SlideShare a Scribd company logo

Employee Monitoring and Privacy.pdf

My new presentation "Employee Monitoring and Privacy"

1 of 19
Download to read offline
Employee Monitoring
and Privacy
Andrey Prozorov, CISM, CIPP/E, CDPSE
v1, 2020-11-08
Andrey Prozorov, CISM, CIPP/E, CDPSE
Information Security and Data Protection Manager
• My patreon (ISMS and GDPR toolkits) -
https://www.patreon.com/AndreyProzorov
2
Agenda
1. Intro
2. Surveillance methods and Tools
3. Specifics of remote work
4. Legal requirements
5. Understanding the needs and
expectations of interested parties
6. Employee Monitoring: CISO and DPO
conflict
7. Risks of inadequate monitoring
8. GDPR Fines examples
9. Important GDPR articles and
potential fines
10. GDPR Principles and Lawfulness of
processing
11. Employee monitoring good
principles
12. Internal Documents and other
recommendations
3
Wiki
Employee Monitoring is the act of employers surveying employee
activity through different surveillance methods. Organizations engage
in employee monitoring for different reasons such as to track
performance, to avoid legal liability, to protect trade secrets, and to
address other security concerns. This practice may impact employee
satisfaction due to its impact on the privacy of the employees. Among
organizations, the extent and methods of employee monitoring differ.
4
Surveillance methods
5
1. Email monitoring
2. Monitoring of Internet using
3. Software monitoring (including
Working time tracking and Log
Management)
4. Video surveillance (CCTV and Using
cameras on computers)
5. Scanning and analysis of files
6. Location monitoring
7. Screen monitoring
8. Key logging
9. Audio recording (Telephone tapping
and Recording external sounds)
10. Monitoring of mobile
communication usage
11. Social media monitoring
12. Use of profiling
13. Use of biometric scanners
DLP, UEBA/UBA, Web-proxy, NGFW, CASB, BYOD/CYOD, MDM, SIEM, CCTV, and other special tools…
Specifics of remote work
1. Personal or corporate device
2. Personal or corporate communication channels
(mobile and Internet)
3. Privacy of third persons (e.g. family members)
4. Geolocation control
5. Time tracking and control
6. Mixing business and personal data
7. Specifics of local legislation (location of the subject)
6
Ad

Recommended

Chp 7 career dev & plg.
Chp 7 career dev & plg.Chp 7 career dev & plg.
Chp 7 career dev & plg.Tanuj Poddar
 
Intrapreneurship the Silicon Valley Way
Intrapreneurship the Silicon Valley WayIntrapreneurship the Silicon Valley Way
Intrapreneurship the Silicon Valley WayStartup Experience
 
Compliance list (factory act)
Compliance list (factory act)Compliance list (factory act)
Compliance list (factory act)ACS Shalu Saraf
 
Employees Provident Fund And MIscellaneous Provisions Act , 1952
Employees Provident Fund And MIscellaneous Provisions Act , 1952Employees Provident Fund And MIscellaneous Provisions Act , 1952
Employees Provident Fund And MIscellaneous Provisions Act , 1952Mohd Zaid
 
ESI, PF, LWF & Gratuity
ESI, PF, LWF & Gratuity ESI, PF, LWF & Gratuity
ESI, PF, LWF & Gratuity Anita Verma
 
Contract Labor Act 1970.
Contract Labor Act 1970.Contract Labor Act 1970.
Contract Labor Act 1970.Rahul Gulaganji
 

More Related Content

What's hot

PPT on Provident fund New Amendments 2020 : THE EMPLOYEES' PROVIDENT FUNDS AN...
PPT on Provident fund New Amendments 2020 : THE EMPLOYEES' PROVIDENT FUNDS AN...PPT on Provident fund New Amendments 2020 : THE EMPLOYEES' PROVIDENT FUNDS AN...
PPT on Provident fund New Amendments 2020 : THE EMPLOYEES' PROVIDENT FUNDS AN...PradiptaKumarRout
 
Provident fund ppt
Provident fund pptProvident fund ppt
Provident fund pptDixita S
 
Industrial employment(standing orders ) act 1946
Industrial employment(standing orders ) act 1946Industrial employment(standing orders ) act 1946
Industrial employment(standing orders ) act 1946Megha Thakkar
 
