Use Case Guide
General Counsel's Guide to Employee Monitoring: Legal Risks, NLRA, and Defensible Programs
A general counsel employee monitoring legal guide is a reference for in-house legal counsel covering the federal and state laws that govern workplace monitoring, the NLRA Section 7 restrictions on monitoring union organizing activity, the ECPA framework for electronic communications, and the legal requirements for building a defensible monitoring program. This guide is written for in-house legal, not HR or IT, and addresses the liability questions counsel must resolve before approving a monitoring deployment.
7-day free trial. No credit card required.
The Federal Legal Framework for Employee Monitoring
Employee monitoring sits at the intersection of three federal statutes: the Electronic Communications Privacy Act (ECPA), the National Labor Relations Act (NLRA), and the Americans with Disabilities Act (ADA). General counsel must assess exposure under all three before approving a monitoring program, because the risk profile of a monitoring deployment depends on which features are activated, which employee populations are covered, and how monitoring data will be used in employment decisions.
ECPA: The Consent Exception Framework
The Electronic Communications Privacy Act of 1986 governs employer monitoring of employee electronic communications through two primary titles. Title I (the Wiretap Act) prohibits the intentional interception of wire, oral, or electronic communications. Title II (the Stored Communications Act) restricts access to stored electronic communications. Both titles contain a consent exception that is the legal foundation for most employer monitoring programs.
Under 18 U.S.C. Section 2511(2)(d), the interception of an electronic communication is lawful when one party to the communication has given prior consent. In the workplace context, employees provide this consent through a written monitoring policy that they acknowledge as a condition of access to company systems. The policy must specifically notify employees that their electronic communications on company systems may be monitored, and it must be acknowledged before monitoring begins. Courts have rejected ECPA claims where employees signed a monitoring acknowledgment at onboarding, even years before the specific monitoring at issue occurred.
The "business extension exception" under 18 U.S.C. Section 2510(5)(a) provides an additional basis for monitoring telephone communications using equipment provided by a provider of wire communications in the ordinary course of its business, but this exception does not apply to computer activity monitoring, which is governed by the consent framework.
NLRA Section 7: The Concerted Activity Boundary
NLRA Section 7 protects employees' rights to engage in concerted activities for the purpose of collective bargaining or other mutual aid or protection. This protection applies to all employees, whether unionized or not, and covers discussions about wages, working conditions, and union organizing. The NLRB's 2023 General Counsel Memorandum GC 23-02 established a framework for evaluating whether monitoring policies violate Section 8(a)(1) by chilling Section 7 rights.
The memorandum identifies three categories of monitoring-related conduct as potential unfair labor practices: surveillance of union activity, overbroad monitoring policies that employees would reasonably understand to prohibit protected concerted activity, and use of monitoring to identify and take adverse action against employees engaging in Section 7 activity. General counsel reviewing a monitoring program must audit the policy language and any keyword alert configurations to ensure they do not target or chill protected activity. A monitoring policy that prohibits "unauthorized communications about company matters" or that alerts on union-related keywords creates Section 8(a)(1) exposure even without direct evidence that management read any protected communications.
ADA: Disability and Accommodation Implications
The Americans with Disabilities Act creates two specific risks in the employee monitoring context. First, monitoring data may reveal disability-related work patterns (reduced activity during medical appointments, different work schedules related to treatment) that the employer should not be using in performance evaluations without reasonable accommodation analysis. Second, monitoring programs that use AI-based productivity scoring may generate disparate impact on employees with disabilities if the scoring model penalizes work patterns that reflect accommodation arrangements.
General counsel should review how monitoring data is used in performance decisions specifically for ADA compliance. Any monitoring metric used in a performance review or termination decision should be reviewed for potential disparate impact on employees with disabilities or other protected characteristics before the metric is operationalized.
State Law Overlay: Notice Requirements by Jurisdiction
Four states have enacted explicit employer notice requirements for electronic monitoring that go beyond the ECPA consent framework, and several additional states have pending legislation. General counsel managing nationwide monitoring programs must ensure compliance with the most restrictive applicable state law for each employee's work location.
Connecticut: CGS Section 31-48d
Connecticut General Statutes Section 31-48d requires employers to give prior written notice to employees before monitoring any telephone conversations, email, or internet access. The statute requires the notice to specify the types of monitoring that may occur and prohibits monitoring if the employer has not provided the required notice. Willful violations carry civil penalties. Connecticut's statute is one of the broadest state monitoring notice laws and applies to all electronic monitoring, not just specific categories.
