7 May 2011 - source: The Guardian
From private detectives to phone, email and internet monitoring, today's workforce is under constant surveillance.
Andrew Cross doesn't wear a trench coat and a fedora. He hasn't got a cigarette hanging out of his mouth and he's not hiding behind a brick wall with a pair of binoculars. He doesn't resemble Humphrey Bogart's Philip Marlowe or Jack Nicholson's JJ "Jake" Gittes - the iconic Hollywood private eyes - in the slightest. In his short-waisted grey jacket and black denim trousers, Cross, a private investigator with the London and home counties-based detective agency Answers Investigation, is suitably inconspicuous.
Another misconception about PIs is that they earn their crust tailing straying spouses, occasionally shinning down the next-door neighbour's drain pipe to snap the extramarital frolics through the window. In fact, the majority of Answers Investigations' business comes from corporate clients who suspect employees of malingering, theft or fraud. "They get tipped off about someone on sick leave, who may have a part-time job or be seen playing football," says Cross. "We carry out surveillance and provide evidence."
From "mystery shoppers" to swipe cards, from CCTV to phone, email and internet monitoring, today's workforce is under constant surveillance. Although often justified on the grounds of health and safety, customer relations or regulatory obligations, the real purpose is for personnel and performance monitoring.
Andrew Crudge, an employment solicitor at law firm Thomas Eggar, says surveillance at work can "raise the possibility of breaches to an individual's right to privacy, enshrined in Article 8 of the European Convention of Human Rights and, effectively, incorporated into UK employment law, and of the provisions of the Data Protection Act 1998 on processing personal data".
Nevertheless, we can't reasonably expect total privacy at work so it's worth knowing how we're snooped on - openly and, especially, covertly.
To grant workers some privacy, law-abiding employers comply with a code of practice issued by the Information Commissioner (which enforces data protection laws), permitting them to monitor solely for valid business reasons, and only after they have informed employees of their monitoring policy. "It must also be reasonable and proportionate to the business need," adds Crudge. This rules out things such as cameras in staff changing rooms.
Although the code discourages them from doing so, bosses may snoop without our consent when checking for violation of company policies, quality control or evidence of business transactions. To get private investigators on board to check up on us secretly, they must have grounds to suspect criminal activity or serious misconduct, such as abuse of sick leave. But "the more intrusive the investigation, the more likely it is to be a breach of the employee's right to privacy", says Crudge.
Absenteeism is a big headache for British bosses. According to the 2010 Absence and Workplace Health Survey - commissioned by the Confederation of British Industry and Pfizer - of the 180m sick days UK workers took in 2009, around 27m were not genuine, costing employers an estimated £2.5bn. "We caught out one guy, too unwell to leave his house, playing five-a-side football," says Cross. A "broken ankle" didn't stop another from labouring at a building site. "People just don't think they'll get caught," he adds.
Fraud is equally widespread. According to the annual Global Fraud Survey by the risk consulting company Kroll, 88% of companies worldwide suffered from some form of it in 2010. In Europe, it's an inside job in 50% to 60% of cases.
Kroll's results show a striking increase in the theft of corporate data (detected in 27.3% of businesses, up from 18% in 2009), particularly in the financial and professional services sectors. Cross recalls a recruitment consultant who went it alone with - as his ex-boss suspected - a little help from his former employer's client database downloaded on to a memory stick: "They had no software preventing copying of confidential data."
Cross posed as a start-up sandwich seller and got himself invited to the consultant's new offices. "I taped the guy talking about starting a business and hinting at the 'good old database'," he says, "and filmed the client names on his whiteboard." He pulls out a packet of Sovereign Black cigarettes from his pocket, pointing to a tiny camera hole.
Internal financial fraud is less common, but it still occurred in 13% of the companies Kroll surveyed. Cross secretly filmed a manager in a pie manufacturing company, who was signing for more meat than had been delivered and pocketing some of the supplier's payment.
Footage was also unexpectedly captured of the man viewing pornography on his work computer. "With mostly manual workers and few computers, the company hadn't installed software detecting and blocking flesh-coloured pixels coming through from websites or in emails," says Cross.
Most large and medium-sized organisations do use such filter software, often with activity monitoring software that logs all user actions: applications and web pages accessed, all mouse movements, print requests, keystrokes and memory stick insertions. This technology facilitates a monitoring policy which employees sign, usually with little knowledge of how the policing works in practice.
Recording everything employees do at their desktop is not a "Big Brother" approach, says Francis Carden, founder of OpenSpan Inc, a software provider to the Royal Bank of Scotland, Lloyds TSB and Vodafone. "The goal is to improve productivity."
No wonder: a recent survey by MyJobGroup.co.uk suggests that more than half of British workers access Facebook and other social media on company time - one-third for more than 30 minutes and nearly 6% for more than an hour a day. Social networking sites are also increasingly targeted by cybercriminals drawn to their huge user bases, putting employers at risk. Many employers block access to social networking sites altogether.
We also conduct our social lives from nine to five by email and phone. The Human Rights privacy law extends to the workplace, which means we have the right to a "reasonable" amount of personal correspondence and calls. However, it doesn't mean we have the right to use work email and phone for this purpose.
Employers can read our business emails. Although opening personal messages is off limits other than by exception, they can monitor our email usage for anything unreasonable or inappropriate. Most install software that searches for offensive or violent keywords indicating private or malicious traffic, as Tim Brown*, a former reporter on a regional newspaper, found out to his cost.
"I emailed a friend about two senior executives in my office having an affair, calling the woman a 'pissed-up hooker'," he admits. Two days later his editor threatened him with the sack for abusing the newspaper's email policy. "I got away with a warning, but I was made redundant six months later by the woman I'd been rude about."
While workers usually apply common sense when emailing friends from work, company phones can be used more freely. Bosses cannot eavesdrop on or tape calls without a business reason and must tell employees first, unless they have some evidence they are playing dirty with a competitor.
A recent survey by management solutions provider MDS found that employees use business landlines for personal calls and fail to disclose private calls on work mobiles in 79% to 90% of businesses. To counteract this, many employers use tracking software to monitor phone usage and spend. "The system can flag calls to specific numbers or destinations, or users charging more than £200 a month," says Drew Rockwell, chief executive of MDS.
Smartphones with global positioning systems offer employers another way to keep tabs on workers. It was recently revealed that iPhones record and store data about their owners' movements, while firms such as Crystal Ball sell mobile-phone monitoring apps that allow businesses to keep tabs on their employees' whereabouts and phone usage. "These are tough times and we need staff to be as productive as possible," argues Crystal Ball's managing director Raj Singh, who uses the app on his own employees but points out that a privacy option lets them become undetected at the end of the day.
What if employees find their right to privacy is being abused? "Mention the Information Commissioner's code of practice to your boss," says Becky Boston, a human resources specialist at Emphasis HR & Training. "If this doesn't work, you can raise a formal grievance." In 2007 the European Court of Human Rights awarded more than £6,000 to an employee of Carmarthenshire College in Wales, who had her emails, telephone and internet usage secretly checked.
Has Cross ever sailed close to the wind and bugged company premises? He shakes his head: "Normally, you can monitor use of company property - vehicles or computers - but eavesdropping on people is a legal minefield."
Corporate investigations remain rife, although not as rife as 18 months ago when people were less worried about losing their jobs. Cross investigates two or three new cases a week and, eight times out of 10, he has "seen it all before". Now he's off to catch a moonlighter, and no, he won't be lurking in a van with blacked-out windows.
"A fluorescent jacket takes you straight into a building," he says simply.
*Name has been changed