Employee Monitoring Laws by State
States with Specific Monitoring Notice Requirements
Connecticut
Connecticut is best reviewed as a state with a specific workplace electronic monitoring notice rule. Employers using employee monitoring software in Connecticut should pay attention to whether monitoring involves computers, phones, cameras, electronic systems, communications, or other tools that collect information about employee activity. Connecticut law defines electronic monitoring broadly and generally requires prior written notice to affected employees, including a conspicuous workplace posting about the types of monitoring that may occur.
Additional review may be needed when monitoring involves workplace cameras, audio recording, telephone communications, personal online accounts, employer-provided devices, company networks, or access to computer systems. Connecticut also restricts employer surveillance in areas intended for employee health, personal comfort, or safeguarding personal belongings, such as restrooms, locker rooms, and lounges.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Employee monitoring software | Prior written notice and workplace posting for electronic monitoring | Connecticut General Statutes § 31-48d — Employers engaged in electronic monitoring required to give prior notice to employees |
| Workplace cameras, audio, and surveillance systems | Limits on electronic surveillance in restrooms, locker rooms, lounges, and similar employee areas | Connecticut General Statutes § 31-48b — Use of electronic surveillance devices by employers limited |
| Employment-related conversations | Restrictions on intentionally overhearing or recording employment contract negotiations without consent of all parties | Connecticut General Statutes § 31-48b — Prohibition on recording negotiations between employers and employees |
| Personal online accounts | Restrictions on requesting access to employees' or applicants' personal online accounts, with exceptions for employer-provided accounts, business-purpose accounts, and employer-paid devices | Connecticut General Statutes § 31-40x — Employer inquiries regarding personal online accounts |
| Computer and device access | Unauthorized access, misuse of computer system information, interruption of computer services, and related computer crime topics | Connecticut General Statutes § 53a-251 — Computer crime |
| Audio and communications monitoring | Wiretapping, mechanical overhearing, eavesdropping, and related private communications topics | Connecticut General Statutes §§ 53a-187 and 53a-189 — Definitions; eavesdropping |
| Telephone call recording | Recording of private telephonic communications | Connecticut General Statutes § 52-570d — Action for illegal recording of private telephonic communications |
Delaware
Delaware should be reviewed as a state with a specific employee monitoring notice rule. The main issue for employers is not just whether monitoring software is used, but whether it monitors or intercepts employee telephone conversations or transmissions, email or electronic transmissions, or Internet access and usage. Delaware law generally gives employers two notice paths: daily electronic notice when the employee accesses employer-provided email or Internet services, or a one-time written/electronic notice acknowledged by the employee.
This makes Delaware especially relevant for tools that track websites, email activity, online behavior, calls, or other communications-related activity. The state also has separate rules that may matter when monitoring touches personal social media accounts, employer-provided devices, company networks, computer access, stored data, or audio/electronic communications. Delaware's monitoring notice rule also has an exception for certain non-targeted system maintenance or protection processes, so security tools and employee monitoring tools should not automatically be treated the same way.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Employee monitoring software | Notice before monitoring or intercepting employee telephone transmissions, email, electronic transmissions, or Internet access/usage | Delaware Code Title 19, § 705 — Notice of monitoring of telephone transmissions, electronic mail and Internet usage |
| Email, voicemail, Internet filtering, and system protection tools | Exception for non-targeted processes used solely for computer system maintenance and/or protection | Delaware Code Title 19, § 705(e) — System maintenance and protection exception |
| Personal social media accounts | Restrictions on requiring or requesting employee or applicant access to personal social media | Delaware Code Title 19, § 709A — Employer use of social media |
| Employer-provided devices and company networks | Exceptions related to employer-supplied or employer-paid devices, employer accounts, business-purpose services, and employer networks | Delaware Code Title 19, § 709A — Employer-provided devices, accounts, and networks |
| Computer and device access | Unauthorized access, theft of computer services, interruption of services, and misuse of computer system information | Delaware Code Title 11, §§ 932–935 — Computer crimes |
| Audio and electronic communications monitoring | Interception, disclosure, or use of wire, oral, or electronic communications | Delaware Code Title 11, § 2402 — Interception of communications generally |
| Private communications and surveillance | Eavesdropping, surveillance in private places, private communications, and related privacy restrictions | Delaware Code Title 11, § 1335 — Violation of privacy |
| Employee records created or affected by monitoring | Employee access to personnel files and handling of records containing personal identifying information | Delaware Code Title 19, §§ 732 and 736 — Inspection of personnel files; safe destruction of records |
Maine
Maine has a dedicated employer surveillance rule, so workplace monitoring in this state should be reviewed with particular attention to employee notice, the type of technology used, and whether monitoring involves personal devices or audiovisual surveillance. The rule covers monitoring through electronic devices or systems and may be relevant to employee monitoring software, computer activity tracking, phone monitoring, and similar workplace tools.
Maine also limits certain forms of audiovisual monitoring in an employee's residence, personal vehicle, or personal property, and employees may decline requests to install data collection or transmission apps on personal electronic devices for employer surveillance purposes. Separate review may be needed if monitoring involves personal social media accounts, wire or oral communications, or unauthorized computer access.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Employee monitoring software | Employer surveillance notice requirements and broad electronic monitoring definition | Maine Public Law 2025, Chapter 524 / 26 MRSA § 620-A — Employer surveillance |
| Personal employee devices and audiovisual monitoring | Limits on audiovisual monitoring in personal spaces and employee right to decline surveillance apps on personal devices | Maine Department of Labor — Employer Surveillance: Your Rights |
| Personal social media accounts | Restrictions on employer requests for employee or applicant personal social media access | Maine Revised Statutes Title 26, § 616 — Employee social media privacy prohibitions |
| Audio and communications monitoring | Interception, disclosure, or use of wire or oral communications | Maine Revised Statutes Title 15, § 710 — Offenses involving interception of wire and oral communications |
| Computer and device access | Unauthorized access to computer resources | Maine Revised Statutes Title 17-A, § 432 — Criminal invasion of computer privacy |
New York
New York has a specific electronic monitoring notice rule for covered employers. The main focus is whether the employer monitors or intercepts employee telephone conversations or transmissions, email or electronic transmissions, or Internet access and usage through an electronic device or system. The law generally requires prior written notice upon hiring, employee acknowledgment, and a conspicuous workplace posting for employees subject to electronic monitoring.
