Surveillance at Work? Balancing Employee Monitoring and Privacy in California Workplaces

In an era shaped by remote work, digital productivity tools, and increasing cybersecurity risks, workplace surveillance has become an integral part of how California employers manage operations and mitigate risk. But as monitoring technology becomes more sophisticated, so do the legal and ethical considerations around employee privacy. California employers must tread carefully to enforce monitoring policies lawfully—especially in a state with some of the strongest privacy protections in the country. 

Below, we explore the fine line between effective oversight and unlawful intrusion, offering practical guidance on how employers can comply with the law while maintaining trust and transparency in the workplace.

What Is Considered Workplace Surveillance?

Workplace surveillance encompasses any activity where an employer monitors employee behavior, communication, location, or productivity using physical or digital tools. Common forms of surveillance include video cameras in public areas, GPS tracking of company vehicles, screen monitoring on work-issued computers, phone call logging, keystroke tracking, biometric clock-in systems, and even AI-powered productivity scoring.

While many of these tools are designed to protect company assets, reduce liability, and improve efficiency, their misuse can violate employee rights. What begins as routine oversight can quickly escalate into privacy infringement if not managed within the boundaries of California law.

The Legal Framework: Privacy Protections in California Workplaces

California stands out as one of the most privacy-forward jurisdictions in the United States. The state’s Constitution explicitly enshrines the right to privacy, which extends into the employment context.

Several key statutes regulate workplace monitoring in California, such as:

• California Constitution, Article I, Section 1: This foundational provision guarantees every person the right to privacy, requiring a careful balancing of interests when employers seek to surveil employees.
• California Invasion of Privacy Act (CIPA): Under Penal Code §§ 630-638, this law prohibits the intentional recording or eavesdropping on confidential communications without the consent of all parties involved. This has serious implications for audio monitoring and phone call recording in the workplace.
• California Labor Code § 435: This statute prohibits employers from using audio or video recording in certain sensitive areas, such as restrooms, locker rooms, and changing areas.
• Electronic Communications Privacy Act (ECPA): Though a federal law, the ECPA plays a secondary role in California. It restricts unauthorized access to or interception of electronic communications, reinforcing state-level protections.

Additionally, a new bill under consideration by state legislators (Assembly Bill 1331) may further restrict employers’ rights to surveil employees in the workplace. Together, these laws create a framework in which employers must justify surveillance as reasonable, minimally invasive, and clearly disclosed.

When Is Surveillance Lawful? Factors That Determine Legality

Surveillance is not inherently illegal. California courts recognize an employer’s legitimate interest in overseeing operations, protecting assets, and ensuring safety. However, legality depends on context and execution. The following factors often determine whether a monitoring practice is lawful:

Reasonable Expectation of Privacy

Employees typically have little expectation of privacy in public or shared workspaces, especially when using company-owned devices. However, this expectation rises significantly in personal spaces or during off-hours.

Notice and Consent

The clearest way to reduce risk is to notify employees of surveillance in advance. Written policies that specify the type, scope, and purpose of monitoring reduce the likelihood of legal challenges.

Intrusiveness and Necessity

Surveillance must be narrowly tailored to serve a legitimate business purpose. Excessively invasive practices—especially if there are less intrusive alternatives—are more likely to be deemed unlawful.

Location Matters

Even when monitoring is justified, certain areas are off-limits. Surveillance in restrooms, break rooms, locker rooms, or private residences (in remote work contexts) is almost never defensible.

High-Risk Areas: What Not to Monitor

Employers should avoid or strictly limit surveillance in the following high-risk areas:

• Restrooms and locker rooms: Recording in these spaces is flatly illegal in California.
• Private conversations: Monitoring confidential communications without consent may violate CIPA.
• Personal devices and social media accounts: Unless the employee uses a personal device for work under a clear Bring Your Own Device (BYOD) policy, employers should avoid accessing private data.
• Off-the-clock tracking: GPS or screen monitoring during non-working hours, especially without consent, poses significant legal and reputational risk.
• Personal email and messaging apps: Accessing personal Gmail or iMessage accounts—even on a company device—can trigger privacy violations if done without a valid legal reason.

Best Practices for Lawful Productivity Monitoring

To lawfully monitor employees and reduce the risk of lawsuits, California employers should implement the following best practices:

1. Develop a clear, written policy: The policy should explain what monitoring occurs, what tools are used, what data is collected, and why. It should be included in the employee handbook and acknowledged in writing.
2. Give prior notice and obtain consent: Notices should be comprehensive, covering both physical and electronic surveillance. In many cases, implied consent isn’t enough—written acknowledgment is safer.
3. Limit surveillance to business purposes: Avoid monitoring personal activities or collecting irrelevant data. Surveillance should be proportionate to the need, such as for ensuring safety, improving performance, or ensuring compliance.
4. Train management and IT staff: Ensure that those who implement or access surveillance systems understand the legal limits and don’t use the tools for improper purposes.
5. Conduct periodic audits: Evaluate whether surveillance tools are still necessary, whether they align with the policy, and whether they’re being used consistently and fairly.
6. Allow employee access to surveillance data: In line with privacy regulations, provide employees with the opportunity to review personal data collected through monitoring.

Remote Work and Hybrid Settings: Special Legal Challenges

Remote work adds complexity to workplace surveillance. Monitoring tools that were once confined to office desktops are now being installed on laptops used in home offices, sometimes shared with family members. Employers must remain vigilant not to cross into unlawful observation.

Key concerns include:

• Monitoring during off-hours: Employers should ensure monitoring software activates only during designated work hours.
• Surveillance of non-employees: Webcam access or screen monitoring tools may inadvertently collect images or conversations from family members or housemates.
• Geolocation tools: Tracking an employee’s physical location outside of work time or without a valid reason can be seen as an overreach.

