When employees leave your company it’s a costly affair. Any investment in training that you’ve provided is lost and the costs of replacements, including recruitment fees and induction processes, can be significant.
Over and above this, there could potentially be very damaging repercussions for your business. If the outgoing employee decides to take your product information, supplier details, customer lists or even clients with them, the new organisation they go to gets a significant chunk of your competitive advantage.
Up until now, team leaders and company owners have had to rely on their own eagle eyes to flag up signs that an employee is looking to defect, staying alert for things like erratic attendance, single holiday days, suspect phone calls or sharper dress around the office. Suffice to say it’s an inexact science – plenty slip through the net.
But now big data could provide a more efficient answer. SaaSID – a Basingstoke, Hampshire-based company founded at the beginning of 2011 – has created automated functionality to identify signallers that employees are disaffected and looking to uproot.
The company’s founder, Ed MacNair, a seasoned leader of technology companies from start-up to blue chip, explains the problem. “In my previous roles I have witnessed departments where as many as 30 per cent are looking for a new job. If the numbers are that high then there has to be a problem – a process or management issue. But if you’re not aware of it, you can’t do anything about it.”
Clearly that level of disaffection will impact on productivity. And losing all of those people in a short space of time could be crippling for the business. So MacNair turned to big data to address the problem.
“With some good analytical tools it’s actually quite easy to build in certain parameters or sequences of events to look for,” he says. “You need to monitor when an employee is emailing a CV out from a private web mail account, receiving emails from recruitment companies, starts accessing websites like monster.com, downloads your product portfolio information, exports account details and so on. But it’s not possible to keep an eye on all of these areas for each member of a team without help; that’s why our system automates it.”
Of course, one of the instances listed above in isolation doesn’t necessarily infer that an employee is looking to leave the company. Enter the analytics. SaaSID’s system is able to cross-reference multiple different indicators against one another and build up a ranking score for the individual, based on their activities. Once a pre-determined ranking score is reached a report is sent to the team manager with a breakdown of the activities, with real-time recording, calculation and reporting available if necessary. With an interface designed to be user-friendly for non-tech-savvy, the system is easily customisable for whichever indicators a company chooses to monitor and these can be tailored by type of employee too.
The activities need not even be as explicit as the obvious ones intoned above, either. As the system works collectively in conjunction with any disparate cloud software that the company is using, it can be used to flag up anything, like reduced use of certain programmes, erratic adherence to procedures, or certain activities on social media websites when accessed with company devices.
“The best way to use this is not to be draconian and look for heads to chop off,” says MacNair. “The smarter companies use it to see where they can nip problems in the bud, especially when they notice a trend across employees. Companies can set the warning parameter low and then take action to find out why employees are becoming less engaged. If it’s an issue with an individual you can usually find a resolution; if it’s an issue across an entire group of people then you have an opportunity to rectify the situation before it starts to cause you big problems.”
There is a fair amount of legal due diligence that needs to be undertaken before you go ahead with such a system though. Antonis Patrikios, a director in the Privacy & Information Law Group at European law firm Field Fisher Waterhouse LLP, says “there is nothing fundamentally wrong” with employee monitoring technology, but privacy regulations must remain at the forefront of considerations. “The employee’s privacy rights do not stop when they enter the office and there are some essential legal requirements which need to be met,” he warns.
“To begin with there must be some kind of check, a privacy impact assessment, to confirm that this kind of monitoring is lawful, necessary and proportionate to the legitimate business purpose that you want to achieve. Employees must also be provided with appropriate notice concerning the monitoring activities.”
A written ‘acceptable use policy’ clearly and accurately informing employees that they will be monitored while using company-owned equipment is mandatory – if this is neglected then the company will be acting illegally if it monitors anyway. The uses outlined must be proportionate to the intended purposes.
“Furthermore, attention must be paid to ensure that the use of the technology complies with applicable legislation” continues Patrikios. “It is essential to ensure compliance with regulations concerning lawful interception of communications in the employment context to avoid the risk of inadvertently committing an offence.”
Breaching data protection rules triggers the risk of enforcement action, fines and adverse publicity, as well as the risk of committing an offence under regulations concerning interception of communications. However, while the applicable regulations here in the UK are non-negotiable, Patrikios points out that they are not overly restrictive – employee monitoring has been around for several years, in one form or another, and the law reflects the need for commercial companies to monitor their systems.
“We have legislation in the UK and other European countries which enables controllers of private telecommunication systems, such as employers, to monitor their system for a wide array of legitimate purposes. Organisations simply need to ensure that their use of employee monitoring technologies is in accordance with this legislation,” adds Patrikios. “And remember that any processing of information relating to identifiable employees in this context must comply with data protection legislation; notice, lawfulness, necessity and proportionality are the essential requirements, but there are others such as those relating to data security and international data transfers.”
The Information Commissioner’s Office is the regulator responsible for overseeing the use of personal data in the UK. But both MacNair and Patrikios warn that each country has its own regulators. “If your company operates in several countries, you have to ensure you are compliant with national law and your practices meet the expectations of the local regulators in each of the countries you operate in,” adds Patrikios. “For example, in several countries, such as Germany and France, you are likely to need to notify the data protection regulator and involve the Works Council before implementing employee monitoring technologies”.
This latter point may be a stumbling block. A contact of the Big Data Insight Group who works as a senior HR officer for blue chip finance company, but didn’t wish to be named, told us that it can be extremely difficult to obtain consent from these Works Councils, which are effectively trade unions.
“It depends on your relationship with them as an organisation as to how successful you will be with something like this,” she said. “Even getting a change of job description past them can be difficult some times. Any sort of a request like this is likely to be used as a bargaining tool for more money since it is a change in working conditions or, if your relationship with them is not good, they might use it as ammunition for accusations of snooping against you.”
Our source warned companies not to be overzealous with monitoring tools. “Our approach is generally based on trust – we don’t monitor the non-work activities that our employees use, like social media, because they are generally here from early morning to late at night and very often at weekends too. To guard against people taking data away we have non-disclosure agreements for everyone who works here. That is essential.”
The fact that SaaSID’s system is automated, though dispelling none of the legal obligations, helps with the privacy issue on an emotional level, says MacNair. Some people are deeply suspicious of monitoring equipment but it removes the human element – there is not a person watching, only a machine. Nobody is reading any personal data as a by-product of monitoring for particular activities – they just see a report which contains the points of interest.
Prevention better than cure
Attempting to reach a disaffected employee before they take action is one way to protect your company’s data; but limiting who has access to it in the first place also makes sound sense. SaaSID’s offering is a single-sign-on system which allows personnel to log on to all of their multiple different account-based software-as-a-service with only one username and password. Using an accreditation service like this also allows you to put a filter in place on what the employees can do once they are in any particular programme at the same time.
Says MacNair: “We ensure that the employee privileges match the role that has been designated by the company. You might have a system administrator who can see everything in a company – all of the salaries and all of the personal data. He perhaps shouldn’t be able to see that but lot of cloud-based applications aren’t that granular in their access control. Similarly, you might have everybody in the company able to export data when in actual fact this could be limited to managers of a certain level. We implement that control. We can also take something very specific like an individual credit card record or anything else and provide a very detailed audit trail on who accessed what, where and when.”
Obviously the best outcome of learning that a member of staff is planning to leave before it actually happens is that you are able to address the reasons why that member of staff is dissatisfied and you are able to take measures to entice them to stay. The very least you should be doing is stopping your business assets walking out of the door with a resignation letter and a P45. This should now be an easier task with the application of big data.