Compliance Training 845
Compliance Training 845Compliance Training 845
Compliance Training 845satyam mishra
 
Statutory Compliance for HR
Statutory Compliance for HRStatutory Compliance for HR
Statutory Compliance for HRshreyasawanto7
 
The contract labour (regulation and abolition), 1970
The contract labour (regulation and abolition), 1970The contract labour (regulation and abolition), 1970
The contract labour (regulation and abolition), 1970ACS Shalu Saraf
 
The industrial disputes act, 1947..
The industrial disputes act, 1947..The industrial disputes act, 1947..
The industrial disputes act, 1947..Rushikesh Basopiya
 
Payment of bonus act, 1965
Payment of bonus act, 1965Payment of bonus act, 1965
Payment of bonus act, 1965Navya Jayakumar
 
Payment of gratuity act, 1972 ppt
Payment of gratuity act, 1972 pptPayment of gratuity act, 1972 ppt
Payment of gratuity act, 1972 pptACS Shalu Saraf
 
SA 8000 (SOCIAL ACCOUNTABILITY)
SA 8000 (SOCIAL ACCOUNTABILITY)SA 8000 (SOCIAL ACCOUNTABILITY)
SA 8000 (SOCIAL ACCOUNTABILITY)TQM Cert Solution
 
Payment of bonus act 1965
Payment of bonus act 1965Payment of bonus act 1965
Payment of bonus act 1965ACS Shalu Saraf
 
Maternity benefit act updated 2017
Maternity benefit act updated 2017Maternity benefit act updated 2017
Maternity benefit act updated 2017Isha Trivedi
 
Industrial Employment (Standing Orders) Act 1946
Industrial Employment (Standing Orders) Act 1946Industrial Employment (Standing Orders) Act 1946
Industrial Employment (Standing Orders) Act 1946Dr. Trilok Kumar Jain
 
Payment of Wages Act, 1936
Payment of Wages Act, 1936Payment of Wages Act, 1936
Payment of Wages Act, 1936NathVGR
 
Payment of Bonus Act 1965
Payment of Bonus Act 1965Payment of Bonus Act 1965
Payment of Bonus Act 1965Mayur Khatri
 

What's hot (20)

PPT on Provident fund New Amendments 2020 : THE EMPLOYEES' PROVIDENT FUNDS AN...
PPT on Provident fund New Amendments 2020 : THE EMPLOYEES' PROVIDENT FUNDS AN...PPT on Provident fund New Amendments 2020 : THE EMPLOYEES' PROVIDENT FUNDS AN...
PPT on Provident fund New Amendments 2020 : THE EMPLOYEES' PROVIDENT FUNDS AN...
 
DESIGNING A HR PORTAL
DESIGNING A HR PORTALDESIGNING A HR PORTAL
DESIGNING A HR PORTAL
 
Provident fund ppt
Provident fund pptProvident fund ppt
Provident fund ppt
 
Industrial employment(standing orders ) act 1946
Industrial employment(standing orders ) act 1946Industrial employment(standing orders ) act 1946
Industrial employment(standing orders ) act 1946
 
Compliance Training 845
Compliance Training 845Compliance Training 845
Compliance Training 845
 
Statutory Compliance for HR
Statutory Compliance for HRStatutory Compliance for HR
Statutory Compliance for HR
 
The contract labour (regulation and abolition), 1970
The contract labour (regulation and abolition), 1970The contract labour (regulation and abolition), 1970
The contract labour (regulation and abolition), 1970
 
The industrial disputes act, 1947..
The industrial disputes act, 1947..The industrial disputes act, 1947..
The industrial disputes act, 1947..
 
