Employee surveillance and monitoring when working from home

Employee surveillance and monitoring when working from home

Employee surveillance and monitoring when working from home

The Covid-19 pandemic has accelerated the work-from-home trend. As a result, many employers are increasingly turning to employee monitoring technology to replace the physical employee oversight as was done at the office.

Even with the vaccine rollout, many businesses are still far from going back to the analogue workplace in a way that resembles the old normal, and many have abandoned the concept of going back to a physical workplace altogether. This trend introduces a new threat to employers’ and managers’ sense of control over employee productivity.  

In a previous article we discussed guidelines to managing employees working from home, this blog aims to provide guidance to employers monitoring employees working remotely without infringing on the employees right to privacy and when information may be intercepted.

Monitoring of employees working off-site

Employers have been monitoring employees in the workplace for a long time through, for example, CCTV, biometric clock-in systems, and internet and telephone use. Recent developments have seen employers turn to the latest technology to monitor employees in the home setting, to replace the physical employee oversight applicable at the office. No employer wants to pay someone to watch television or scroll through their social media while lying on the couch during work hours.

The increasing suite of surveillance technology available to employers offers everything from allowing employers to view login times, measure keystrokes, track live locations, monitor and track internet, email and video, to taking screenshots of employees’ desktop throughout the day.

While employers have many legitimate reasons for monitoring employee activity, for example to manage productivity, secure information in modern networked enterprises, enforce company policies, control quality, ensure employees’ safety, and to secure business assets, the decision to monitor employees is not without  legal and ethical complexities.

Regulation of Interception of Communications and Provision of Communication Related Information Act 70 of  2002 (RICA)

In South Africa, the monitoring and interception of communications is governed by RICA. The default position in terms of RICA is that all workplace monitoring and interception is prohibited, unless it falls within one of the exceptions left open in Chapter 2 of RICA which provides, amongst other things, that employee monitoring is permitted–

  • where interception is carried out by a person who is a party to the same communication (section 4);
  • where the employee consents or where their consent can be reasonably implied (section 5); or
  • where the interception occurs in connection with carrying on of business (the business exception) (section 6).

Often the decision that an employer must make is whether to base their approach on prior written consent in terms of section 5, or the business exception in section 6 where written consent is not required, or a combination of both. 

Most employers ensure that they have prior written consent, which may be obtained in employment contracts or company policies. Those agreements may also include reference to the processing of personal information and interception of communication.

For those situations where something falls through the cracks – where the employer has written consent for some, but not all reasons for intercepting and monitoring, or where the employer has not secured consent from all staff members – the employer may have recourse to the business exception in section 6.

This provision serves as a catch-all exception for employee monitoring that occurs in connection with the carrying on of a business. It does not require written consent and is sufficient to justify the monitoring and interception of communication in connection with business operations.

Protection of Personal Information Act 4 of 2013 (POPI Act) and the Constitution of the Republic of South Africa 108 of 1996 (the Constitution)

Once employee communication has been intercepted, employers can expect that the data they obtained will invariably be subject to the protection of both the POPI Act  and section 14 of the Constitution, which must be fully considered when planning to monitor employees in a home setting.

The implementation of the substantive data protection and privacy provisions of the POPI Act during 2020 ensured that data subjects in South Africa now have an array of additional data privacy rights. It brought with it the creation of new civil remedies, empowering data subjects to bring claims against employers for their personal information on a strict liability basis.

From a POPI compliance perspective, employers must be prepared to–

  • implement a monitoring policy for employees, with the aim of informing them of the types of monitoring (for example, covert, ongoing, once-off or occasional);
  • implement the use of appropriately worded consent forms, which the employer would sign whenever consent is required. Specific reasons for the processing must be provided (for example, where employee monitoring will take place as a result of a new work-from-home policy);
  • inform employees of the methods of monitoring and the circumstances under which it will be conducted (typically to investigate allegations for misconduct);
  • implement measures to ensure the confidentiality of the data, and that the data processing complies with the POPI Act;
  • implement employer’s communication and awareness training programmes for existing and new employees and during the induction of new employees.


If the employer’s aim is merely to ensure productivity within the workplace, then it might be enough to simply use software that analyses the amount of time spent on a given website or programme to ensure that staff are working instead of playing.

To the extent that the monitoring technology does not capture any personal data like passwords and banking details, and only tracks the employee during working hours, there should be no infringement on data privacy rights.

Data gathered from employee monitoring programmes could be useful in managing employee underperformance, and identifying and remedying employee misconduct, especially when physical oversight and supervision are not possible. In order to ensure a sound employee relations environment, it is critical to have a clear plan on managing employee concerns about unwarranted infringement of privacy, abuse of personal data and consequence management. With employees working from home, all employees should seriously consider implementing a remote working policy that includes monitoring of employees.

SERR Synergy has professional legal teams in both the Labour and POPI sphere and will therefore be able to assist employers with the efficient drafting of remote working policies which balance the employee’s right to privacy with the employer’s right to monitor performance, and ensures protection of personal interests and information.

About the Author: Roné Scott  joined SERR Synergy in August 2018 and serves as Legal Advisor at our Cape Town Branch. She is an admitted advocate of the High Court of South Africa and an internationally accredited mediator. She completed her BA and LLB degrees at the University of Stellenbosch.

Reference list of sources consulted:

Regulation of Interception of Communications and Provision of Communication Related Information Act 70 of 2002 (RICA Act)

 Protection of Personal Information Act 4 of 2013 (POPI Act)

Section 14 of the Constitution of the Republic of South Africa 108 of 1996.

You May Also Like

How to calculate severance pay due to employees during retrenchments
October 02, 2020
It has been estimated that South Africa has lost approximately 2,2 million jobs in the second quarter of 2020. When the number of discouraged job seekers are included in the current unemployment statistics, the unemployment rate seems higher than 27% and closer to 43%.
Buying or selling a company: what happens to the employees?
July 16, 2020
In the event that a company/business is sold as a ‘going concern’, section 197 of the Labour Relations Act becomes applicable. Section 197 of the Labour Relations Act regulates the transfer of a business and the rights of all employees affected by the transfer.
April 03, 2020
With South Africans only days into the 21-day lockdown, the impact of the COVID-19 virus and the state of disaster declared by President Ramaphosa to combat
Online Resource & News Portal