Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Employer tracking employee computers

  • 21-12-2023 9:15am
    #1
    Registered Users, Registered Users 2 Posts: 315 ✭✭Jambonjunior


    Is it legal in Ireland for employers to track computer usage?


    Is there any way to know if it's done?


    And by tracking I mean, more about work activity etc rather then website. Do they measure people being active and online etc, what work apps etc

    Post edited by Jambonjunior on


Comments

  • Registered Users, Registered Users 2 Posts: 26,584 ✭✭✭✭Creamy Goodness


    Not sure of the legalities of it (not a lawyer), I'd strongly suggest looking at your employment contract. If the computer was supplied by the employer the computer is property of your employer so I'd safely assume all things are tracked or likely to be tracked.

    Work supplied computers/phone should only be used for work imho.



  • Moderators, Computer Games Moderators, Social & Fun Moderators Posts: 18,853 Mod ✭✭✭✭Kimbot


    I would imagine its legal as its their property and you should have a usage policy telling you what is allowed etc by your employer.



  • Registered Users, Registered Users 2 Posts: 1,018 ✭✭✭mondeoman72


    I work for a big mulitnational. Our laptops and desktops log in via a VPN which send us through company servers. We are monitored and it is mentioned in the splash screen about unholding company policies. If we use wifi on our company mobiles on site, we get blocked if we search for forbidden phrases i.e drugs, sex, whatever. If we switch off Wifi our phones go to Vodafone and are unblocked.

    See does any of this apply to you.



  • Registered Users, Registered Users 2 Posts: 55 ✭✭Eldudeson


    In my place, I know that all websites visited are recorded but not monitored. And by websites, I mean the IP address and not the site itself is recorded. If the company want to monitor, then they would have to convert the IP addresses to sites.

    Also, as above, there are forbidden sites through our IT provider. I can't even get on to Tesco as they sell alcohol!



  • Registered Users, Registered Users 2 Posts: 7,981 ✭✭✭The Continental Op


    I used to work for a company that wrote monitoring software and another that sold another monitoring product it was sold to companies in Ireland so that makes me think its perfectly legal.

    One thing a lot of monitoring software does is produce lists of particular web habits for example in a huge multinational you would be able to see who were your biggest users and downloaders. Most admins would produce a report that included top ten users, the users that made the most number of "banned" searches etc. Anyone using the companies internet for work would probably stay off the "radar".

    Wake me up when it's all over.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,611 ✭✭✭Augme


    It's potentially a bit of a grey area. Technically they can track you but whether they can legally use it to discipline is another issue. It also depends on what you mean by tracking as well.



  • Registered Users, Registered Users 2 Posts: 1,695 ✭✭✭Gooser14




  • Registered Users, Registered Users 2 Posts: 13,811 ✭✭✭✭Flinty997


    My understanding is they have to tell you they are doing it.

    You'd be crazy to use a work computer, phone, tablet or any device for anything other than work.

    Many places to track if you are "Active" hence the rise of mouse jigglers. In my opinion if a company is spending more effort to track that, instead of output and productivity. It's time to leave.



  • Registered Users, Registered Users 2 Posts: 21,868 ✭✭✭✭Ash.J.Williams




  • Registered Users, Registered Users 2 Posts: 410 ✭✭Shank Williams


    Don’t use company laptop for anything other than work - how hard is that to adhere to??



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 23,088 ✭✭✭✭Akrasia


    I manage the endpoints in my job and set the conditional access policies.

    Most business activity is logged by default, so if I needed to, I could read any email sent via the company email domains or download any file stored on any of the cloud storage sites.

    It's not something I have any remote interest in doing. But if we have a dispute and someone in the company demands a copy of all of their data, I need to be able to access it

    Similarly, if there's a threat detected we need to be able to trace online activity, so all logins and any software that tries to connect to any company resource is logged.

    For security we operate a list of blocked websites and use Azure to block categories of online content because that needs to be managed programmatically. I have zero interest in checking anyone's online activity, but if their device triggers an alert, I will see where that alert came from and that is often a URL.

    So if you like looking at 'classic tractors' on your work machine you're exposing your device to risk, and if you get around the whitelist and if that generates an alert, it will show on your IT admins dashboard.

    Regarding work activities, Azure will log and monitor metrics lke how many teams calls you have, how many emails you respond to etc. We don't actively monitor these in our company but it would be very easy to build dashboards to track how 'productive' your staff are, and with AI, that's getting even easier.

    "hey AI, tell me which staff on my team send the fewest emails between 4pm and 5:30 on a Friday afternoon"

    That kind of analytics will be available to every nosey manager very soon if not already enabled for them



  • Registered Users, Registered Users 2 Posts: 13,811 ✭✭✭✭Flinty997


    Admins have access to everything. A lot of systems now bundle staff monitoring in their feature set. It's all there at the click of button. Your being pushed at it all the time.

    The problem with this is it's very easy to fall into the mindset that activity is productivity. Once you get down that road you get people chasing those stats instead of productive work.

