Employer Best Practices for Monitoring Remote Devices

August 31, 2020

By Daniel B. Garrie & Yoav Griver

Remote Devices

It is generally known that individuals have reduced privacy rights for work-related activity than they have in their personal lives, and that these reduced privacy rights extend to devices owned or provided by their company.

As just one example, consider the federal Electronic Communications Privacy Act, or ECPA, which permits employers to (1) monitor employees’ oral and electronic communications to the extent that they relate to a legitimate business purpose; (2) monitor any communications for which the employee has provided consent; and (3) access emails that are stored by the employer.

All of these exceptions decrease an individual’s privacy rights and reasonable expectation of privacy in work-related matters. However, is “exceptions” the correct word? Exceptions to what? Does this reference a specific privacy law or privacy rights in general?

Indeed, businesses operating in the financial services industry, such as investment advisers and broker-dealers, have affirmative legal obligations to monitor, and even report, employee activities. These obligations arise from the fiduciary nature of such businesses and related regulatory expectations.

The U.S. Securities and Exchange Commission, for example, expects registered investment advisers to monitor their employees compliance with stated compliance and ethics policies as part of their enforcement of same, and may be liable if they do not.[2] Therefore, persons, especially control persons, working for stewards of outside capital and/or fiduciaries should be particularly aware of their employer’s regulatory obligation to vigorously monitor employee activity.

To read the full article, go to

Contact Us