For New York, the strongest practical review points are notice language, where the notice is displayed, what categories of monitoring are disclosed, and whether monitoring touches communications, personal accounts, employer systems, or computer/device access.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Employee monitoring software | Prior written notice, employee acknowledgment, and workplace posting for electronic monitoring | New York Civil Rights Law § 52-c — Employers engaged in electronic monitoring; prior notice required |
| Email, voicemail, Internet usage, and system protection tools | Exception for non-targeted processes used only for computer system maintenance or protection | New York Civil Rights Law § 52-c(4) — System maintenance and protection exception |
| Personal online accounts | Restrictions on requiring or coercing employees or applicants to provide access to personal accounts | New York Labor Law § 201-i — Request for access to personal accounts prohibited |
| Computer and device access | Unauthorized access to a computer, computer service, or computer network | New York Penal Law § 156.05 — Unauthorized use of a computer |
| Audio and electronic communications monitoring | Wiretapping, mechanical overhearing, and intercepting or accessing electronic communications | New York Penal Law § 250.05 — Eavesdropping |
States with Higher Privacy or Consent Considerations
California
California requires careful review because employee monitoring may involve several overlapping privacy and consent areas: collection of employee personal information, audio or communications monitoring, video surveillance, location tracking, and access to personal social media. For many employers, the key practical issues are transparency, data purpose limitation, consent for confidential communications, and avoiding monitoring in areas where employees have a strong expectation of privacy. California's CCPA/CPRA framework also places duties around notice at collection, disclosed purposes, proportionality, retention, and data security for covered businesses.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Employee data collected through monitoring software | Notice at collection, disclosed purposes, retention, proportionality, and security duties under California privacy law | California Civil Code § 1798.100 — General duties of businesses that collect personal information |
| Audio and communications monitoring | Consent requirements for recording or eavesdropping on confidential communications | California Penal Code § 632 — Eavesdropping on or recording confidential communications |
| Wire, telephone, and electronic communications | Wiretapping and unauthorized interception of communications | California Penal Code § 631 — Wiretapping and unauthorized connection or interception |
| Workplace video or audio surveillance | Prohibition on audio or video recording of employees in restrooms, locker rooms, or changing rooms | California Labor Code § 435 — Audio or video recording in restrooms, locker rooms, or changing rooms |
| Location tracking | Restrictions on using electronic tracking devices to determine a person's location or movement, with vehicle-owner consent exception | California Penal Code § 637.7 — Electronic tracking devices |
| Personal social media accounts | Limits on requiring or requesting employees or applicants to provide access to personal social media | California Labor Code § 980 — Employer use of social media |
Colorado
Colorado should be reviewed as a higher-consideration state when employee monitoring involves communications, audio recording, personal social media accounts, biometric identifiers, or the storage of employee-related personal information.
Colorado has rules addressing employer access to personal electronic communication accounts, wiretapping and eavesdropping, protection of personal identifying information, and biometric data. These areas may be especially relevant for monitoring tools that track communications, record calls or meetings, use face recognition or biometric identifiers, collect screenshots, or store sensitive employee data.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Personal social media and electronic communication accounts | Restrictions on requiring employees or applicants to disclose usernames, passwords, or access methods for personal accounts; also covers requests to add contacts or change privacy settings | Colorado Revised Statutes § 8-2-127 — Prohibitions of employer; requiring access to personal electronic communication devices |
| Workplace investigations and employer systems | Exceptions for nonpersonal employer accounts, internal computer systems, regulatory investigations, and certain investigations involving proprietary or financial data | Colorado Social Media and the Workplace Law Rules, 7 CCR 1103-5 |
| Telephone and electronic communications monitoring | Wiretapping restrictions involving telephone, telegraph, or electronic communications | Colorado Revised Statutes § 18-9-303 — Wiretapping prohibited |
| Audio recording and private conversations | Eavesdropping restrictions involving private conversations or discussions | Colorado Revised Statutes § 18-9-304 — Eavesdropping prohibited |
| Employee personal identifying information | Reasonable security procedures and practices for protecting personal identifying information | Colorado Revised Statutes § 6-1-713.5 — Protection of personal identifying information |
| Biometric monitoring and face recognition features | Biometric identifier and biometric data protections added to the Colorado Privacy Act | Colorado HB24-1130 — Privacy of Biometric Identifiers & Data |
Florida
Florida should be reviewed carefully when employee monitoring involves communications, audio recording, location tracking, workplace video, or access to computers and electronic devices. The state has important consent-related rules for wire, oral, and electronic communications, as well as a separate law covering tracking devices and tracking applications. These areas may be especially relevant for tools that record calls or meetings, monitor messages, track location, capture screenshots, or collect activity data from company-managed devices.