    Simple example is someone doing lots of light tasks vs someone stuck in complex task or project.



  • Registered Users, Registered Users 2 Posts: 5,162 ✭✭✭Buddy Bubs


    2 of my college friends were sacked for inappropriate use of company email back around the year 2006/7. We were only out of college, it was before we had smartphones and WhatsApp groups and that's how we sent on funny videos etc.

    He appealed and got legal representation but still lost.

    I'm general manager of my company and I do a bit of work with our IT consultant.

    There's a log of every time you turn it on, open a program, press a key, send an email, open a file. How they use that is up to them. I've seen these logs, not that I fully understand them. I can see every mobile phone call and text made on company phones, I can see every time a landline extension is used and for how long and to whom. I can see whether our vans are moving, what speed they are doing, whether they are braking hard or driving erratically and where they are. I don't use any of it for spying though. I use it for legitimate reasons. Like seeing which van is closest to an urgent repair call we got in. In one instance we had a staff member being an absolute pest to her manager and we got the duration of phone calls between them, which did turn out to be ridiculously excessive.

    What's probably not happening is someone sitting there watching what you're doing or anyone else is doing, but if there's a reason for them to be watching you they could very easily do it. And no you wouldn't know.



  • Moderators, Business & Finance Moderators Posts: 10,716 Mod ✭✭✭✭Jim2007


    The reality is that everything you do is tracked by someone on the network, either intentionally or otherwise. And yes in the end if pushed it will come down to a judicial decision as to whether it can be used in a court of law or not. And you'd be very foolish to assume otherwise.

    I remember one case where two people were having an affair and it became known to most operators and management simply because the reply chain and attachments became so big that it was dumping stack traces of the emails and blocking the system so of course an investigation followed. I don't know if the couple were ever told about this.



  • Registered Users, Registered Users 2 Posts: 21,868 ✭✭✭✭Ash.J.Williams


    You wouldn't be fired for poor productivity as a result of information gleaned from productivity monitoring software, however it could kick off a process where you'll get bad reviews and official warnings etc leading to dismissal



  • Registered Users, Registered Users 2 Posts: 550 ✭✭✭chrisd2019


    Everything done on a computer be it a personal or work one is traceable and recordable, your internet provider for example records traffic. Therefore do not use the work equipment for anything that might breach policies. This could be extrapolated into how much action a user does each day hour week ect.

    Depending on role of course a PC may not be required for all activities.


    Legality is possibly covered by one of the policies you read and signed at induction.



  • Registered Users, Registered Users 2 Posts: 5,534 ✭✭✭Padre_Pio


    I got a call one day after I downloaded something from my company's portal and 5 mins later opened an edit page on Wikipedia.

    They definitely have automated software that flags suspicious activity.



  • Registered Users, Registered Users 2 Posts: 13,811 ✭✭✭✭Flinty997


    So the answer op is yes.



  • Registered Users, Registered Users 2 Posts: 21,868 ✭✭✭✭Ash.J.Williams




  • Registered Users, Registered Users 2 Posts: 13,811 ✭✭✭✭Flinty997


    I assume their activity caused a spike that drew attention to it, then got investigated as to the cause of the spike.

    That's what normally happens.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 21,868 ✭✭✭✭Ash.J.Williams




  • Moderators, Business & Finance Moderators Posts: 10,716 Mod ✭✭✭✭Jim2007


    This was 25 years ago, when mail systems were not so robust, but exactly what I said, their entire mail thread be came so great that it caused stack overflows and the programmers default in such a situation was to dump the contents of the thread and reset the email system. Needless to say, when a corporate mail system goes down and people loose important mail, senior management ask a lot of questions and demand answers.

    Another example is where a company receives a discovery order from the courts to turn over certain disks or backups or similar media. The entire thing must be handed over and will be gone through the requesting body. The company is not allowed to edit the media and that means stuff may get handed over and reviewed that could embarrass you.

    Assume that everything you do on the internet or a corporate network has the potential to end up on a public notice board and act accordingly and you won't go too far wrong.



  • Registered Users, Registered Users 2 Posts: 26,434 ✭✭✭✭Mrs OBumble


    There was reasonable personal use allowed, and policies developed to match, 20 years ago when many people had computers at work.

    But now that everyone who uses email also has a smartphone, and the majority of websites are mobile-first, there's really no excuse for any personal use.



  • Registered Users, Registered Users 2 Posts: 13,811 ✭✭✭✭Flinty997


    Post edited by Flinty997 on


  • Registered Users, Registered Users 2 Posts: 21,868 ✭✭✭✭Ash.J.Williams


    That's not employer surveillance though , mail should have limits applied anyway



  • Registered Users, Registered Users 2 Posts: 13,811 ✭✭✭✭Flinty997


    ...



  • Registered Users, Registered Users 2 Posts: 13,811 ✭✭✭✭Flinty997


    ...



