Like other employers, financial institutions have worked to be flexible during the global COVID-19 pandemic by allowing employees to work remotely. With a growing remote workforce, many are enlisting the help of employee monitoring systems to oversee the devices used by employees conducting business while working from home. An employee monitoring system can assist with performing quality reviews, tracking employee efficiency, and searching for any inappropriate or illegal activity that might expose the financial institution to liability or increased data security risk.

However, federal law generally prohibits intentionally intercepting oral or electronic communications and accessing private stored electronic communications without authorization. Many states similarly prohibit intercepting these communications. So how may financial institutions use employee monitoring systems without violating federal and state laws? Short Answer: By obtaining consent.

Federal and many state laws allow employers to intercept electronic communications when at least one party to the communication has consented to the interception. Therefore, before implementing an employee monitoring system, financial institutions should ensure they have adopted a robust privacy and use of equipment and systems policy that discloses the financial institution’s monitoring practices to employees.

When drafting this policy, financial institutions should:

  • Accurately describe the devices and systems to be monitored. While some employees may be provided company equipment when working remotely, others may use their personal cell phones or computers to conduct financial institution business. The policy should inform employees when they should have no expectation of privacy in their devices.
  • Ensure employees have received the policy disclosures. Case law suggests that implied consent can be difficult for employers to demonstrate. Financial institutions should therefore consider including the policy in an employee handbook or other document signed by the employee, and discussing the policy in employee training sessions, in order to demonstrate that employees knew of and consented to the policy.
  • Consider whether different laws might apply to employees working remotely in other states. Some states have adopted monitoring statutes that impose additional requirements on employers seeking to monitor employees working remotely. For example, South Dakota is a “one-party” consent state that requires, similar to federal law, the consent of only one party to a communication in order to intercept a communication. However, some states are “two-party” consent states and require both parties to a communication to consent in order for the communication to be intercepted. Financial institutions should therefore carefully consider the laws of the states where their employees are working remotely before finalizing their policy.

Davenport Evans can help your financial institution draft policies related to employee monitoring or other needs emerging from the pandemic. Contact us at [email protected] or 605-336-2880, or find a specific lawyer here.

Sign up for eNews

Davenport, Evans, Hurwitz & Smith, LLP, located in Sioux Falls, South Dakota, is one of the State’s largest law firms. The firm’s attorneys provide business and litigation counsel to individuals and corporate clients in a variety of practice areas. For more information about Davenport Evans, visit www.dehs.com.