Payment of bonus act, 1965
Payment of bonus act, 1965Payment of bonus act, 1965
Payment of bonus act, 1965
 
Payment of gratuity act, 1972 ppt
Payment of gratuity act, 1972 pptPayment of gratuity act, 1972 ppt
Payment of gratuity act, 1972 ppt
 
Standing oreder ppt
Standing oreder pptStanding oreder ppt
Standing oreder ppt
 
SA 8000 (SOCIAL ACCOUNTABILITY)
SA 8000 (SOCIAL ACCOUNTABILITY)SA 8000 (SOCIAL ACCOUNTABILITY)
SA 8000 (SOCIAL ACCOUNTABILITY)
 
Payment of bonus act 1965
Payment of bonus act 1965Payment of bonus act 1965
Payment of bonus act 1965
 
Works committees
Works committeesWorks committees
Works committees
 
Maternity benefit act updated 2017
Maternity benefit act updated 2017Maternity benefit act updated 2017
Maternity benefit act updated 2017
 
HR Compliance PPT
HR Compliance PPTHR Compliance PPT
HR Compliance PPT
 
The apprentices act 1961
The apprentices act 1961The apprentices act 1961
The apprentices act 1961
 
Industrial Employment (Standing Orders) Act 1946
Industrial Employment (Standing Orders) Act 1946Industrial Employment (Standing Orders) Act 1946
Industrial Employment (Standing Orders) Act 1946
 
Payment of Wages Act, 1936
Payment of Wages Act, 1936Payment of Wages Act, 1936
Payment of Wages Act, 1936
 
Payment of Bonus Act 1965
Payment of Bonus Act 1965Payment of Bonus Act 1965
Payment of Bonus Act 1965
 

Similar to Employee Monitoring and Privacy.pdf

EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Bart Van Den Brande
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT LegalCyber Watching
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization  GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?Sage HR
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR ComplianceGabor Farkas
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing   master slides 28 june-finalData protection & security breakfast briefing   master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalDr. Donald Macfarlane
 
General data protection regulation - European union
General data protection regulation  - European unionGeneral data protection regulation  - European union
General data protection regulation - European unionRohana K Amarakoon
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiKrowdthink
 
Satori GDPR Overview 2018
Satori GDPR Overview 2018Satori GDPR Overview 2018
Satori GDPR Overview 2018Dean Evans
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPRRobert Bond
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-LatemAnn Van den Bunder
 

Similar to Employee Monitoring and Privacy.pdf (20)

GDPR (En) JM Tyszka
GDPR (En)  JM TyszkaGDPR (En)  JM Tyszka
GDPR (En) JM Tyszka
 
GDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICOGDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICO
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization  GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
 
GDPR
GDPRGDPR
GDPR
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing   master slides 28 june-finalData protection & security breakfast briefing   master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
General data protection regulation - European union
General data protection regulation  - European unionGeneral data protection regulation  - European union
General data protection regulation - European union
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech Wiewiorowski
 
Satori GDPR Overview 2018
Satori GDPR Overview 2018Satori GDPR Overview 2018
Satori GDPR Overview 2018
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPR
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
 

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001 (20)

pr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdfpr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdf
 
ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal PurposesMy 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdf
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 
How to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfHow to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdf
 
pr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdfpr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdf
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
ISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdf
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
 
Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdf
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdf
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 

Recently uploaded

Instructional Supervision - By Dr. Cherinet Aytenfsu Weldearegay.pdf
Instructional Supervision - By Dr. Cherinet Aytenfsu Weldearegay.pdfInstructional Supervision - By Dr. Cherinet Aytenfsu Weldearegay.pdf
Instructional Supervision - By Dr. Cherinet Aytenfsu Weldearegay.pdfaytenfsuc
 
VAWC-RA-9262 Anti Violence Against Women and THeir Children
VAWC-RA-9262 Anti Violence Against Women and THeir ChildrenVAWC-RA-9262 Anti Violence Against Women and THeir Children
VAWC-RA-9262 Anti Violence Against Women and THeir Childrendilgpitogo2023
 
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptx
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptxTeams Nation 2024 - #Copilot & Teams or Just Premium.pptx
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptxKai Stenberg
 
Space expansion: cultural considerations, long term perspectives, and spiritu...
Space expansion: cultural considerations, long term perspectives, and spiritu...Space expansion: cultural considerations, long term perspectives, and spiritu...
Space expansion: cultural considerations, long term perspectives, and spiritu...Giulio Prisco
 
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptxNinia
 
AWS RDS Data API and CloudTrail. Who drop the table_.pdf
AWS RDS Data API and CloudTrail. Who drop the table_.pdfAWS RDS Data API and CloudTrail. Who drop the table_.pdf
AWS RDS Data API and CloudTrail. Who drop the table_.pdfVladimir Samoylov
 
