Numbers, too, get scrutinized.
Say, for example, that an email refers to meeting at a restaurant at 6pm, but that the bill for the meal is dated 12 midnight. The context of that awfully-long dinner automatically earns a second look. So, too, would an expense entry made on a date when the employee was on vacation.
Ernst & Young points out that employee privacy rights are taken into account when investigators review data: Initially the information scrutinized is kept separate from the identity of the employee who created it. Only later in the process, if and when evidence of wrongdoing is strong, and after a company's privacy officer has signed off, would the employee's identity become linked to the data.
The American Civil Liberties Union, concerned about potential violations of a worker's right to privacy, notes there's no reason to assume that an employer's snooping would always be for the purpose of eradicating fraud. It could just as easily be to identify--and silence--potential whistle-blowers. "We're worried this could be used to stop whistle-blowers," says senior ACLU policy analyst Jay Stanley, referring to sophisticated new software.
Stanley says the law is unsettled and still evolving on certain issues of workplace privacy: It's legal, he says, for an employer to monitor workplace communications that concern an employee's work product or work performance. "Reviewing email, invoices, expense reports--all of that's permitted," he says. "Where it gets trickier, though, is where personal communications are concerned."
If, from work, and using company equipment, you log onto your personal email or Facebook account, is your privacy protected? It's unclear, he says. "The law remains somewhat ambiguous."