I’ve seen a lot of posts on social media in recent months where people are complaining about their companies spying on them and what they’re doing on their employer-issued equipment and accounts.
I want to put this in as plain a statement as possible. ANYTHING you do on employer-issued equipment or using employer-issued accounts is, at the very least, subject to monitoring by your employer. And at worst, belongs to your employer.
What does that mean? In simple terms, nothing you do on your work-issued laptop or phone is private. Nothing at all. And if you let your employer have access to your personal computer or phone to use for work purposes, then those devices have officially become “work issued” for the purposes of monitoring what you’re doing as well.
What about my right to privacy?
When you’re “on the clock” or using company-issued equipment, you don’t have one. It’s that simple. Is it right? No, but that’s the world we live in. Your employer has the absolute right to monitor everything you do on any equipment they issue to you. They also have the right to monitor anything you do while on work property or “on the job”. The only real exception to this in United States law is provided by the Electronics Communications Privacy Act (ECPA), which prohibits employers from monitoring employees’ personal calls, even if received on the employer’s property. However, if you’re making that personal call on your company phone, there are myriad ways your employer can get around that. And if you’re using your personal phone, people around you will still hear your side of the call. And that’s not really “monitoring” you.
Unfortunately, in this modern era where many in tech and other sectors work from a home office, the lines between office and home have become more blurred. Existing laws are insufficient to keep up with changing technology. What constitutes an employer-controlled workspace? What rights do you have and what rights do you give up working from a home office space? Those are the kinds of things that governments and courts are currently struggling to work through and clarify.
All this being said, do most employers monitor everything you do on their time and equipment? No. More often than not, employers will trust their employees and they won’t monitor everything you do and say 24/7/365 on their equipment or with their accounts. That doesn’t mean they won’t do random and regular spot checks and reviews of what you’re doing. And there are indeed some employers that will watch absolutely everything you do. I read a news article a couple of days ago where an employee complained that her HR called her within a couple of minutes of her Teams status going yellow (inactive).
How do I protect myself?
With the ever-encroaching realm of employers pushing their way further and further into your personal space, how does one protect themselves? There are a few things you can do to minimize this impact.
The first is simple. Don’t use work equipment or accounts for anything personal. Just don’t do it. Don’t get on Facebook or Twitter. Don’t watch Netflix or Hulu. Don’t access your personal email accounts. Just don’t. Only use your work equipment for work. Only use your personal devices for personal use. Never the twain shall meet. I know it’s tempting. You’re right there. It makes life easier. But don’t do it. Just don’t.
Related to that (should we call this 1A??), there’s a trend in a number of companies for “Bring Your Own Device” (BYOD). This is when companies convince you to use your personal computer or phone for work instead of them issuing their devices to you. Don’t do it. Don’t agree to it. Don’t allow it. Again, just don’t. (Do you sense a theme building here?)
When you give them access to your personal device, you are giving them access to your personal and private information and data that you have on that device. Keep them out. Keep them separate.
My own personal setup in my home office is three separate desks. One of them is strictly for my work setup. The other two are strictly for personal devices and I do not mix the two. I realize that’s not practical for everyone. And that’s fine. For me, that setup helps me keep my mental state separate between work and personal. When I face one desk, I’m in work mode, and when I swivel left to the next desk, my brain shifts into personal mode. Whatever works to help you keep things separate, go with it.
Next, be cautious about what you post on social media. Anything you freely throw out into the world is not private. By posting something, even from a “private” account, you are willingly giving up your right to privacy. More and more employers are monitoring and searching social media. And even for an account you believe is private, there are ways for your employer to get access to that. Certain vendors (Looking at you Meta. We all know you’re doing it) will even sell your so-called “private” data to anyone willing to pay.
Nothing on the internet is really private. And nothing on the internet ever really goes away. Be cautious. More and more employers, and especially potential employers, are including social media searches as part of background checks. Sure, the EU has its “right to be forgotten” law, but that’s largely a joke. You’re never really forgotten on the internet. How many stories do we keep seeing online where someone does something stupid that gets posted to social media (often by someone else) and gets themselves fired? It’s happening all the time.
All that brings me to the main point that I want to make. Everything to this point has been fairly generic and applies to almost every worker. There are thousands upon thousands of posts about this across the internet. How do we apply this to our industry as software developers?
It all comes down to this question: Who owns the code that we write? That’s the crux of it. Obviously, anything that we write as part of our jobs belongs to our employer, or client if our company is consulting. But what about side gigs and personal projects? Who owns that? That can be a complex question. And it’s one that can come back to screw you if you’re not careful.
Does my employer have any claim on code written for personal purposes? Well, it depends. First, let’s look at employment agreements. It’s fairly rare nowadays, but there was a time when it was much more common that employers would make workers sign contracts that basically said the company had a claim to anything they wrote, period. As I said, it’s rare these days, but it still happens. So make sure you never sign anything from your employer that you haven’t read thoroughly.
But let’s leave that glaringly offensive situation aside. What about other situations? Well, if you used your work-issued equipment, then again the answer could very well be yes. It’s their laptop. You don’t have a right to use that equipment for personal purposes. Even if you wrote 99% of your code on your personal machine, if you wrote any part of your personal software project on your work laptop, then they could very well have an ownership claim.
That extends to any software as well. Are you using your work-issued Visual Studio subscription to write software on your personal machine? Are you tracking tasks for your project in a company-owned JIRA instance? Are you using your company RedGate subscription to script your database schema? In any of these instances, your employer could very well have a claim of ownership on anything you used that software to create.
Again, will most employers make that claim and steal your hard work? Probably not. Most of the time they won’t care. But what happens if you write the next Facebook, Twitter, or another mega-successful app that starts pulling in millions in profit? Do you really trust your employer enough that you’re certain they would never do that? If you do, you’re a brave soul, far braver than I am. I’ve never worked for anyone I would trust not to screw me over if they saw profit in it.
***If you happen to work for an employer you trust that much, could they use a software development manager? Just asking…
It’s all pretty simple. Avoid any potential headaches. Keep your work life and your personal life separate. Companies today already intrude too far into our personal space. There’s no need to give them more excuses to push farther in. Just don’t do it.
Husband, father, gamer, developer, manager, writer, creative, blogger, model railroader, Buckeyes fan