KKrish - DOVE Leadership Program Concept
KKrish - DOVE Leadership Program ConceptKKrish - DOVE Leadership Program Concept
KKrish - DOVE Leadership Program ConceptKarthik Krishna
 
Chapter 20 Firms in IGCSE economics presentation
Chapter 20  Firms in IGCSE  economics presentationChapter 20  Firms in IGCSE  economics presentation
Chapter 20 Firms in IGCSE economics presentationSamandarbekNumonov
 
DAY 05 Book of Revelation 2-18-24 PPT.pptx
DAY 05 Book of Revelation 2-18-24 PPT.pptxDAY 05 Book of Revelation 2-18-24 PPT.pptx
DAY 05 Book of Revelation 2-18-24 PPT.pptxFamilyWorshipCenterD
 
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptxONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptxDivyaPatel621561
 
Present and Future Requisites for Prosperity in the Caribbean
Present and Future Requisites for Prosperity in the CaribbeanPresent and Future Requisites for Prosperity in the Caribbean
Present and Future Requisites for Prosperity in the CaribbeanCaribbean Development Bank
 
Supporting Resilient Prosperity in the Caribbean
Supporting Resilient Prosperity in the CaribbeanSupporting Resilient Prosperity in the Caribbean
Supporting Resilient Prosperity in the CaribbeanCaribbean Development Bank
 
Partnerships for Resilient Prosperity in the Caribbean
Partnerships for Resilient Prosperity in the CaribbeanPartnerships for Resilient Prosperity in the Caribbean
Partnerships for Resilient Prosperity in the CaribbeanCaribbean Development Bank
 

Recently uploaded (14)

Instructional Supervision - By Dr. Cherinet Aytenfsu Weldearegay.pdf
Instructional Supervision - By Dr. Cherinet Aytenfsu Weldearegay.pdfInstructional Supervision - By Dr. Cherinet Aytenfsu Weldearegay.pdf
Instructional Supervision - By Dr. Cherinet Aytenfsu Weldearegay.pdf
 
VAWC-RA-9262 Anti Violence Against Women and THeir Children
VAWC-RA-9262 Anti Violence Against Women and THeir ChildrenVAWC-RA-9262 Anti Violence Against Women and THeir Children
VAWC-RA-9262 Anti Violence Against Women and THeir Children
 
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptx
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptxTeams Nation 2024 - #Copilot & Teams or Just Premium.pptx
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptx
 
Space expansion: cultural considerations, long term perspectives, and spiritu...
Space expansion: cultural considerations, long term perspectives, and spiritu...Space expansion: cultural considerations, long term perspectives, and spiritu...
Space expansion: cultural considerations, long term perspectives, and spiritu...
 
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
 
Auditorium Session 1 - Connection - Inclusion
Auditorium Session 1 - Connection - InclusionAuditorium Session 1 - Connection - Inclusion
Auditorium Session 1 - Connection - Inclusion
 
AWS RDS Data API and CloudTrail. Who drop the table_.pdf
AWS RDS Data API and CloudTrail. Who drop the table_.pdfAWS RDS Data API and CloudTrail. Who drop the table_.pdf
AWS RDS Data API and CloudTrail. Who drop the table_.pdf
 
KKrish - DOVE Leadership Program Concept
KKrish - DOVE Leadership Program ConceptKKrish - DOVE Leadership Program Concept
KKrish - DOVE Leadership Program Concept
 
Chapter 20 Firms in IGCSE economics presentation
Chapter 20  Firms in IGCSE  economics presentationChapter 20  Firms in IGCSE  economics presentation
Chapter 20 Firms in IGCSE economics presentation
 
DAY 05 Book of Revelation 2-18-24 PPT.pptx
DAY 05 Book of Revelation 2-18-24 PPT.pptxDAY 05 Book of Revelation 2-18-24 PPT.pptx
DAY 05 Book of Revelation 2-18-24 PPT.pptx
 
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptxONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
 
Present and Future Requisites for Prosperity in the Caribbean
Present and Future Requisites for Prosperity in the CaribbeanPresent and Future Requisites for Prosperity in the Caribbean
Present and Future Requisites for Prosperity in the Caribbean
 
Supporting Resilient Prosperity in the Caribbean
Supporting Resilient Prosperity in the CaribbeanSupporting Resilient Prosperity in the Caribbean
Supporting Resilient Prosperity in the Caribbean
 