Delaware: 19 Del. C. Section 705
Delaware's Electronic Monitoring of Employees statute requires employers to give prior written notice to all employees who will be monitored. The required notice must describe the types of monitoring and the electronic communications that may be subject to monitoring. Delaware's statute specifically covers telephone calls, email, and internet usage, and requires that the notice be provided at the time of hiring and upon request. The statute does not apply to investigations of employees suspected of illegal activity.
New York: Civil Rights Law Section 52-c
New York's electronic monitoring law, effective May 2022, requires employers to provide notice to employees upon hiring of any electronic monitoring of telephone conversations, emails, or internet usage. The notice must be acknowledged in writing or electronically by each employee. New York's statute additionally requires annual notice to existing employees and applies to employers with 10 or more employees in the state. Violations carry civil penalties of up to $500 per first violation and $3,000 per subsequent violation.
Washington State: Recent Developments
Washington State enacted electronic monitoring notice requirements that apply to employees working in Washington, including remote employees. General counsel for employers with Washington-based employees should verify current statutory requirements with Washington counsel, as the legislative landscape in this area has been active. Additional states including Illinois, Texas, and California have pending or recently enacted provisions affecting specific categories of monitoring data.
Litigation Risk Analysis: When Monitoring Creates Exposure
Employee monitoring data is a double-edged tool in employment litigation. Used correctly, it provides objective evidence that supports employer defenses. Used incorrectly, or deployed without proper legal framework, it creates liability that did not previously exist. General counsel must understand both sides of this analysis before approving a monitoring deployment.
Wrongful Termination: Monitoring Data as Evidence
Monitoring data used as the primary basis for termination creates wrongful termination exposure when: (1) the monitoring was conducted without a disclosed policy establishing ECPA consent; (2) the monitoring data shows ambiguous results that were interpreted against the employee without investigation; (3) similarly situated employees outside a protected class were not terminated for similar monitoring results; or (4) the termination follows protected activity such as a complaint to HR or OSHA, creating retaliation inference regardless of the monitoring data.
Monitoring data is strongest as supporting evidence in a termination that is also supported by documented performance issues, HR warnings, and manager observations. Terminations based solely on monitoring anomalies, without HR investigation and documentation of the process, face higher scrutiny in employment litigation regardless of what the data actually shows.
Authentication and Chain of Custody
For monitoring data to be admissible and credible in employment litigation, general counsel must establish: how the data was collected, who had access to the system, whether the data could have been altered after collection, and the process for exporting and preserving the data once litigation was anticipated. eMonitor's tamper-evident audit trail, which logs every export, modification, and access event, supports authentication. General counsel should work with IT to document the data collection and preservation process before litigation arises, not after.
Attorney-Client Privilege Risk
Employee monitoring programs that capture computer activity can inadvertently intercept employee communications with personal legal counsel. An employee who uses a company computer to communicate with a private attorney about an employment dispute, a workers' compensation claim, or a personal legal matter is using company equipment for privileged communications. The monitoring program captures metadata about those communications or, in the case of screenshot monitoring, the content itself.
The interception does not automatically destroy the privilege, but it creates a privilege waiver risk in litigation: if the employer produces monitoring records in discovery that include communications with the employee's personal counsel, those communications may be treated as no longer privileged due to the employer's access. General counsel should implement specific procedures for identifying and segregating potentially privileged communications captured by monitoring systems, particularly in organizations where employees regularly work on personal legal matters from company computers.
Wage-and-Hour Class Action Risk
The relationship between employee monitoring and wage-and-hour class action risk is nuanced. Monitoring data that reveals widespread off-clock work that was not compensated creates plaintiff class evidence, not employer defense evidence. If a monitoring program captures employees working consistently before their official clock-in time or after clock-out, that data is discoverable in an FLSA collective action and may establish the employer's awareness of the off-clock work, eliminating the good faith defense.
General counsel should conduct a monitoring data audit for off-clock work patterns before the plaintiff class does. If monitoring reveals systematic off-clock work, addressing the compensation issue proactively is far less expensive than defending a collective action. eMonitor's activity logs provide the data needed for this audit, and the same records can be preserved as employer-side evidence if the audit results are favorable.
Litigation Hold and FRCP Obligations
Federal Rule of Civil Procedure 37(e) addresses the failure to preserve electronically stored information (ESI) and provides for sanctions including adverse inference instructions when ESI is lost after a litigation hold obligation arises. Employee monitoring data is ESI. When an employee files a charge with the EEOC, a wage claim, or threatens litigation, a litigation hold on relevant monitoring data is required immediately. The hold must cover data for the complaining employee, similarly situated comparators, and the relevant managers. General counsel should have a monitoring data litigation hold protocol in place before any employment dispute arises, not after.
