Have you ever had a bad day at work, complained to colleagues about it over an internal messaging app and then worried that your boss might be able to read all of your complaints? Turns out, you have every right to be concerned; communications on a work device are rarely as private as they may seem.
In July, Netflix fired three marketing executives for messages criticising colleagues on what they thought was a private Slack channel. Netflix co-CEO Ted Sarandos
that it was not a simple case of employees venting on Slack, but rather “critical personal comments made over several months about their peers”, including during meetings when those peers were presenting. “It's also worth noting that we don't proactively monitor Slack or email,” he continued. “The Slack channel was open, so anyone could access the conversations even though the employees concerned thought it was private.”
Workers are often seduced by the illusion of privacy when it comes to workplace communications, mistakenly believing that they can privately chat, send emails or even videoconference on a company computer without their employer viewing that information afterwards. Yet, what appears private in the moment can often become public with the click of a button. The reality is that technology exists for employers to track virtually all workplace communications by all employees at all times, even if companies are rarely transparent about the level to which they do this.
So, where should companies draw the line – and what should workers bear in mind before they send that unguarded message?
Assume nothing’s private
“Employees should assume that whenever they’re using work owned and issued equipment, anything that they may do – including written communications or websites they may visit – is subject to review,” says Boston-based Heather Egan Sussman, head of law firm Orrick’s global Cyber, Privacy & Data Innovation Group.
Of course, there are legitimate reasons why companies monitor internal communications. Sussman says that companies in sectors including financial services are heavily regulated and need to proactively monitor communications as part of their compliance programmes. Anyone who deals with sensitive materials (such as health records or government contracts) may also be proactively monitored, to protect the company’s business, reputation and resources.
Companies outside these sectors often take a more reactive approach, says Sussman, capturing communications through a records-retention programme (which archives data for a set period of time) and then looking back on that information only when it’s necessary to address an issue. This includes not only messages and emails, but often video calls on Skype, Zoom or Teams, too, which can be recorded and logged.
Many workplace tools – including Slack, Google Workspace and Microsoft Teams – have features that allow management to store and search through messages, especially if they’ve paid for a premium plan. That means that even if you create a private two- or three-way group chat – or send direct messages – those seemingly private conversations can still be viewed by management (though they will often have to go through IT or HR for access, typically with a valid reason). In many cases, including on Slack, companies can even review edit history and access deleted messages. Some email systems will similarly create an automatic copy of all messages that pass through them, while others will create backup copies of new messages as they hit your inbox. As such, one can never assume a deleted message is gone for good.
Brian Kropp, chief of research for global research and advisory firm Gartner’s HR practice, based in the Washington DC area, says the only time companies really go back and look through these communications is when there is reason to believe there’s been some sort of performance management problem, data theft, harassment or other complaint that warrants an internal investigation. General griping that doesn’t target an individual is rarely cause for concern. Similarly, everyday managers don’t typically have the ability to freely conduct keyword searches for things like their names.
“There is just too much information to make it worth their effort to go through and analyse everything,” explains Kropp. “Plus, if you as an employee were ever to find out that they were going through and just generally scanning through your email – and if that came out – the reputational damages would be enormous. Does it happen? Yes, but it’s very, very rare.”
‘Employees know very little’
When companies do suspect unprofessional behaviour has taken place, there are minimal restrictions to prevent them scrutinising employees' workplace communications. Even though US and European laws do protect communications on things like collective bargaining, Kropp says that, “anywhere in the world, there’s no legal requirement that says employers have to inform you about the data they are collecting about you”.
Some companies will include a high-level statement in their employee handbook that says workers will have no expectation of workplace privacy in their communications, but the actual degree to which they’re being monitored can be extremely difficult to detect. “When you sign a contract, normally the employer doesn’t tell you, ‘we are monitoring you’,” says Aida Ponce del Castillo, a Brussels-based senior researcher at the Foresight Unit of the European Trade Union Institute. “Employees often know very little.”
So, how can you vent with your colleagues about a tough situation without worrying about those messages being used against you? Assuming that most communication on your work computer could be logged and stored, the safest way to share frustrations, Ponce del Castillo says, “is face to face or with a private mobile phone that is not linked to your work”. Even personal email or social media accounts accessed on a work-owned device can open you up to monitoring, she adds.
In a professional environment, it may be best to assume that you’re being monitored and behave accordingly. If you do want to express a complaint about a co-worker or a professional situation, think about whether that complaint is constructive and helpful to the organisation at large. If so, using workplace tools to share your feelings shouldn’t get you in any hot water. If the message can’t necessarily be considered constructive, it’s probably best to vent at the coffee cart, on your private phone or in the bar after work.
In general, however, experts caution that companies rarely review workplace communications simply to see who’s grumbling and who’s not. Such searches, when they do occur, are almost always to look for comments that are targeted, meanspirited, discriminatory or might otherwise put the company at risk of litigation. If you’re unsure what data your employer has access to, how long it’s retained and under what circumstances it might be used, all you may have to do to find out is ask.