Florida also has rules that may matter when monitoring involves private spaces, secretly captured images or video, unauthorized computer access, or the storage of employee-related personal information. For employers, the key practical review points are consent, device authorization, legitimate business purpose, data security, and avoiding monitoring in spaces where employees have a strong privacy expectation.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio and electronic communications monitoring | Interception and disclosure of wire, oral, or electronic communications; prior consent considerations | Florida Statutes § 934.03 — Interception and disclosure of wire, oral, or electronic communications prohibited |
| Location tracking and tracking applications | Installation or use of tracking devices or tracking applications; exceptions and penalties | Florida Statutes § 934.425 — Installation or use of tracking devices or tracking applications |
| Computer and device access | Offenses involving computers, computer systems, computer networks, and electronic devices | Florida Statutes § 815.06 — Offenses against users of computers, computer systems, computer networks, and electronic devices |
| Workplace video and private spaces | Digital voyeurism and secret viewing, broadcasting, or recording where a person has a reasonable expectation of privacy | Florida Statutes § 810.145 — Video voyeurism |
| Employee personal information collected or stored through monitoring | Security and breach notification duties for confidential personal information | Florida Statutes § 501.171 — Security of confidential personal information |
Illinois
Illinois should be treated as a higher-consideration state because employee monitoring may overlap with strict privacy and consent topics, especially biometric data, audio or electronic communications, workplace video, personal online accounts, and stored employee personal information. This is particularly relevant for tools that use face recognition, fingerprints, voiceprints, call or meeting recording, screenshots, camera access, or detailed employee activity logs. Illinois' Biometric Information Privacy Act is especially important where monitoring tools collect or process biometric identifiers or biometric information.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Biometric monitoring, face recognition, fingerprints, voiceprints, or biometric time clocks | Written notice, written release, retention policy, disclosure limits, and security duties for biometric identifiers and biometric information | Illinois Biometric Information Privacy Act, 740 ILCS 14/15 — Retention; collection; disclosure; destruction |
| Audio and electronic communications monitoring | Eavesdropping restrictions for recording or intercepting private conversations or electronic communications | Illinois Criminal Code, 720 ILCS 5/14-2 — Elements of the offense; affirmative defense |
| Personal online accounts | Restrictions on employer access to employees' or applicants' personal online accounts and related online activity | Illinois Right to Privacy in the Workplace Act, 820 ILCS 55/10 — Prohibited inquiries; online activities |
| Workplace video and private areas | Unauthorized video recording or live video transmission in restrooms, locker rooms, changing rooms, and similar private spaces | Illinois Criminal Code, 720 ILCS 5/26-4 — Unauthorized video recording and live video transmission |
| Employee personal information collected or stored through monitoring | Reasonable security measures for records containing personal information | Illinois Personal Information Protection Act, 815 ILCS 530/45 — Data security |
| Computer and device access | Unauthorized or excessive access to computers, computer networks, programs, or data | Illinois Criminal Code, 720 ILCS 5/17-51 — Computer tampering |
Indiana
Indiana does not have one central workplace surveillance statute that covers employee monitoring software as a whole. Instead, the main considerations come from how monitoring is performed: whether communications are intercepted or recorded, whether cameras or tracking tools are used in sensitive settings, whether access to a computer system is authorized, and how employee-related personal information is handled after collection.
For employers, Indiana is mainly a state where authorization, communication privacy, private-space boundaries, and data security should be reviewed together. This may be especially relevant for monitoring tools that combine activity tracking with screenshots, call or meeting recording, camera-based features, location-related data, or access to company systems.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, or communications monitoring | Unlawful interception of communications | Indiana Code § 35-33.5-5-5 — Unlawful interception |
| Electronic communications and recording tools | Definition of interception, including recording or acquiring electronic communications through a device, computer, or fax | Indiana Code § 35-31.5-2-176 — "Interception" |
| Location tracking, cameras, and electronic surveillance equipment | Unlawful photography, surveillance, and tracking on private property | Indiana Code § 35-46-8.5-1 — Unlawful photography, surveillance, and tracking on private property |
| Workplace cameras and private areas | Voyeurism and camera-based recording in private areas such as restrooms, showers, and dressing rooms | Indiana Code § 35-45-4-5 — Voyeurism |
| Computer and device access | Computer trespass and unauthorized access to computer systems or networks | Indiana Code § 35-43-2-3 — Computer trespass |
| Advanced workplace tracking or identification technology | Prohibition against requiring implanted devices as a condition of employment | Indiana Code § 22-5-8-2 — Prohibition against the implantation of devices as a condition of employment |
| Employee personal information collected or stored through monitoring | Breach notification duties for computerized personal information | Indiana Code § 24-4.9-3-1 — Disclosure of breach |
Iowa
Iowa does not frame employee monitoring around one broad workplace notice statute. For this state, the more relevant issues are usually communication interception, audio or video recording, camera-based surveillance, authorized access to computer systems, and the protection of employee-related personal information after it is collected. Iowa law includes separate rules on interception of wire, oral, and electronic communications, as well as electronic or mechanical eavesdropping.
For employers using monitoring software, Iowa is mainly a consent-and-authorization state: the safer review points are whether monitoring is disclosed, whether the employer owns or controls the device or system, whether communications are being captured, and whether cameras or surveillance tools could reach spaces where privacy expectations are higher.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, and electronic communications monitoring | Interception of wire, oral, or electronic communications; consent-related exceptions | Iowa Code § 808B.2 — Unlawful acts; penalty |
| Audio recording and eavesdropping | Electronic or mechanical eavesdropping and recording or intercepting conversations or communications | Iowa Code § 727.8 — Electronic and mechanical eavesdropping |
| Cameras and electronic surveillance devices | Use of cameras or electronic surveillance devices while trespassing | Iowa Code § 727.8A — Cameras or electronic surveillance devices; trespass |
| Computer and device access | Unauthorized access to a computer, computer system, or computer network | Iowa Code § 716.6B — Unauthorized computer access |
| Employee personal information collected or stored through monitoring | Security breach notification requirements for computerized personal information | Iowa Code § 715C.2 — Security breach notification requirements |
Kentucky
Kentucky does not rely on a single employee monitoring notice statute. The more relevant issues are spread across separate rules on eavesdropping, tracking devices, computer access, camera-based privacy, and data breach notification. For workplace monitoring, the main question is usually not only whether the employer owns the device or system, but whether the monitoring crosses into recording communications, tracking location, accessing systems without proper authorization, or collecting sensitive employee data.