Employers should be especially cautious with bring-your-own-device (BYOD) policies. Monitoring software should be limited to company-related apps or accounts, not entire personal devices.

In California, transparency isn’t just a best practice—it’s a critical legal safeguard when it comes to workplace surveillance. Employers who clearly disclose their monitoring practices and secure informed consent significantly reduce the risk of litigation and improve employee relations. By contrast, covert or vaguely communicated surveillance can lead to liability under state and federal privacy laws, even if the employer had a legitimate business reason for the monitoring.

Explicit Disclosure Is a Cornerstone of Compliance

California law, including the Invasion of Privacy Act (CIPA), places a strong emphasis on consent, especially when recording communications. Employers should not rely on ambiguous handbook language or implied consent. Instead, they should use clear, written policies that detail the types of surveillance in use, the purpose of monitoring, the data being collected, and how that data may be used.

Voluntary vs. Implied Consent Can Make or Break a Defense

Voluntary, informed consent—documented through acknowledgment forms or electronic signature—is far more protective than assuming implied agreement based on employee conduct. Courts are increasingly skeptical of implied consent in the digital age, particularly when surveillance touches on personal data, off-hours activity, or remote environments.

Employers should consider incorporating a disclosure similar to the following in their onboarding materials or employee handbook:

“This company may monitor work-related communications, internet usage, computer activity, location via company GPS-enabled devices, and physical premises via video surveillance. Monitoring is conducted solely for legitimate business purposes, including security, compliance, and performance management. By signing this acknowledgment, you confirm that you have read and understood the company’s monitoring policy.”

Requiring employees to sign or electronically acknowledge this type of statement establishes a clear record of consent. It supports the employer’s claim that monitoring was known, limited, and lawful.

Hidden Surveillance Invites Legal and Cultural Fallout

Even when a particular form of monitoring may be technically legal, failing to disclose it can be interpreted as a violation of privacy expectations—especially if employees are monitored in sensitive settings, off the clock, or without appropriate boundaries. Secretive practices undermine morale, damage trust, and expose employers to costly lawsuits.

What Happens When Employers Cross the Line? Legal Risks and Penalties

California’s legal landscape does not look kindly on employers who overstep privacy boundaries. Businesses that fail to disclose surveillance or conduct it in an overly intrusive or deceptive manner may face a range of legal and financial consequences.

Civil liability under the California Invasion of Privacy Act (CIPA) is one of the most immediate risks. CIPA prohibits recording or eavesdropping on confidential communications without the consent of all parties involved. Violations can result in statutory damages of $5,000 per offense, regardless of actual harm, making class actions particularly dangerous for employers using widespread undisclosed monitoring tools.

Common law tort claims for invasion of privacy are also available to employees. California recognizes the tort of intrusion upon seclusion, which applies when an employer intentionally intrudes in a way that would be highly offensive to a reasonable person. Monitoring employee personal email accounts, home offices without notice, or bathroom-adjacent areas can trigger this liability.

In addition, the California Consumer Privacy Act (CCPA) may apply to certain employers—particularly larger businesses that collect personal data and meet specific revenue or data thresholds. Under the CCPA, employees (as data subjects) have a right to be informed about the categories of personal information collected, the purposes for which it is used, and whether it is shared with third parties. Employers that fail to provide these disclosures or that suffer data breaches due to improperly secured surveillance systems may face regulatory enforcement and civil lawsuits.

Beyond legal exposure, the cultural consequences of unlawful or secretive surveillance are profound. Discovery of hidden monitoring often sparks backlash among staff, undermines trust in leadership, and contributes to employee attrition. Even if no legal claim arises, the reputational harm from a whistleblower complaint, investigative report, or viral social media post can have a lasting impact.

Employers that implement monitoring practices without legal advice, transparent policies, or clear consent put their entire workplace ecosystem—and their bottom line—at risk. To avoid crossing the line, California employers should adopt a surveillance policy that is limited in scope, justified by business needs, and developed with the guidance of legal counsel to ensure both compliance and fairness.

Unionized Workplaces and Employee Advocacy Settings

Employers in unionized environments must take extra care. Monitoring decisions that affect working conditions often require negotiation with the union. Additionally, surveillance cannot be used to discourage or retaliate against protected activity, such as union organizing or group complaints about working conditions.

Even in non-union settings, employers must avoid targeting employees for surveillance based on their engagement in protected concerted activity, as defined under the National Labor Relations Act (NLRA).

How Chauvel & Glatt, LLP Can Help

Navigating the intersection of privacy law and employment policy in California is no easy task. At Chauvel & Glatt, LLP, we help employers implement lawful monitoring systems while safeguarding employee trust and compliance.

Our services include:

• Drafting or updating workplace surveillance policies
• Auditing current monitoring practices for legal risk
• Advising on remote work privacy and BYOD protocols
• Defending employers against privacy-related claims
• Training HR teams on compliance with CIPA, the California Constitution, and related laws

We take a proactive approach, helping you avoid litigation and maintain a healthy, respectful workplace culture.

Striking the Right Balance

Surveillance, when conducted effectively, can be a valuable tool for enhancing accountability, ensuring safety, and improving performance. But California law demands that it be used thoughtfully, lawfully, and transparently. Employers who invest in well-drafted policies, employee education, and legal guidance are far better positioned to monitor productivity without crossing the line into unlawful intrusion.For help developing or reviewing your workplace monitoring policies, contact Chauvel & Glatt, LLP today. We’ll help you strike the right balance between operational oversight and employee privacy.