Partnerships for Resilient Prosperity in the Caribbean
Partnerships for Resilient Prosperity in the CaribbeanPartnerships for Resilient Prosperity in the Caribbean
Partnerships for Resilient Prosperity in the Caribbean
 

Employee Monitoring and Privacy.pdf

  • 1. Employee Monitoring and Privacy Andrey Prozorov, CISM, CIPP/E, CDPSE v1, 2020-11-08
  • 2. Andrey Prozorov, CISM, CIPP/E, CDPSE Information Security and Data Protection Manager • My patreon (ISMS and GDPR toolkits) - https://www.patreon.com/AndreyProzorov 2
  • 3. Agenda 1. Intro 2. Surveillance methods and Tools 3. Specifics of remote work 4. Legal requirements 5. Understanding the needs and expectations of interested parties 6. Employee Monitoring: CISO and DPO conflict 7. Risks of inadequate monitoring 8. GDPR Fines examples 9. Important GDPR articles and potential fines 10. GDPR Principles and Lawfulness of processing 11. Employee monitoring good principles 12. Internal Documents and other recommendations 3
  • 4. Wiki Employee Monitoring is the act of employers surveying employee activity through different surveillance methods. Organizations engage in employee monitoring for different reasons such as to track performance, to avoid legal liability, to protect trade secrets, and to address other security concerns. This practice may impact employee satisfaction due to its impact on the privacy of the employees. Among organizations, the extent and methods of employee monitoring differ. 4
  • 5. Surveillance methods 5 1. Email monitoring 2. Monitoring of Internet using 3. Software monitoring (including Working time tracking and Log Management) 4. Video surveillance (CCTV and Using cameras on computers) 5. Scanning and analysis of files 6. Location monitoring 7. Screen monitoring 8. Key logging 9. Audio recording (Telephone tapping and Recording external sounds) 10. Monitoring of mobile communication usage 11. Social media monitoring 12. Use of profiling 13. Use of biometric scanners DLP, UEBA/UBA, Web-proxy, NGFW, CASB, BYOD/CYOD, MDM, SIEM, CCTV, and other special tools…
  • 6. Specifics of remote work 1. Personal or corporate device 2. Personal or corporate communication channels (mobile and Internet) 3. Privacy of third persons (e.g. family members) 4. Geolocation control 5. Time tracking and control 6. Mixing business and personal data 7. Specifics of local legislation (location of the subject) 6
  • 7. In case of using employee monitoring tools, there is a danger of violation of vulnerable subjects' rights 7
  • 8. Legal requirements 1. The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (the Convention 108) 2. GDPR and ePrivacy Local legislation: 3. Data protection acts 4. Labour legislation 5. Privacy in working life (if applicable) 6. IT and communications 7. CCTV (if applicable) 8. Other regulations (if applicable) 8
  • 9. DPA’s comments, e.g. Finnish FAQ 9 https://tietosuoja.fi/en/faq-working-life
  • 10. Understanding the needs and expectations of interested parties 10 Internal External • Shareholders • Top Management • CSO / CISO • DPO / DPM • Internal Control • Risk and Compliance Managers • Legal • HR • IT • Employees • Employees’ Representatives • … • DPA / SA and other authorities • Human rights organizations • Vendors • Trade Unions • Consultants • Customers • Professional organizations • Visitors • Competitors • Employee’s Families • …
  • 11. Employee Monitoring: CISO and DPO conflict 11 CISO DPO Security vs Privacy Insider threats vs Subject’s rights Risk Assessment vs DPIA Hidden control vs Transparency Maximum data and sources vs Data minimisation and Purpose limitation Long-term storage vs Storage limitation Monitoring vs Blocking Full access vs Four-eyes principle, masking and encryption Policy and requirements vs Notifications and consents, Awareness
  • 12. Risks of inadequate monitoring 1. Fines and other penalties by supervisory authorities 2. Confiscation of equipment 3. Compensation for damages 4. Criminal prosecution 5. Loss of trust and demotivation of staff 6. Negative PR and Bad Publicity 12