This makes Kentucky especially important for tools that include call or audio recording, GPS or vehicle tracking, screenshots, webcam or camera-related features, or deep access to employee computers and networks.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio and communications monitoring | Eavesdropping and recording of wire or oral communications without required consent | Kentucky Revised Statutes § 526.020 — Eavesdropping |
| Audio recording consent analysis | Definition of "eavesdrop," including overhearing, recording, amplifying, or transmitting wire or oral communications | Kentucky Revised Statutes § 526.010 — Definition |
| Location or vehicle tracking | Unlawful use of a tracking device in certain vehicle-related situations | Kentucky Revised Statutes § 508.152 — Unlawful use of a tracking device |
| Computer and device access | Unauthorized access to computer software, programs, data, computers, systems, or networks | Kentucky Revised Statutes § 434.845 — Unlawful access to a computer in the first degree |
| Workplace cameras and private settings | Camera-based privacy issues and video voyeurism restrictions | Kentucky Revised Statutes § 531.100 — Video voyeurism |
| Employee personal information collected or stored through monitoring | Notification duties after a computer security breach involving unencrypted personally identifiable information | Kentucky Revised Statutes § 365.732 — Notification to affected persons of computer security breach |
Maryland
Maryland is mainly sensitive for employee monitoring when a tool records or intercepts communications, reaches personal online accounts, uses camera-based surveillance, or collects employee data that must be protected after storage. Unlike states with a single workplace monitoring notice rule, Maryland's risk areas are spread across communications privacy, computer access, visual surveillance, social media privacy, and personal information protection. Employers should be especially careful with call recording, meeting recording, screenshots, webcam features, personal account access, and monitoring that goes beyond clearly authorized company systems.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, and electronic communications monitoring | Interception, disclosure, or use of wire, oral, or electronic communications | Maryland Code, Courts and Judicial Proceedings § 10-402 — Interception and disclosure of wire, oral, or electronic communications |
| Personal online accounts | Restrictions on requiring employees or applicants to disclose usernames, passwords, or other access methods for personal accounts | Maryland Code, Labor and Employment § 3-712 — User name and password privacy protection |
| Computer and device access | Unauthorized access to computers, computer systems, computer networks, programs, services, or databases | Maryland Code, Criminal Law § 7-302 — Unauthorized access to computers and related material |
| Workplace cameras and private spaces | Visual surveillance in private places or camera-based surveillance where privacy expectations may be higher | Maryland Code, Criminal Law § 3-902 — Visual surveillance with prurient intent |
| Employee personal information collected or stored through monitoring | Reasonable security procedures and breach-related duties for personal information | Maryland Personal Information Protection Act, Commercial Law § 14-3503 — Security procedures and practices |
Massachusetts
Massachusetts belongs in this group mainly because of its strong communications-privacy and general privacy framework. Employee monitoring that includes call recording, meeting recording, audio capture, webcam use, screenshots, or other activity logs should be assessed with extra attention to whether the monitoring is disclosed, whether communications are being recorded, and whether the collected information is handled securely. Massachusetts also recognizes a general right against unreasonable, substantial, or serious interference with privacy, which makes private-space boundaries and proportional monitoring especially important.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, and communications monitoring | Interception of wire and oral communications; important for call recording, meeting recording, and audio capture | Massachusetts General Laws Chapter 272, § 99 — Interception of wire and oral communications |
| Workplace privacy and proportional monitoring | General right against unreasonable, substantial, or serious interference with privacy | Massachusetts General Laws Chapter 214, § 1B — Right of privacy |
| Computer and device access | Unauthorized access to a computer system | Massachusetts General Laws Chapter 266, § 120F — Unauthorized access to computer system |
| Employee personal information collected or stored through monitoring | Minimum standards for safeguarding personal information of Massachusetts residents | 201 CMR 17.00 — Standards for the protection of personal information of residents of the Commonwealth |
| Security incidents involving monitored employee data | Security breach notification duties involving personal information | Massachusetts General Laws Chapter 93H — Security Breaches |
| Monitoring records used in employment decisions | Employee access to personnel records and correction process | Massachusetts General Laws Chapter 149, § 52C — Personnel records; review by employee; corrections |
Michigan
In Michigan, employee monitoring questions often depend on what the software captures and where the monitoring takes place. Tools that record conversations, use cameras, track vehicle location, access computers or networks, or touch personal online accounts can raise different privacy and consent issues. For workplace use, the key areas are authorization, private conversation rules, personal-account boundaries, vehicle tracking limits, and secure handling of collected employee data.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, and meeting recording | Eavesdropping upon a private conversation | Michigan Compiled Laws § 750.539c — Eavesdropping upon private conversation |
| Workplace cameras and private areas | Installing, placing, or using a device for observing, recording, transmitting, photographing, or eavesdropping in a private place | Michigan Compiled Laws § 750.539d — Devices used in private places |
| Vehicle or location tracking | Placement or installation of a tracking device on a motor vehicle without required knowledge and consent | Michigan Compiled Laws § 750.539l — Tracking device on motor vehicle |
| Personal online accounts | Restrictions on requiring employees or applicants to grant access to, allow observation of, or disclose access information for personal internet accounts | Michigan Compiled Laws § 37.273 — Employer prohibited acts under the Internet Privacy Protection Act |
| Computer and device access | Fraudulent or unauthorized access to computers, computer systems, and computer networks | Michigan Compiled Laws Act 53 of 1979 — Fraudulent Access to Computers, Computer Systems, and Computer Networks |
| Employee personal information collected or stored through monitoring | Notice requirements after a security breach involving personal information | Michigan Compiled Laws § 445.72 — Notice of security breach; requirements |
Minnesota
Minnesota does not center employee monitoring around one broad workplace notice statute. The more relevant review points are usually tied to what the software captures: communications, screenshots or camera-based activity, access to computers or networks, and employee-related personal information stored after collection. This makes Minnesota especially relevant for tools that include call or meeting recording, webcam or screenshot features, computer activity tracking, or logs that may later become part of an employee record.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, and electronic communications monitoring | Interception, disclosure, or use of wire, electronic, or oral communications | Minnesota Statutes § 626A.02 — Interception and disclosure of wire, electronic, or oral communications prohibited |
| Workplace cameras, screenshots, and private areas | Use of devices for observing, photographing, recording, amplifying, or broadcasting in places where privacy expectations may be higher | Minnesota Statutes § 609.746 — Interference with privacy |
| Computer and device access | Unauthorized access to a computer security system or electronic terminal | Minnesota Statutes § 609.891 — Unauthorized computer access |
| Employee personal information collected or stored through monitoring | Breach notification duties involving computerized personal information | Minnesota Statutes § 325E.61 — Data warehouses; notice required for certain disclosures |
| Monitoring records used in HR files or employment decisions | Employee right to review personnel records maintained by the employer | Minnesota Statutes § 181.961 — Review of personnel record by employee |
Montana
Montana is a useful example of a state where employee monitoring is less about a single workplace-monitoring notice rule and more about privacy boundaries. Monitoring practices may need closer review when they involve hidden audio recording, interception of electronic communications, personal social media accounts, computer access, movement tracking through credentials or devices, or employee personal information stored in company systems.
