Example 2: Respond to messages within 10 minutes
People are used to instantaneous feedback and it can be frustrating when we can’t walk to a colleague’s desk for an immediate answer. In response to employees working remotely, some employers require a response within a few minutes. This requirement can effectively ensure employees cannot get their work done. There is a wealth of research demonstrating that the human brain is not wired to multitasking. We do not do our best work when constantly interrupted, and the impact of continuous disruptions can be devastating on work that needs skills focus and concentration. American author and researcher Cal Newport calls this "always on" communication style the "hyperactive hive mind" and has written extensively on its negative impact on the modern workforce.
Another noteworthy downside to this rule is that it can breed mistrust. It is based on an assumption that an employee who does not reply right away is not really working, when in fact the opposite might be true. Staff who don’t answer immediately may be engrossed in solving a problem that requires deep thought. Not everything is urgent. A rule that requires an instant response fosters a culture of business rather than productivity. Employees who are in perpetual need of urgent answers are not necessarily working effectively and could be pulling others down, affecting the entire organisation.
A better approach could be to encourage staff to prioritise tasks and use the correct communication tools with colleagues applicable to the situation. This is likely to require purpose-focused training and guidance by senior leaders on what is genuinely urgent, and when getting work done justifies permission to be "off". For instance, a single email with a list of questions and a deadline is a better way of working than, say, sending 10 interrupting pings in one morning, each demanding an immediate response. This requires building trust and giving employees the autonomy to do their best work.
Example 3: Keyboard tracking
A more controversial application of technology is keystroke tracking, where everything that an employee types is logged and recorded. This can be used for legitimate purposes such as IT security, protection of confidential information, and productivity measurement. On the other hand, it can also be used for illicit purposes by criminals such as obtaining passwords and banking details.
Employers should consider implementing this very carefully for at least two reasons – it undermines trust in the workplace and may create liability under Hong Kong’s data privacy laws.
Data privacy risks
The Privacy Commissioner for Personal Data (PCPD) has recently issued Privacy Guidelines: Monitoring and Personal Data Privacy at Work, which covers different methods of surveillance, from emails to security cameras, and recommends that employers approach monitoring with the "3As" in mind: assessment, alternatives, and accountability. Employers should assess the risk that it seeks to mitigate through monitoring, consider whether there are effective alternatives, and be accountable for compliance with data privacy laws if personal data is collected. This means that organisations must observe the six data protection principles, relating to the collection, use, retention, security of their employees’ data, as well as its accessibility and openness.
To manage data compliantly, the PCPD recommends following the "3Cs": clarity, communication, and control. In particular, there must be clarity in the development and implementation of employee monitoring policies, clear communication with employees to inform them on how they will be monitored and why, and control over "the holding, processing and use of monitoring records to safeguard the protection of employees’ personal data contained in them".
Although a breach of the Data Protection Principles does not constitute a criminal offence, the PCPD could serve an enforcement notice on the data user (employer) to remedy any contravention, and failure to comply is a criminal offence. Employers could be fined up to HK$50,000, be imprisoned for up to two years, or be fined HK$1,000 per day in some cases of ongoing offences.
Lack of trust as a business risk
Trust has always been a positive force in the workplace, but it can be a game changer nowadays. In a hybrid working model, trust plays a part in almost every decision managers and employees make. While it is important to manage and avoid legal risks, it is just as important – but harder – to address the lack of trust implicit in each of the examples above. Although each example has legitimate purposes, there is evidence of reflexive micromanagement. For instance, it is easier to demand a response to messages within 10 minutes than to give staff the freedom to be engaged in work that requires their full attention. Rules like this also show that the employer does not trust employees, who know it and respond accordingly. This is crucial because trust is a measurable driver of company performance.
Research by Paul Zak, the founder of the Center for Neuroeconomic Studies, has been measuring the relationship between employee trust and the employer’s economic success for more than a decade. That research indicates that employees in “high trust” workplaces have ·74% less stress, 50% higher productivity, 13% fewer sick days, 76% higher engagement, and 40% less burnout.
Similarly, a research by Gallup found that companies with high levels of employee trust outperform companies with low levels of employee trust by 186%. Thus, there are measurable consequences to rules that dampen trust and engagement.
The HR function has a leading role in driving a culture that enables engaged staff to do their work, increase productivity and company performance without sacrificing wellbeing. Wherever possible, HR professionals should encourage management to consider rules that may appear useful on the surface but have a double edge in terms of legal risks or a decline in staff engagement. This is not easy, but considering the technologies and tools available and making educated decisions about their use, is a good place to begin.
撰文：Jennifer Van Dale，Eversheds Sutherland法律事務所亞洲區人力資源合夥人兼主管
人們習慣即時獲得回應，因此，我們或許會因為無法走到同事桌前取得即時答案而感到困惑和焦慮。一些僱主要求遙距工作的僱員在幾分鐘內作出回應，這無疑會令僱員無法完成工作。有大量研究顯示，人們的大腦並不具備同時處理多項工作的功能。我們不斷被打擾，自然不能將工作做到盡善盡美。對於需要技能專注和集中注意力的工作來說，持續被打擾的影響可能是摧毀性的。美國作家兼研究員 Cal Newport 稱這種「永遠在線」的溝通方式為「過度活躍的蜂巢思維」，並就其對現代職場人士的負面影響撰寫了大量文章
較好的方法是鼓勵僱員辨識工作的輕重緩急，並要隨機應變，採用切合實際環境的正確途徑與同事溝通。但究竟什麽才算緊急要務？什麽時候才算完成工作可以「關機」？這些可能需要管理層提供針對性的培訓和指引。舉例說，以電郵列出各項問題和最後期限，總比在一個早上不斷發出 10 封電郵並要求即時回覆更好。這需要建立信任並賦予員工自主權，好讓他們能夠盡其所能。
雖然，違反《保障資料原則》並不構成刑事罪行，但公署可向資料使用者（僱主）發出執行通知，指令糾正該項違反，違反公署發出的執行通知即屬犯法。若僱主持續違反相關規例，最高可被判罰款港幣50,000元及監禁兩年，或每日罰款港幣 1,000 元。
信任一直是職場的積極動力，但於今時今日，這股動力可以改變遊戲的規則。在混合工作模式中，信任幾乎在管理層和僱員所作的每一決策中發揮著作用。雖然，管理和避免法律風險很重要，但解決上述各項示例中所隱含的信任缺失同樣重要，而且難度更高。儘管每項示例都合規合法，但都反映了微觀管理的存在。舉例說，要求僱員在 10 分鐘內回覆訊息實在易如反掌；但相比之下，給予僱員自由度，好讓他們能夠全神貫注地工作就困難得多。「即時回應」的規例也表明僱主不信任僱員；另一邊廂，僱員深知不獲信任，自然作出相對的反應。這一點至為重要，因為信任可顯著推動公司業績。
Center for Neuroeconomic Studies創始人Paul Zak 耗盡10多年時間，研究僱員信任度與僱主成功業績的關係。結果顯示，在「高度信任」公司工作的僱員，壓力相對少74%，生產力則提高 50%，病假亦減少 13%，投入度亦提升 76%，而倦怠度則降低 40%。Gallup不謀而合地進行了另一項研究，將僱員信任度高的公司與僱員信任度低的公司作出比較，發現前者的表現比後者高186%。因此，實行一些會削弱僱員信任度和投入度的規例，將導致嚴重的後果。