The Defensibility Checklist: What Makes a Monitoring Program Legally Sound
General counsel reviewing a proposed monitoring program evaluates it against a defensibility framework that addresses each source of legal risk. The following checklist reflects the standard that employment courts and regulatory agencies apply when evaluating whether an employer's monitoring program was lawfully designed and implemented.
Written Policy with Specific Disclosures
The monitoring policy must specify: (1) that company systems, including computers, email, internet access, and any company-provided devices, are subject to monitoring; (2) the types of monitoring that may occur (application tracking, URL monitoring, screenshots, keystroke logging if applicable); (3) that monitoring may occur at any time without prior notice; (4) that employees have no expectation of privacy on company systems; and (5) the business purposes for which monitoring data may be used. Vague policies that mention "monitoring" without specifying its nature do not establish ECPA consent with sufficient specificity.
Acknowledged Notice Before Monitoring Begins
The policy must be acknowledged in writing or electronically by each employee before monitoring begins. For existing employees when a new monitoring program is introduced, general counsel should obtain fresh acknowledgments; reliance on a general IT acceptable-use policy signed years earlier is legally risky in states with explicit notice requirements. Documentation of acknowledgment date, delivery method, and employee signature is the minimum required record.
Proportionality: Scope Matched to Purpose
Monitoring scope must match the business purpose it serves. Productivity management purposes justify application-level tracking, URL monitoring, and clock-in/clock-out records. Insider threat programs may justify screenshot monitoring for employees with access to sensitive data. Trade secret protection programs may justify more intensive monitoring for engineers working on proprietary IP. General counsel should document the purpose-to-scope mapping explicitly: if the monitoring feature cannot be justified by a documented business purpose, it should not be activated.
Data Minimization and Retention Limits
Monitoring data should be retained only as long as necessary for the documented purpose. Productivity management data does not need to be retained indefinitely; 90 to 180 days is a common and legally supportable retention period for general monitoring records. Longer retention for specific purposes (ongoing investigations, litigation holds) should be documented separately. Indefinite retention of monitoring data creates discovery risk and signals to courts that data retention was not thoughtfully designed.
Access Controls on Monitoring Data
Monitoring data is sensitive personal information. Access should be limited to personnel with a need to know: typically the direct manager, HR, and designated system administrators. Access to monitoring data for purposes other than the documented program purposes, such as a manager reviewing a colleague's data out of curiosity, is both a policy violation and a potential legal liability. eMonitor's role-based access controls enforce this limitation technically, reducing reliance on policy compliance alone.
NLRA-Clean Policy Language
The monitoring policy should be reviewed specifically for language that could be read to restrict Section 7 rights. Prohibitions on "discussing company matters outside authorized channels," "unauthorized communications," or "sharing confidential information" may chill protected concerted activity if broadly drafted. The NLRB's current framework requires that monitoring policies be narrowly tailored to legitimate business interests and include a savings clause clarifying that the policy does not restrict protected activity under the NLRA.
eMonitor's Legal Design Features for General Counsel
eMonitor's technical design reflects several legal requirements that matter to general counsel approving a monitoring deployment. These are not marketing claims about "privacy-first" design in the abstract; they are specific technical boundaries that reduce legal exposure in documented ways.
eMonitor does not capture keystroke content, email or message content, or continuous screenshot streams. The monitoring is limited to application usage time, URL categories, clock events, and productivity classification by application type. This data minimization eliminates the attorney-client privilege interception risk for organizations that do not activate screenshot features, and it reduces the scope of any potential ECPA claim to the application-level tracking that consent policies routinely cover.
eMonitor's monitoring is limited to work hours: monitoring begins when an employee clocks in and stops when they clock out. Off-hours monitoring is technically not possible within eMonitor's standard configuration. This boundary eliminates the personal-device-equivalent concern for remote employees and significantly reduces the intrusion on private life that state privacy statutes protect.
The tamper-evident audit trail documents every data access, export, modification, and deletion event with timestamp and user identity. This chain of custody documentation is the foundation of authentication in employment litigation and the record that general counsel needs to respond to discovery requests about monitoring data handling.
Frequently Asked Questions
What federal laws govern employee monitoring?