Montana also has a broader constitutional privacy background, which makes clear notice, authorization, and proportional data collection especially important in workplace monitoring contexts.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, and communications monitoring | Recording a conversation with a hidden electronic or mechanical device without the knowledge of all parties; interception of electronic communications | Montana Code Annotated § 45-8-213 — Privacy in communications |
| Personal social media accounts | Limits on employer requests for usernames, passwords, access in the employer's presence, or disclosure of personal social media content | Montana Code Annotated § 39-2-307 — Employer access limited regarding personal social media account of employee or job applicant |
| Employer-issued devices and accounts | Exceptions for lawful workplace policies involving employer-issued devices, employer-provided software, email accounts, and business-related social media accounts | Montana Code Annotated § 39-2-307 — Employer access exceptions for business systems and accounts |
| Computer and device access | Unauthorized computer access, misuse of credentials, and use of another person's computer or credentials to track movements or monitor communications without consent | Montana Code Annotated § 45-6-311 — Unlawful use of a computer |
| Employee personal information collected or stored through monitoring | Security breach notification duties involving computerized personal information | Montana Code Annotated § 30-14-1704 — Computer security breach |
Nebraska
Nebraska's employee monitoring review is mostly about boundaries: personal Internet accounts, communications, computer access, and the way collected employee information is protected. The state has a Workplace Privacy Act that limits employer requests for access to personal Internet accounts, while still preserving room for lawful workplace policies covering employer equipment, employer accounts, and internal systems.
For monitoring software, Nebraska is most relevant when a tool reaches beyond ordinary activity tracking into communications capture, personal-account access, unauthorized computer access, or stored employee data that could trigger security and breach obligations.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Personal Internet accounts | Restrictions on requiring or requesting employees or applicants to provide usernames, passwords, or other access information for personal Internet accounts | Nebraska Revised Statutes §§ 48-3501 to 48-3511 — Workplace Privacy Act |
| Personal Internet account access | Employer prohibited acts involving employee or applicant personal Internet accounts | Nebraska Revised Statute § 48-3503 — Employer; prohibited acts |
| Employer equipment, accounts, and internal systems | Employer rights to maintain lawful workplace policies for electronic equipment, Internet use, employer accounts, and business systems | Nebraska Revised Statute § 48-3507 — Employer's rights not limited by act |
| Audio, call, and electronic communications monitoring | Interception of wire, electronic, or oral communications | Nebraska Revised Statute § 86-290 — Unlawful acts; penalty |
| Computer and device access | Unauthorized access to a computer security system | Nebraska Revised Statute § 28-1343.01 — Unauthorized computer access; penalty |
| Employee personal information collected or stored through monitoring | Breach investigation and notice duties involving computerized personal information | Nebraska Revised Statute § 87-803 — Breach of security; investigation; notice to resident; notice to Attorney General |
Nevada
Nevada follows a privacy-and-consent approach where workplace monitoring should be assessed through several separate areas: wire communications, private conversations, personal social media accounts, vehicle or location tracking, computer access, and protection of personal information. For employers, the key issue is whether monitoring stays within authorized business systems and disclosed workplace policies, or whether it reaches communications, personal accounts, private conversations, or tracking features that may require additional review.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Personal social media accounts | Restrictions on employer requests for usernames, passwords, or other access information for employee or applicant personal social media accounts | Nevada Revised Statutes § 613.135 — Unlawful acts of employer relating to social media account of employee or prospective employee |
| Telephone and wire communications monitoring | Interception or attempted interception of wire communications | Nevada Revised Statutes § 200.620 — Interception and attempted interception of wire communication prohibited; exceptions |
| Audio recording and private conversations | Surreptitious listening, monitoring, or recording of private conversations by a listening device | Nevada Revised Statutes § 200.650 — Unauthorized, surreptitious intrusion of privacy by listening device prohibited |
| Vehicle or location tracking | Installation or placement of a mobile tracking device on another person's motor vehicle without required knowledge and consent | Nevada Revised Statutes § 200.930 — Unlawful installation of mobile tracking device |
| Computer and device access | Unauthorized actions involving computers, systems, networks, data, programs, or supporting documents | Nevada Revised Statutes § 205.4765 — Unlawful acts regarding computers and information services |
| Employee personal information collected or stored through monitoring | Reasonable security measures for records containing personal information | Nevada Revised Statutes § 603A.210 — Security measures |
New Hampshire
In New Hampshire, the most sensitive area for employee monitoring is communications. Recording calls, meetings, or other oral or telecommunication content may require especially careful consent review because the state's wiretapping and eavesdropping rule refers to consent of all parties. Monitoring tools may also require additional review when they involve personal email or social media accounts, location information, computer access, cameras, or employee personal information stored after collection.
