Skip to content

Employee Monitoring and Privacy: What Your Employer Can and Cannot Watch

Employers can monitor a wide range of workplace activity, but state laws and federal statutes impose meaningful limits on cameras, audio recording, biometric collection, and off-duty surveillance.

Last reviewed:

Employer monitoring of employees has expanded dramatically with remote work, productivity tracking software, video conferencing, and biometric tools. Federal law is permissive — most workplace monitoring is allowed with proper notice — but state laws have moved aggressively in the last five years to add notice requirements, restrict biometric collection, and protect off-duty activity.

The legal landscape varies enormously by state. A monitoring practice legal in Texas may be unlawful in California or Illinois.

Federal baseline

  • Electronic Communications Privacy Act (ECPA): Generally permits employer monitoring of company-owned communications systems (email, messaging, work phones), but prohibits intercepting communications without consent or business justification.
  • Stored Communications Act: Limits access to stored electronic communications without consent.
  • Wiretap Act: Prohibits interception of oral, wire, or electronic communications without consent of at least one party. Federal rule is one-party consent.
  • NLRA: Surveillance of union organizing or protected concerted activity is unlawful.

State variations

  • Two-party consent recording states: CA, CT, FL, IL, MA, MD, MT, NH, PA, WA — all parties to a recorded conversation must consent. Employer recording of phone calls without notice may violate state wiretap laws.
  • Biometric Information Privacy Acts: IL (BIPA — strong; private right of action), TX, WA, and others regulate collection of fingerprints, retinal scans, voiceprints, and face geometry. BIPA in particular has triggered substantial class action liability.
  • Off-duty conduct protections: NY, CA, CO, ND, and others prohibit adverse action based on lawful off-duty activities (with exceptions).
  • Social media login laws: Many states prohibit employers from demanding social media credentials.
  • GPS and location tracking: Some states require notice and consent for GPS tracking of employee vehicles.
  • Productivity monitoring notice: NY (effective 2022), Connecticut, Delaware require notice for electronic monitoring of employees.

Common monitoring practices and their limits

Work email and messaging:

  • Generally permitted on company systems with notice.
  • Off-platform messaging (personal email, personal devices) is generally protected from monitoring.
  • "Business justification" can extend reach, but cannot reach personal communications on company systems without proper notice and consent.

Video surveillance:

  • Permitted in most workplace common areas with notice.
  • Bathroom, locker room, and similar areas are generally prohibited.
  • Some states require posted notice; some require specific written notice to employees.

Audio recording:

  • Two-party consent states require consent of all parties.
  • Open-call recording (call center quality monitoring) usually requires customer notice ("This call may be recorded for quality assurance").
  • Recording of internal employee conversations without consent is generally prohibited in two-party consent states.

Keystroke and screen monitoring:

  • Generally permitted on company-owned equipment with notice.
  • Specific state laws (NY, CT) require advance written notice.
  • Aggressive monitoring (every keystroke, screenshot every N minutes) can create privacy claims if it captures personal information not relevant to the work.

Productivity software:

  • Tools like Hubstaff, Time Doctor, Teramind permitted with notice in most jurisdictions.
  • Capturing personal information (banking, health, personal communications) can create privacy claims.
  • Random screenshots have raised concerns under several state laws.

Biometric data:

  • IL BIPA requires written notice, written consent, and a written retention policy before collection of biometric identifiers. Private right of action with statutory damages.
  • Class actions have produced significant settlements against employers using fingerprint time clocks or facial recognition without compliance.

GPS and location:

  • Many states permit on company vehicles with notice.
  • Tracking off-duty location or personal vehicles is generally prohibited.

Step-by-step: how to evaluate

1. Read your employer's monitoring notices and policies

Most employers provide notices through onboarding documents, employee handbooks, or computer login banners. Identify what is disclosed.

2. Identify what monitoring is occurring beyond the disclosed scope

Compare the disclosed monitoring to your observable experience. Surveillance beyond the disclosed scope may violate state notice requirements.

3. Check your state's specific protections

Two-party consent? Biometric notice? Off-duty conduct? GPS notice? Each adds a separate compliance requirement.

4. Document the monitoring practice

Screenshots, communications about monitoring, requirements imposed (fingerprint clock-in, mandatory screen-recording, etc.).

Scripts to use

To request the monitoring notice:

"I'd like to request a copy of any electronic monitoring notice or policy applicable to my role, including: (a) what systems are monitored, (b) what data is collected, (c) how long data is retained, (d) any biometric identifiers collected, and (e) the legal basis under [state law]."

To raise a BIPA concern:

"I'm a resident of Illinois. Before consenting to biometric collection [fingerprint, facial scan, voiceprint], I'd like to confirm: (a) written notice describing the purpose and duration of collection, (b) a written retention schedule, and (c) my written consent. Could you provide the BIPA-compliant documentation?"

To raise a two-party consent recording concern:

"I'm aware that [state] is a two-party consent state for recorded conversations. I'd like to confirm whether internal meetings are being recorded, and if so, that all participants have given consent. If recording is occurring without consent, I'd ask that the practice be reviewed for compliance."

What to document

  • The employer's monitoring policies and notices
  • The specific monitoring practices you have observed or experienced
  • Any biometric data collection (fingerprint, face, voice)
  • Any GPS or location tracking
  • Any keystroke or screen monitoring
  • Any audio recording of conversations
  • The state where you work and the state law that applies

When to escalate

If you suspect unlawful monitoring:

  1. For BIPA violations (Illinois), consult an employment attorney specializing in BIPA. Class actions have produced significant settlements and individual claims are also viable.
  2. File a complaint with your state attorney general for state law violations.
  3. File an NLRB charge for surveillance of protected concerted activity or union organizing.
  4. File a complaint with the FTC for deceptive monitoring practices that depart materially from disclosed policies.
  5. For wiretap violations, consult an attorney about civil claims and possible criminal referral.

Monitoring law is complex and varies dramatically by state. The general trend is toward more notice requirements and more substantive protections — especially for biometric data and off-duty activity. Many monitoring practices that seemed routine five years ago are now actionable.

Educational content only — not legal advice. Employment law varies by jurisdiction and situation. Consult a qualified employment attorney for advice specific to your circumstances.

Get workplace rights guides in your inbox

New plain-language playbooks — delivered when they drop.

Stay updated on new modules

Tell us what you are most interested in and we will let you know when it launches.

I am interested in (select all that apply)