Disclosure: UK business owner and employer but no US employees. For us here at least, there’s no such requirement to betray the trust of our staff and spy on them, and we don’t do so. To be honest, the idea that anyone might consider this an acceptable behaviour never occurred to me. I’d like to think this is the norm but have no data either way.
The UK is definitely different than the US, and it looks to me like in the UK employees do have slightly higher expectations of privacy at work than in the US. However, some quick googling show me that UK employers are allowed to monitor employee internet usage in general.
When you say you don’t log or monitor usage, have you actively audited your company equipment and disabled all logging? Have you contacted your ISP and cloud providers to discuss what data they have? Aside from your company network equipment, it’s not easy to make sure you’re not “monitoring” from the employees perspective, if you provide company computers or phones, or any cloud services to your employees.
As a business owner, what would you do if you were contacted with a cease and desist letter from another company claiming your business domain was doing something illegal? What would you do if one of your employees told you another employee was doing something illegal at work and the employee denied it?
I do find your language interesting, especially as a business owner. Using the words ‘betray’, ‘trust’, and ‘spy’, seems like a very one-sided view of the situation, and one that comes with some assumptions. In the US, most employment contracts, and employee trainings, will disclose the fact that company equipment is monitored for aggregate or individual behavior, and it is stated and agreed to that the equipment is for work use, not personal use. Because employees are notified and they actively agree to use work equipment for only work reasons, there is no “spying” or “betraying of trust” taking place. Trust goes both ways as well, and when an employee agrees to use work equipment only for work, and then turn around a browse Facebook while getting paid, or download porn from the work domain, the employees have not just betrayed the company trust, but have also broken their explicit agreements.
Look up PCI-DSS, or Payment Card Industry Data Security Standard. It absolutely applies to the UK and absolutely requires centralized logging and review of those logs.
Centralized logging and review is the norm and I do have data to say that. You are wrong.