For workplace use, monitoring is easier to justify when it is limited to employer-owned systems, disclosed in internal policies, and connected to a clear business purpose. Tools that collect audio, location data, screenshots, webcam images, or account credentials should be assessed more cautiously. New Hampshire law separately addresses personal-account access, location information, unauthorized computer access, private-place surveillance, and security breach notification.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, and communications monitoring | Interception and disclosure of telecommunication or oral communications; all-party consent considerations | New Hampshire RSA § 570-A:2 — Interception and Disclosure of Telecommunication or Oral Communications Prohibited |
| Personal email and social media accounts | Limits on employer requests for login information, contact-list changes, or privacy-setting changes for personal accounts | New Hampshire RSA § 275:74 — Use of Social Media and Electronic Mail |
| Employer equipment and employer email | Employer rights to adopt policies for employer electronic equipment and monitor employer equipment and electronic mail | New Hampshire RSA § 275:74 — Employer workplace policy and monitoring exceptions |
| Location tracking | Consent-related conditions for placing, locating, or installing an electronic device to obtain location information | New Hampshire RSA § 644-A:4 — Conditions of Use of Location Information |
| Computer and device access | Unauthorized access to computers or computer networks; misuse of computer or network information | New Hampshire RSA § 638:17 — Computer Related Offenses |
| Workplace cameras and private areas | Use of devices to observe, photograph, record, amplify, broadcast, or transmit images or sounds in private places | New Hampshire RSA § 644:9 — Violation of Privacy |
| Employee personal information stored after monitoring | Notification duties after a security breach involving computerized personal information | New Hampshire RSA § 359-C:20 — Notification of Security Breach Required |
New Jersey
New Jersey has a few employee-monitoring areas that deserve separate attention rather than one broad workplace surveillance rule. Vehicle tracking is one of the clearest examples: private employers must provide written notice before using a tracking device in a vehicle used by an employee. Monitoring may also raise additional issues when it captures communications, reaches personal electronic accounts, uses cameras in sensitive settings, accesses computers or networks, or stores employee personal information.
For workplace use, New Jersey is strongest on notice, account-access boundaries, communications privacy, and data handling. Employers should be especially careful with GPS or vehicle tracking, call or meeting recording, personal account access, screenshot or camera-based features, and monitoring tools installed outside clearly authorized business systems.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Vehicle or location tracking | Written notice before an employer uses a tracking device in a vehicle used by an employee | New Jersey Revised Statutes § 34:6B-22 — Written notice for vehicle tracking device; penalties; definitions |
| Personal electronic communication accounts | Restrictions on requiring or requesting employees or applicants to disclose usernames, passwords, or access to personal accounts through electronic communications devices | New Jersey Department of Labor — N.J.S.A. 34:6B-5 et seq., Electronic Communications Devices |
| Audio, call, and electronic communications monitoring | Interception, disclosure, or use of wire, electronic, or oral communications | New Jersey Revised Statutes § 2A:156A-3 — Interception, disclosure or use of wire, electronic or oral communications |
| Computer and device access | Unauthorized or excessive access to data, databases, computer systems, computer networks, software, or equipment | New Jersey Revised Statutes § 2C:20-25 — Computer criminal activity |
| Workplace cameras and private areas | Privacy limits for photographing, filming, videotaping, recording, or reproducing images in sensitive private contexts | New Jersey Revised Statutes § 2C:14-9 — Invasion of privacy |
| Employee personal information collected or stored through monitoring | Breach notification duties involving electronic files, media, or data containing personal information | New Jersey Revised Statutes § 56:8-163 — Disclosure of breach of security to customers |
Oregon
In Oregon, the most sensitive employee monitoring issues usually come from communication recording, personal social media access, computer-system authorization, GPS tracking, and private-space boundaries. Monitoring tools that record calls or meetings, capture conversations, use webcams, track vehicles, or collect detailed employee activity data should be reviewed with clear notice, authorization, and data-handling limits in mind. Oregon's communications statute includes rules for obtaining conversations, telecommunications, and radio communications, while its employment law separately addresses employee social media account privacy.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, and communications monitoring | Obtaining conversations, telecommunications, or radio communications; notice and consent considerations | Oregon Revised Statutes § 165.540 — Obtaining contents of communications |
| Personal social media accounts | Restrictions on employer requests for employee or applicant personal social media access | Oregon Revised Statutes § 659A.330 — Employee social media account privacy |
| Computer and device access | Unauthorized access or use of computers, computer systems, or computer networks | Oregon Revised Statutes § 164.377 — Computer crime |
| Vehicle or GPS tracking | Affixing a GPS device to a motor vehicle without required owner consent | Oregon Revised Statutes § 163.715 — Unlawful use of a global positioning system device |
| Workplace cameras and private areas | Visual recording or observation where privacy expectations may be higher | Oregon Revised Statutes § 163.700 — Invasion of personal privacy in the second degree |
| Employee personal information collected or stored through monitoring | Notice duties after a breach of security involving computerized personal information | Oregon Revised Statutes § 646A.604 — Notice of breach of security |
Pennsylvania
Pennsylvania's most important employee monitoring issue is usually communications consent. Recording calls, meetings, or oral conversations can be sensitive because the state's wiretap law generally prohibits interception of wire, electronic, or oral communications unless an exception applies; one key exception refers to prior consent of all parties. Monitoring software that includes audio capture, call recording, meeting recording, screenshots with message content, or access to communications should therefore be handled with particular caution.