Employee monitoring is governed primarily by three federal statutes: the Electronic Communications Privacy Act (ECPA), which regulates interception of electronic communications; the National Labor Relations Act (NLRA), which protects employees' Section 7 rights to engage in concerted activity; and the Americans with Disabilities Act (ADA), which creates compliance obligations when monitoring data is used in adverse employment decisions affecting employees with disabilities.
How does NLRA Section 7 restrict employee monitoring?
NLRA Section 7 protects employees' rights to engage in concerted activity for mutual aid or protection. The NLRB's 2023 Memorandum GC 23-02 established that overbroad monitoring policies that reasonably chill Section 7 activity violate the NLRA even without evidence of actual chilling. Monitoring policies must be narrowly tailored, cannot single out union-related communications, and should include an explicit savings clause for protected concerted activity.
Can employers monitor employees discussing union activity?
Employers cannot lawfully monitor union organizing discussions with the purpose or effect of chilling Section 7 rights. The NLRB has found that monitoring systems configured to flag union-related keywords, or monitoring introduced or intensified during organizing campaigns, constitute unfair labor practices under NLRA Section 8(a)(1). Employers must audit keyword alert configurations to confirm they do not target or chill protected concerted activity.
What ECPA consent exception applies to workplace monitoring?
The ECPA consent exception under 18 U.S.C. Section 2511(2)(d) allows interception of electronic communications where one party has given prior consent. In workplace monitoring, this consent is established through a written monitoring policy that employees acknowledge as a condition of computer and network use. Without a valid, specifically worded, and acknowledged monitoring policy, employer monitoring of employee electronic communications may violate ECPA Title I.
When does monitoring data create wrongful termination liability?
Monitoring data creates wrongful termination liability when it is used as the sole basis for termination without supporting HR documentation, when it was collected without a disclosed policy, when the data shows ambiguous results interpreted against the employee without investigation, or when similarly situated employees outside a protected class were not terminated for similar results. Monitoring data is strongest as supporting evidence alongside documented performance issues and HR warnings.
Can monitoring data be used as evidence in court?
Monitoring data is admissible in employment litigation when collected under a disclosed policy, authenticated through chain of custody documentation, and preserved without alteration after collection. Courts have admitted activity logs in wage-and-hour cases, discrimination cases, and trade secret litigation. A litigation hold must be placed on relevant monitoring data as soon as litigation is reasonably anticipated, and the hold process must be documented.
What is attorney-client privilege risk in employee monitoring?
Employee monitoring programs can inadvertently capture employee communications with personal legal counsel when employees use company computers for personal legal matters. The interception does not automatically destroy privilege, but employer possession of the communication creates waiver risk if the data is produced in discovery or regulatory proceedings. General counsel should implement procedures for identifying and segregating potentially privileged communications captured through monitoring systems.
How do state notice laws affect a nationwide monitoring program?
Connecticut (CGS Section 31-48d), Delaware (19 Del. C. Section 705), New York (Civil Rights Law Section 52-c), and Washington State have explicit employer notice requirements for electronic monitoring. These statutes require written notice specifying types of monitoring before any monitoring begins, and some require annual renewal of notice. A nationwide program must satisfy the most restrictive state law applicable to each employee's work location, with New York's requirements among the most demanding.
What should a legally defensible monitoring policy include?
A legally defensible monitoring policy must specify: the types of monitoring conducted, the business purpose for each type, that company systems carry no expectation of privacy, that monitoring applies during work hours, how monitoring data may be used in employment decisions, an NLRA savings clause for protected concerted activity, and require written or electronic employee acknowledgment. The policy must be specific enough to establish ECPA consent and must not contain language that chills Section 7 rights.
Does eMonitor expose employers to class action risk?
eMonitor reduces class action risk by providing objective hour records that support employer defenses in FLSA off-the-clock claims. The risk runs the other direction: if monitoring reveals widespread off-clock work that was not compensated, that data becomes plaintiff class evidence. General counsel should conduct a monitoring data audit for off-clock work patterns before plaintiff counsel does, and address any compensation issues proactively before they become the factual predicate for a collective action.
Related Resources
Employee Monitoring Legal Guide 2026
Federal and state legal framework for workplace monitoring programs in 2026.
Learn more →US State Monitoring Laws
State-by-state breakdown of notice requirements, consent standards, and restrictions.
Learn more →Monitoring Policy Template
Legally reviewed monitoring policy template covering ECPA consent, NLRA savings clause, and state notice requirements.
Learn more →Also see: Multi-State Monitoring Compliance Guide and Employee Monitoring and Collective Bargaining.