  • 13. GDPR Fines examples H&M (Germany) EUR 35,300,000 2020-10 Excessive employee monitoring (profiles, work-performance and mailing detail) Unknown Organisation (The Netherlands) EUR 725,000 2020-05 Scanning employee’s biometrics with a fingerprint time and attendance system Taksi Helsinki (Finland) EUR 72,000 2020-05 CCTV, location data processing and automated decision-making and profiling School in Skellefteå (Sweden) SEK 200,000 (EUR 18,630) 2019-08 Facial recognition system Kymen Vesi Oy (Finland) EUR 16,000 2020-05 Monitoring of employee location data Unknown Organisation (Hungary) HUF 1,000,000 (EUR 3,000) 2019-06 Email Monitoring Unknown Organisation (Hungary) HUF 500,000 (EUR 1,500) 2019-02 Email Monitoring 13
  • 14. Important GDPR articles and potential fines 14 20 000 000 EUR or 4% of the total worldwide annual turnover 10 000 000 EUR or 2% of the total worldwide annual turnover Article 5. Principles relating to processing of personal data Article 6. Lawfulness of processing Article 7. Conditions for consent Article 9. Processing of special categories of personal data Article 12. Transparent information, communication and modalities for the exercise of the rights of the data subject Article 13. Information to be provided where personal data are collected from the data subject Article 17. Right to erasure (‘right to be forgotten’) Article 18. Right to restriction of processing Article 21. Right to object Article 22. Automated individual decision-making, including profiling Article 25. Data protection by design and by default Article 30. Records of processing activities Article 32. Security of processing Article 33. Notification of a personal data breach to the supervisory authority Article 34. Communication of a personal data breach to the data subject Article 35. Data protection impact assessment Article 36. Prior consultation
  • 15. GDPR Principles and Lawfulness of processing Principles Lawfulness 1. Lawfulness, fairness and transparency 2. Purpose limitation 3. Data minimization 4. Accuracy 5. Storage limitation 6. Integrity and confidentiality 7. Accountability 1. Consent - 😟 2. Contract - 😐 3. Legal obligation - 😐 4. Vital Interests - 😐 5. Public interest - 😐 6. Legitimate interests - 😀 15
  • 16. Employee monitoring good principles 1. Necessity: An employer must be able to demonstrate that the monitoring is really necessary and to explain purposes and scope. 2. Legitimacy: An employer must have lawful grounds for collecting and using the personal data and, if appropriate, sensitive personal data, and the processing must be fair. 3. Proportionality: Any monitoring that takes place must be proportionate to the issue that the employer is dealing with. (”balance of interests”) 4. Transparency: An employer must clearly inform employees of the monitoring (and its techniques) that will be carried out. 5. Integrity and confidentiality: An employer must ensure minimization of rights and access control. 16
  • 17. Internal Documents HR Information Security Data Protection 1. Contract and NDA 2. Collective agreement (including Time tracking and control) / Workplace Policy / Code of conduct / Employee handbook 3. Social media policy 1. Information security policy 2. Employee monitoring policy 3. CCTV policy 4. Information Classification and Handling policy 5. Acceptable Use policy (email, Internet usage, usb, mobile devices and BYOD, social media, mobile communications, remote work...) 6. Incident management procedure (+scripts) 7. Information security risk register and risk treatment plan (RTP) 1. Data protection policy 2. Awareness materials and Notifications 3. Consents (if applicable) 4. DPIA reports 5. Records of processing activities 6. Cookie policy and banner 17
  • 18. My recommendations 1. Identify local legislation and its specifics, as well as DPAs recommendations 2. Assess the level of influence and expectations of interested parties 3. Study legal issues before the pilot testing 4. Define purpose and legal basis 5. Conduct DPIA (data protection impact assessment) and discuss the results with the representatives before the implementation 6. Minimise data and storage periods (e.g. 72 hours for CCTV records and 3-6 months for logs) 7. Choose blocking not monitoring (if applicable) 8. Implement Four-eyes principle (access control) and other restrictions 9. Follow the requirements for profiling (GDPR Art.22) and biometric data (GDPR Art.9) , if applicable 10. Use tools only with implemented and described privacy functionality 18
  • 19. Thanks! Andrey Prozorov, CISM, CIPP/E, CDPSE • My patreon (ISMS and GDPR toolkits): https://www.patreon.com/AndreyProzorov • My email: prozorov.info@gmail.com