The door you can't see

I've had this conversation with at least three different business owners over the years. The request is always a version of the same thing: can you pull a report on what this person's been doing?

Every time, the frustration behind it is legitimate. They're paying a senior salary. They don't feel they're getting the value back. And the data is sitting right there in a system they own, behind an admin panel they have access to. It doesn't feel like crossing a line. It feels like checking on something that's theirs.

And every time, the reaction when I explain the problem is the same: how on earth does privacy come into this?

It comes into it because of something so obvious we never think about it. Every workplace has a loo. And every loo has a door.

Why the door is there

Nobody thinks twice about that door. Nobody questions it. Nobody argues that because the building belongs to the business, and the employee is on company time, and the facilities are paid for by the employer — the door should come off.

The door stays. Always. Not because of a policy. Not because someone wrote a rule about it. Because there's a point where the employer's legitimate interest in what happens in their building stops and the individual's privacy begins. The door is that point, made physical.

Now imagine a camera inside the cubicle. Always on. Pointed right at the person.

Nobody needs a law explained to them to know that's wrong. The reaction is instant, visceral, unanimous. You just know. The door exists for a reason, and putting a camera on the other side of it violates something fundamental.

That reaction — that gut-level certainty — isn't a legal principle. It's a human one. Privacy isn't something the law invented. It's something people feel before they think about it. The door on the loo wasn't put there by an act of Parliament. It was put there because everyone already knew it needed to be there.

But here's the thing: privacy doesn't stop at the door.

What a ridiculous idea reveals

Imagine you start a new job and the boss says: "We've got CCTV — it's here to deter theft, provide evidence if something happens, you know, the usual. Oh, and we also use it to monitor how long people spend in the loo."

Ridiculous, right? But sit with your reaction for a moment. You felt two things at once. First: that's off. Second: wait — is that even possible?

Both matter. The first is your privacy instinct firing outside the door, where things are less clear. The second reveals something most people don't know: there is a law that covers this. A law that governs privacy in the workplace, in the employer's own space, even when the employer owns everything in sight.

The boss who announces this isn't breaking the law by doing so. But the way I explain it to clients: the law says you must declare it first, and your people get to decide whether they're willing to work under those conditions.

Some employees won't mind. But the employee with a gut condition they'd rather not share with anyone — for them, that number on the boss's spreadsheet isn't a productivity metric. It's private information about their life. They'd think twice about working there. Not because they're lazy, not because they've got something to hide, but because something genuinely private just got caught by a camera that was pointing at a door, not at them.

Two angles on the same scenario. The boss's logic makes sense. The employee's objection makes sense. The law exists to hold the tension between them — not by banning the boss, but by requiring transparency. You have to knock first. Declare what you're doing. Let people choose.

That's the whole principle. Privacy doesn't stop at the loo door. It extends into the shared space, where it's fuzzier but still real. And the law protects it when it can no longer protect itself.

Now take that into the digital world, where things get much fuzzier still.

The boundary you can't see

In the digital world, the same privacy exists. But the employee's side of the argument has disappeared entirely.

There's no physical door. No visible camera. Everything looks like it belongs to the employer — the laptop, the software licence, the Microsoft 365 tenant, the email system, the Teams platform. When you own everything visible, it's genuinely hard to feel that there's a boundary at all.

And the boss has a far more powerful tool here than any CCTV camera. The admin panel — the ability to pull activity logs, login times, presence data, idle minutes, on any employee, at any time, without that employee knowing it happened.

In the corridor, both angles were visible. The boss could see their logic and the employee could see the camera. In the digital world, only the boss's angle exists. The employee doesn't know their data was pulled — so they can't decide how they feel about it, can't push back. The moment of choice that the corridor preserved has been silently removed.