Other relevant areas include private-space surveillance, computer access, mobile tracking devices, and breach notification duties if employee personal information is stored or exposed. For workplace use, Pennsylvania is best approached through clear notice, documented authorization, limited data collection, and careful separation between business systems and private communications.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, meeting, and electronic communications monitoring | Interception, disclosure, or use of wire, electronic, or oral communications | Pennsylvania Consolidated Statutes, Title 18, § 5703 — Interception, disclosure or use of wire, electronic or oral communications |
| Consent review for recorded communications | Exceptions to the interception prohibition, including prior consent of all parties | Pennsylvania Consolidated Statutes, Title 18, § 5704 — Exceptions to prohibition of interception and disclosure of communications |
| Workplace cameras and private areas | Invasion of privacy involving viewing, photographing, videotaping, or recording in private places | Pennsylvania Consolidated Statutes, Title 18, § 7507.1 — Invasion of privacy |
| Computer and device access | Computer trespass and use of a computer or computer network without authority or beyond authority | Pennsylvania Consolidated Statutes, Title 18, § 7615 — Computer trespass |
| Location-related monitoring | Mobile tracking device authorization framework | Pennsylvania Consolidated Statutes, Title 18, § 5761 — Mobile tracking devices |
| Employee personal information collected or stored through monitoring | Breach notification duties involving personal information | Pennsylvania Breach of Personal Information Notification Act |
Rhode Island
Rhode Island's relevant employee monitoring issues are concentrated around communications privacy, personal social media access, computer authorization, camera-based privacy, and protection of employee personal information. Monitoring software may need closer review when it records calls or meetings, captures electronic communications, accesses personal accounts, uses screenshots or camera-related features, or stores employee data after collection. Rhode Island also requires a risk-based information security program for personal information held about state residents.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, meeting, and electronic communications monitoring | Unauthorized interception, disclosure, or use of wire, electronic, or oral communications | Rhode Island General Laws § 11-35-21 — Unauthorized interception, disclosure or use of wire, electronic, or oral communication |
| Personal social media accounts | Restrictions on employer requests for passwords or other access methods to employee or applicant personal social media accounts | Rhode Island General Laws § 28-56-2 — Social media password requests prohibited |
| Personal account access in employer's presence | Limits on requiring or requesting an employee or applicant to access a personal social media account in the employer's presence | Rhode Island General Laws § 28-56-3 — Social media access requests prohibited |
| Computer and device access | Intentional unauthorized access, alteration, damage, or destruction involving computers, systems, networks, software, programs, or data | Rhode Island General Laws § 11-52-3 — Intentional access, alteration, damage, or destruction |
| Workplace cameras and private visual content | Video voyeurism and use of imaging devices where a person has a reasonable expectation of privacy | Rhode Island General Laws § 11-64-2 — Video voyeurism |
| Employee personal information collected or stored through monitoring | Risk-based information security program and reasonable safeguards for personal information | Rhode Island General Laws § 11-49.3-2 — Risk-based information security program |
| Security incidents involving monitored employee data | Notification duties after a breach involving personal information | Rhode Island General Laws § 11-49.3-4 — Notification of breach |
Tennessee
In Tennessee, employee monitoring may involve several separate legal areas: personal internet accounts, employer-provided devices and networks, communications recording, vehicle tracking, computer access, camera-related features, and protection of stored employee data.
For employers, the main focus is keeping monitoring within authorized business systems, avoiding access to personal accounts, and using clear internal policies when tools record communications, track vehicles, use cameras, or collect employee information.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Personal internet accounts | Restrictions on requiring employees or applicants to disclose passwords, add the employer as a contact, or access a personal internet account in the employer's presence | Tennessee Code § 50-1-1003 — Prohibited actions by employer |
| Employer-provided devices, accounts, and networks | Exceptions for employer-supplied devices, employer accounts, business-purpose services, investigations, and monitoring or blocking data on employer systems | Tennessee Code § 50-1-1003 — Employer exceptions for business systems and investigations |
| Audio, call, and electronic communications monitoring | Wiretapping and electronic surveillance rules for intercepting, disclosing, or using wire, oral, or electronic communications | Tennessee Code § 39-13-601 — Wiretapping and electronic surveillance |
| Vehicle or location tracking | Electronic tracking device rules for motor vehicles | Tennessee Code § 39-13-606 — Electronic tracking of motor vehicles |
| Computer and device access | Unauthorized access, copying, disruption, or misuse involving computers, systems, networks, software, programs, or data | Tennessee Code § 39-14-602 — Computer offenses and penalties |
| Workplace cameras and private areas | Unlawful photography and private-space image capture considerations | Tennessee Code § 39-13-605 — Unlawful photography |
| Employee personal information collected or stored through monitoring | Breach notification duties involving computerized personal information | Tennessee Code § 47-18-2107 — Breach of system security; notification |
Texas
In Texas, employee monitoring may involve communications privacy, vehicle or location tracking, computer access, camera-related privacy, and protection of sensitive personal information. Monitoring tools that record calls or meetings, capture electronic communications, track company vehicles, use webcam or visual recording features, or store employee personal data should be supported by clear authorization, internal policies, and appropriate data-security controls. Texas law separately addresses interception of communications, tracking devices on motor vehicles, breach of computer security, invasive visual recording, and duties to protect sensitive personal information.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, meeting, and electronic communications monitoring | Interception, disclosure, or use of wire, oral, or electronic communications | Texas Penal Code § 16.02 — Unlawful interception, use, or disclosure of wire, oral, or electronic communications |
| Vehicle or location tracking | Installation of an electronic or mechanical tracking device on a motor vehicle owned or leased by another person | Texas Penal Code § 16.06 — Unlawful installation of tracking device |
| Computer and device access | Knowingly accessing a computer, computer network, or computer system without effective consent | Texas Penal Code § 33.02 — Breach of computer security |