  • Registered Users, Registered Users 2 Posts: 12,145 ✭✭✭✭Gael23


    Would there be GDPR issues here



  • Posts: 7,272 ✭✭✭ Fernanda Flaky Caboose


    No. GRPR pertains only to personally identifiable information.



  • Advertisement
  • This content has been removed.




  • There's a difference between recording and monitoring. For example, there's security cameras all over my building. But they're for security, not a management resource. Unless there's something on them which is required to be accessed for security reasons it's unusable from a management/ disciplinary perspective.

    An example of this would be a recording routinely accessed showing i spend 3 hours a day in the bathroom or chatting in the corridor, as compared to recordings reviewed because stuff was going missing, and which shows me stealing company property. The first is unusable, the second is usable.



  • Registered Users, Registered Users 2 Posts: 2,901 ✭✭✭thomas 123


    I worked for a very large tech firm for 5 years, in my last year there software was introduced that allowed your manager “drop in” to your work computer to observe you - In an ideal world this was a coaching tool where a decent manager would let you know he was going to do it at a certain time to achieve x , but my manager liked to use it to drop in at random unannounced and point out how I could use my mouse better to be more efficiently, I didn’t hang around much longer after that. ← that’s when he decided to send a message, god knows how often he was watching without finding some ridiculous thing to coach on.



  • This content has been removed.
    Post edited by Unknown User on


  • Registered Users, Registered Users 2 Posts: 31,147 ✭✭✭✭AndrewJRenko


    Under the GDPR, the employer is required to have and communicate a clear policy on what information they are processing, their basis for processing, where it is being stored and long it is being retained. So the first point of call would be to check your privacy policies for all this detail.
    In general, the employer can't use information gathered for one purpose (such as cyber security) for an entirely different purpose (such as employee performance monitoring).
    If the employer is not complying with GDPR, you can raise the matter with your union or with GDPR or both.



  • Registered Users, Registered Users 2 Posts: 7,201 ✭✭✭zg3409


    On summary, they can, they do, they have permission in fine print somewhere

    They also automatically rank employees on number of emails, amount of activity etc. This may be at manager level or only higher. IT have access to everything and no pop ups happen to warn you.

    Ideally use work computer for only work. If applying for jobs elsewhere do not use work computer nor work email. Ideally dont browse random sites on lunch break.

    If they cannot use the information in court they will find another reason to get rid of you. Top executives of banks have been dismissed for visiting adult sites on work computers, why they were not warned first may be that they wanted them gone anyway.

    Mouse jigglers are used by some people to look busy, but I would assume most systems can detect them and detect users that work for a few minutes and then go missing for long periods. Be careful during personal phones and personal emails for work related things as it can break company policy on secrecy etc.



  • Advertisement
  • Moderators, Business & Finance Moderators Posts: 10,716 Mod ✭✭✭✭Jim2007


    True and by the same token they are required to protect the data collected and that means if you are given a device to an employee that allows them to access such information then it is the employer's responsibility to ensure that they execute their privileged access to the data in accordance with the law.

    For example, if you were a financial services professional and you travelled from Dublin to Zurich with a device that allow you to access client or staff data that would be a breach, because Switzerland is not part of the EU and their GDPR rules and bilateral agreement with the EU are slightly different. Likewise allowing access to French data, even in the EU is problematic because they have implemented the directive slightly differently for tax reasons and so on.

    I'm retired now so I have little interest in the topic, but as I understand it from my wife who is very involved in data protection, that the BREXIT agreement with the EU has slight differences as well. So there may very well be very good reasons for tracking devices. In my day we tracked devices and did a factory reset on them if they turned up on the wrong place.



  • Registered Users, Registered Users 2 Posts: 1 Kay_B7


    I work for a company that uses an employee monitoring program - Spyrix Employee Monitoring. All employees of the company were notified about this in advance. When signing the employment contract, this point is highlighted separately and the consent of each employee is important. I believe that in this case it is completely legal.



  • Registered Users, Registered Users 2 Posts: 31,147 ✭✭✭✭AndrewJRenko




  • Registered Users, Registered Users 2 Posts: 1 Walis


    In Ireland, employers can track computer usage, including work activity, as long as they comply with data protection laws. This means they must inform employees about the monitoring and ensure it's for legitimate purposes, such as productivity and security.

    To determine if tracking is happening, look for any company policies or notices about monitoring. Employers might use software to track activity, such as measuring time spent on work apps or monitoring online presence. If you're unsure, you can ask your employer directly or review your company's IT and privacy policies.



  • Registered Users, Registered Users 2 Posts: 8,745 ✭✭✭Oscar_Madison


    A lot of companies have a “fair use” policy for things like shopping online at lunchtime or looking at a news website - but if you’re taking the pizz spending work time shopping or looking at dodgy sites using a work computer then expect to be called out at some point.

    Years ago I used to do some Amazon shopping online at lunchtime but now I don’t go near the work computer for that - when a company wishes to downsize their staff, they’ll “find” ways to make these decisions- don’t make it even easier for them to do this by misusing your work equipment.



  • Advertisement
Advertisement