That's where the power imbalance becomes dangerous. The corridor belongs to the boss. The camera belongs to the boss. The building belongs to the boss. In the physical world, that power is at least visible — the employee can see the camera and decide how they feel about it. In the digital world, the boss holds everything — the systems, the access, the ability to look without being seen — and the employee's privacy can't defend itself because the employee doesn't know it's under threat.

There's nothing in the Microsoft 365 admin centre that says "WARNING: you are about to cross a privacy boundary." No door. No handle. No lock. Just data, available, looking like it belongs to whoever's logged in. The ease of access creates the illusion that access is appropriate.

But the same law applies. The boundary was always there — you just can't see it.

And there's a second principle that becomes critical here: the boundary doesn't move just because you find a new reason to cross it.

Microsoft Teams is the most useful thing to think with, because the same product sits on both sides of the line. Teams used as a comms tool, where everyone sees each other's presence — green dot, red dot, away, busy — as a normal part of working: fine. That's the "vacant" and "engaged" sign on the door. Visible, mutual, everyone sees it, everyone uses it. Nobody objects because it's there for everyone equally.

But the same Teams system has an admin back end where you can pull detailed activity logs on a specific named employee — when they were online, when they went idle, how long they were away. The visible system stays exactly as it is. Everyone still sees each other's presence. Nothing changes on the surface. The boss has just quietly installed a hidden camera behind the sign — for one person, without telling them.

Same data, different use, different side of the line. The technology doesn't determine whether you've crossed the boundary. The purpose does.

Now put that laptop on a kitchen table

There's one more step on this gradient.

Picture a company laptop on an employee's kitchen table. They work from home. They pay the mortgage. The building is theirs. The employer's territorial authority — the thing that gave the corridor example its force — has completely evaporated. The only thing the employer owns is the device and the software licence.

But the admin panel still works. The boss can still pull activity logs, still see idle minutes, still check when the laptop woke up and when it went to sleep — reaching into the employee's private home through a connection they can't see or control.

If the invisible boundary felt abstract in the office, it feels a lot more concrete when the surveillance is reaching into someone's kitchen. The principles don't change — tell people, let them choose. But the stakes feel different when the boundary being crossed isn't in a corporate corridor — it's in someone's home.

Why the law doesn't make it right

By now, the practical-minded reader is thinking: fine, I'll just announce the monitoring and I'm covered.

Not quite. Declaring surveillance doesn't make it ethical. The law doesn't bless intrusive monitoring by requiring transparency — it forces the boss to say the quiet part out loud, knowing what happens next. The employee with the gut condition leaves. The good people leave. The ones who stay are the ones who couldn't afford to go. That's not a healthy business.

Compliance isn't a substitute for conscience. It's a mechanism that exposes bad practice to the consequences it deserves. If announcing what you're doing would make half your staff reconsider working for you, that tells you something important — not about the law, but about what you're actually proposing to do.

What this actually reveals about the question

Here's what's taken me a few of these conversations to see clearly.

The business owner reaching for activity logs is trying to answer a legitimate question: is this person doing what I'm paying them for? The frustration is real, the concern is valid, and Microsoft literally built the tool into the admin panel. It would be strange not to reach for it.

The first thing worth understanding is why that data is there in the first place. Activity logs, sign-in records, presence data — all of it exists because Microsoft 365 needs it to function. Security monitoring, troubleshooting, licence management. The system can't run without generating this data. It's a byproduct of the platform doing its job — like the vacant/engaged sign on the loo door. The sign generates information: who's in, who's out, how long. Nobody objects to the sign, because it's there to help the system work.

But the data was collected for that declared purpose — not for building a case against a named individual. The moment the boss repurposes it to investigate one person's performance, the data hasn't changed but the use has. The sign is still on the door. Nobody took it down. But someone started quietly logging what it showed and using it for something it was never meant for — without telling the person on the other side.

That's what the law cares about. Not that the data exists — but that it gets used for a new purpose the individual was never told about. Each use needs its own justification and its own notice.