| Workplace cameras and private visual content | Invasive visual recording and camera-based privacy restrictions | Texas Penal Code § 21.15 — Invasive visual recording |
| Employee sensitive personal information collected or stored through monitoring | Business duty to protect sensitive personal information | Texas Business & Commerce Code § 521.052 — Business duty to protect sensitive personal information |
| Security incidents involving monitored employee data | Notification duties after a breach of system security involving sensitive personal information | Texas Business & Commerce Code § 521.053 — Notification required following breach of security of computerized data |
Utah
In Utah, employee monitoring can touch several separate areas: personal Internet accounts, interception of communications, location tracking, computer access, private-space surveillance, and protection of stored employee data. Monitoring tools that record calls or meetings, access personal accounts, track vehicles or devices, use screenshots or camera features, or store employee personal information should be tied to clear authorization, workplace policies, and appropriate data-security practices. Utah also has a specific Internet Employment Privacy Act that limits employer requests for access to personal Internet accounts.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Personal Internet accounts | Restrictions on employer requests for usernames, passwords, or access information for employee or applicant personal Internet accounts | Utah Code § 34-48-201 — Employer may not request disclosure of information related to personal Internet account |
| Employer devices, accounts, and systems | Employer-permitted actions involving employer-supplied devices, employer-paid devices, employer accounts, and business-purpose systems | Utah Code § 34-48-202 — Permitted actions by an employer |
| Audio, call, meeting, and electronic communications monitoring | Interception of wire, electronic, or oral communications; consent-related exceptions | Utah Code § 77-23a-4 — Offenses; criminal and civil; lawful interception |
| Vehicle, device, or location tracking | Use of tracking devices or tracking applications to track location or movement | Utah Code § 76-12-305 — Unlawful use of a tracking device or tracking application |
| Computer and device access | Unauthorized access or action involving computer technology | Utah Code § 76-6-703 — Unlawful computer technology access or action |
| Workplace cameras and private areas | Privacy violation involving surveillance or recording in private places | Utah Code § 76-12-302 — Privacy violation |
| Employee personal information collected or stored through monitoring | Disclosure duties after a system security breach involving personal information | Utah Code § 13-44-202 — Personal information; disclosure of system security breach |
Virginia
In Virginia, employee monitoring may touch communications privacy, personal social media access, location tracking, computer authorization, private-space recording, and stored employee personal information. Monitoring tools that record calls or meetings, capture electronic communications, track vehicles or devices, access company systems, use screenshots or camera features, or collect employee data should be supported by clear authorization, internal policies, and appropriate data-security practices. Virginia law also addresses situations where an employer inadvertently receives login information through employer-provided devices or network-monitoring programs.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Personal social media accounts | Restrictions on requiring current or prospective employees to disclose usernames/passwords or add employer contacts to personal social media accounts | Virginia Code § 40.1-28.7:5 — Social media accounts of current and prospective employees |
| Employer-provided devices and network monitoring | Employer treatment of inadvertently received employee social media login information through employer devices or network monitoring | Virginia Code § 40.1-28.7:5 — Employer-provided device and network-monitoring provisions |
| Audio, call, meeting, and electronic communications monitoring | Interception, disclosure, or use of wire, electronic, or oral communications; prior-consent exception | Virginia Code § 19.2-62 — Interception, disclosure, etc., of wire, electronic or oral communications unlawful |
| Vehicle, device, or location tracking | Unauthorized use of an electronic tracking device through deceptive means and without consent | Virginia Code § 18.2-60.5 — Unauthorized use of electronic tracking device |
| Computer and device access | Computer trespass and unauthorized or deceptive access to computer data, software, computers, or networks | Virginia Code § 18.2-152.4 — Computer trespass |
| Employee personal information collected or stored through monitoring | Notification duties after a breach involving personal information | Virginia Code § 18.2-186.6 — Breach of personal information notification |
Washington
Washington places strong emphasis on communications privacy, so employee monitoring tools that record calls, meetings, or private conversations require careful consent review. Monitoring may also involve personal social networking accounts, electronic tracking, computer-system access, camera-based privacy, and breach notification duties when employee personal information is stored or exposed. Washington's private communication law addresses intercepting or recording private communications, while its employment law limits employer access to personal social networking accounts.
For workplace monitoring, the safest approach is clear notice, documented authorization, limited collection, and careful separation between employer-owned systems and personal accounts or private communications. Extra caution is needed for audio capture, GPS/location features, screenshots, webcam use, and monitoring tools that collect personal information. Washington's cybercrime and breach-notification rules are also relevant when monitoring software accesses systems or stores employee data.
Official legal references
| Applies to | Legal topic | Reference |
|---|---|---|
| Audio, call, meeting, and private communications monitoring | Intercepting, recording, or divulging private communications; consent requirements and exceptions | Washington RCW § 9.73.030 — Intercepting, recording, or divulging private communication; consent required; exceptions |
| Personal social networking accounts | Limits on employer requests for login information, account access in the employer's presence, contact-list changes, or privacy-setting changes | Washington RCW § 49.44.200 — Personal social networking accounts; restrictions on employer access |
| Location tracking | Electronic tracking device considerations, including tracking the position and movement of another person, vehicle, device, or personal possession | Washington RCW § 9A.46.110 — Stalking; electronic tracking device definition |
| Computer and device access | Unauthorized access to a computer system or electronic database | Washington RCW § 9A.90.040 — Computer trespass in the first degree |
| Workplace cameras and private areas | Camera-based privacy concerns involving viewing, photographing, or filming in private contexts | Washington RCW § 9A.44.115 — Voyeurism |
| Employee personal information collected or stored through monitoring | Breach notification duties involving personal information held by individuals or businesses | Washington RCW § 19.255.010 — Personal information; notice of security breaches |