By Matthew Field
When Rebecca Saunders was called to one side by her manager to check if she was planning to resign, she knew something was up.
The PR professional had sent an email hours earlier, to a colleague joking she was looking for a new job after a difficult day.
“It then happened to another colleague,” she says. “We began to piece things together. They must have been monitoring emails.”
Workplace monitoring is nothing new. For banks and financial services firms, regulatory compliance requires recording and monitoring of calls, while professional services need minute-by-minute time keeping.
For years, companies have screened emails to ensure their IT systems are not being used for fraud. Nearly all companies are able to remotely control desktops to see what users have been browsing.
But technology allowing employers to snoop on their staff is growing more powerful and more prevalent, prompting privacy concerns among unions and worker groups.
Fast-moving start-ups, like British-founded Behavox, are deploying sophisticated artificial intelligence and machine learning software that enables blue-chip companies to use it to spot suspicious activities, rooting out bad apples before trouble ever occurs. But such technology runs the risk of creating a “Big Brother” culture if it is misused.
Is your employer reading your emails?
According to the TUC, 72pc of people believe at least one type of monitoring is happening at their job. The union warned excessive surveillance could interfere with the “basic right to privacy and dignity”.
The market is expected to grow to $3.3bn (£2.7bn) over the next four years. Of 239 large businesses that Gartner looked at, more than half were using more advanced surveillance techniques, up from 30pc in 2015.
Many companies, argue that such surveillance technology can be essential. It can prevent fraud or detect intruders and the data that has been gathered can be used to help increase productivity and organise the workforce.
“The key element in this recipe is trust,” says Angela Evans of Microsoft’s UK arm. “Workplace analytics can help point businesses in the right direction, but it can never tell the full story.”
Microsoft develops tools like Workplace Analytics to show workers how they are spending their time, and give employers a big picture view of what is being done in the workplace.
The company says it keeps individual personal details private. Evans says the technology is best used to identify patterns, such as quiet periods or overworked departments.
According to Matthew Moynahan, chief executive of Texas cyber security firm Forcepoint, workplace monitoring is also key to stopping insider threats.
“If something bad does happen from an insider, you need to use that information to protect employees,” he says. “Deep collection on individuals will become more common. But it has to respect the privacy of an individual.”
The field has provided fertile ground for start-ups working on background checks and helping corporations keep tabs on staff.
One such start-up is Fama, a Californian company with 120 clients including Fortune 500 firms. In 2018, it said it helped scan 20 million pieces of publicly available content, finding 14pc of people had flags for sexism or misogyny in their online presence and 10pc had flags for racism.
“Hiring a misogynistic manager could set you back months, or even years,” its marketing material reads.
The service scans workplace message boards, public forums, social media and emails for harmful language. Other US firms are increasingly using biometric data, such as facial recognition or fingerprint scanning, to log “clock in and clock off” times.
Meanwhile, Behavox a UK start-up that has since relocated to New York, has created an advanced artificial intelligence system for monitoring compliance. Drawing from a huge pool of calls, email and message data collected by financial services companies, its technology lets compliance and security staff find unusual patterns in behaviour.
“We can ask the system who has been asking for a favour today? Who is demotivated today? Who is shouting on the phone? Our system is like Google on steroids,” says Erkin Adylov, Behavox chief executive.
The start-up has worked with clients such as mining giant Anglo American and Jefferies. It has also begun to deploy its technology to improve productivity, informing sales staff of when an opportunity has come up, or for managers giving feedback.
All this can be big business. Behavox has already raised $20m from investors including Index Ventures and Hoxton Ventures, and is now said to be seeking $100m.
Other start-ups see surveillance technology as important to improving safety. Unifi.id, a London start-up that has worked with the likes of Canary Wharf Group, develops ID cards that include chips that can tell security who is in the building and where. According to Paul Sheedy, the chief executive, such technology could be vital during building evacuations, giving emergency services immediate data on who is in the building.
“During 9/11, hundreds of firefighters died searching for people who were not there,” he says. “With our AI and machine learning you can assess at that moment just how long it will take it to evacuate.”
The start-up is also using its technology, which includes sensors and monitors, to improve other security systems.
It could, for example, be used to alert security if an unusual individual has entered the building or a secure area.
But such technology inevitably comes with ethical challenges. Arguably the last word in surveillance technology is US firm Palantir, launched by PayPal founder Peter Thiel. Believed to be valued at around $20bn, it has also made moves to use its technology for corporate surveillance.
According to Bloomberg, Palantir was deployed at investment bank JPMorgan. Its Metropolis technology enabled scanning and snooping on huge volumes of employee data.
In 2013, one executive in charge of the technology was found to have been passing data to a former executive about a leak investigation and reading confidential emails.
Excessive monitoring by employers could also fall foul of new European data rules under the General Data Protection Regulation. The rules, introduced last year, require employers to make sure their staff know how data is being used, and that it is deleted if it is no longer needed.
The UK is generally harsher on what employers can and can’t do with their staff’s personal data, says Shaun Hogan, a lawyer at the firm Stevens & Bolton. “In the UK, employers must remember that respecting privacy can be as important as protecting personal information.”
Gig economy workers are also viewed as acutely at risk if employee monitoring goes too far. In 2018, UK food delivery firm Deliveroo was forced to pay a settlement to riders who said they were punished over their performance after being closely monitored on GPS when making deliveries.
And Uber, the ride hailing company, notoriously created the “Hell” tracking software used against its own drivers. The software secretly monitored drivers until 2016 who worked for both the Uber and Lyft apps to see when they were switching between the two.
It is vital employees know just what information their employer is gathering on them, according to Ray Walsh, a digital privacy expert.
“If any of this is unclear to an employee they should approach their employer to find out what monitoring is happening and why,” he says. According to Forcepoint’s Moynahan, ensuring effective workplace monitoring is about striking the right balance.
“If a company abuses their data collection, that is a breach of their social contract,” he says.