And the boundary is there regardless of how good the tool is. Even if someone invented a system that perfectly measured genuine productivity, obtaining that data covertly would still cross the same line. The violation is in the method, not the data. A flawless surveillance tool is still surveillance.

And then there's the irony: the tool they're actually reaching for isn't even giving them good data. Activity logs measure input, not output. A high performer could solve a critical problem in twenty minutes then step away — the log shows "idle." A low performer could wiggle their mouse for eight hours — the log shows "active." The owner is crossing a privacy boundary and not even getting useful intelligence in return.

But even if the data were perfect, there's a practical trap that most owners don't see until it's too late. Data pulled without proper notice can't be used as evidence — not in a performance conversation, not in a disciplinary, not at tribunal. It was obtained for the wrong purpose, so it's tainted from the start. And it gets worse: the moment the boss acts on it, the employee can argue that the whole process was constructed against them — that the data was pulled to build a case, not to manage performance. That argument is very hard to disprove, because the covert nature of the access is itself the evidence. The boss went from investigating the employee to handing the employee a case against them.

The law is doing them a favour. It's not just protecting the employee from intrusion — it's protecting the employer from a trap they'd be building for themselves. Closing off a tool that doesn't work, that can't be used even if it did, and that creates a bigger problem than the one it was trying to solve.

And if the boss says they stumbled across the data accidentally — while troubleshooting the system, while checking something else — genuine or not, it doesn't change the position. The data is still about a person, still obtained without notice for that purpose, and still unusable as the basis for action. The answer is the same either way: build proper processes and measures to address performance, not a case built on data the employee didn't know was being looked at.

If what's discovered looks like genuine serious misconduct — not underperformance, but something that could constitute a real breach — that's a different situation entirely, and it's the point where the conversation stops being an IT question and becomes a legal one. Speak to an employment solicitor before doing anything else.

My own industry isn't immune

I'll be honest. In the managed IT services world, time is everything. Billable hours, utilisation rates, time-to-resolution. Every MSP I know has had the half-joking conversation about whether cigarette breaks and toilet time should come off the clock.

But measurement doesn't answer the question it's trying to avoid. Have I built the kind of team and culture where people want to do good work? If yes, you don't need the measurements. If no, the measurements won't fix it.

Technology can support good management. It cannot replace it.

The stronger move

The owners who've come through these conversations and actually resolved the problem didn't do it through monitoring. They did it through clarity — documented expectations, structured one-to-ones, evidence that builds itself over time rather than being extracted in secret.

When performance still doesn't improve, a formal review and Performance Improvement Plan is the move that actually produces evidence a business can act on — legally sound, commercially defensible, impossible to argue with. An employment solicitor or HR adviser can set this up in a single conversation, usually for a few hundred pounds. For anything more serious — suspected disloyalty, working for a competitor — that conversation becomes essential.

The gap between what covert monitoring risks and what proper management costs makes the choice straightforward. One path crosses a boundary, produces unreliable data, and creates legal exposure. The other path produces real evidence through open management. Same question, very different answers.

A final thought

The loo door is the one place in every workplace where privacy is built into the architecture. You can see it, touch it, close it behind you. Nobody questions it.

In the digital world — and increasingly in the employee's own home — the same boundary exists. Same principle. Same reason. The only difference is that you can't see it.

The answer to the question the owner was really asking — is this person doing the job? — was never behind the admin panel. It was in the conversation they hadn't had yet.

This piece reflects how I think about these conversations as an MSP. It isn't legal advice. For anything specific to your business or an employee situation, an employment solicitor or HR adviser is the right starting point — and usually the fastest route to a resolution that actually holds up.

There's a deeper question underneath all of this — one I've been thinking about since having these conversations. In the workplace, the invisible boundary gets crossed when a boss reaches for an admin panel. But what happens when the watching isn't a choice anyone makes — when it's designed into how the tools connect to you, and using them means the camera was already on before you started? That's another conversation, and it's one I think we'll need to have soon.

‍