Employee Monitoring and GPS Tracking Laws by State

Whether you’re tracking employee time, monitoring company devices, or using GPS to manage field teams, it’s important to understand the legal rules that apply. Depending on where your employees work, you may need to provide notice, obtain consent, or limit when and how monitoring takes place.

In this guide, we cover the main employee monitoring and GPS tracking laws by state to help you understand what rules and regulations you need to follow when implementing monitoring or location tracking systems.

This guide is for informational purposes only and is not intended to be legal advice. Consult an employment attorney or your state’s labor division for more information.

Employee monitoring laws: Key principles

Employee monitoring laws are federal and state regulations that dictate how and when you can observe and track workers. These can cover monitoring of phone calls, emails, internet usage, social media, GPS location, and video.

Employee monitoring laws revolve around three key principles:

  • Transparency: In general, you need to inform employees about what activities are being monitored and how their data will be used.
  • Privacy: Employees may not be entitled to much privacy in the workplace. However, they’re still assured a minimum level of privacy, which varies based on jurisdiction and on what activities are being monitored.
  • Data protection: You’re typically required to protect the data you collect from misuse or unauthorized access.

If you don’t follow applicable state and federal laws for employee monitoring, you may be subject to penalties, including civil lawsuits, fines, and class action suits.

For example, in most states, businesses that fail to provide prior written notice and obtain employee consent for monitoring can face fines of $100–$7,500 per violation.

Federal rules employers should know

Federal laws set the baseline boundaries for transparency, privacy, and data protection when monitoring employees.

  • Electronic Communications Privacy Act (ECPA): The Electronic Communications Privacy Act (ECPA) of 1986 is a U.S. federal law that prohibits employers from intercepting oral, wire, and digital communications among employees. They may be allowed to do so on employer-provided devices, for legitimate business operations, and with employee consent.
  • Stored Communications Act (SCA): The Stored Communications Act (SCA) is part of the ECPA and regulates access to stored electronic communications. Employers can generally access communications stored on company systems like email servers or cloud accounts, but they can’t access personal accounts or personal devices without employee consent.
  • Computer Fraud and Abuse Act (CFAA): The Computer Fraud and Abuse Act (CFAA) prohibits unauthorized access to computer systems. This means employers must get authorization from employees — through individual contracts, organizational policy, or signed consent — before installing monitoring software on devices.
  • Health Insurance Portability and Accountability Act (HIPAA): The Health Insurance Portability and Accountability Act of 1996 aims to protect sensitive health information from being disclosed without the employee’s consent or knowledge. If employers collect their workers’ medical records and health information, these must be secured.

Employee monitoring laws by state

Employee monitoring laws vary from state to state, so it’s important for you to follow both federal and state regulations applicable to your operational location. 

StateEmployee tracking during work hoursCompany device monitoringRecording calls and workplace audioVideo surveillance in public areasEmail, internet, and computer monitoring
AlabamaNo specific lawNo specific lawOne-party consentLimitedNo specific law
AlaskaNo specific lawNo specific lawOne-party consentLimitedNo specific law
ArizonaRegulated No specific lawOne-party consentLimitedNo specific law
ArkansasNo specific lawNo specific lawOne-party consentLimitedNo specific law
CaliforniaRegulated Regulated Two-party consentRegulated No specific law
Colorado Regulated No specific lawOne-party consentLimitedNo specific law
ConnecticutRegulatedRegulatedTwo-party consentRegulated Regulated
DelawareRegulatedRegulatedOne-party consentRegulated Regulated
FloridaNo specific lawNo specific lawTwo-party consentLimitedNo specific law
GeorgiaNo specific lawNo specific lawOne-party consentLimited No specific law
HawaiiRegulatedRegulatedOne-party consentLimitedRegulated
IdahoNo specific lawNo specific lawOne-party consentLimitedNo specific law
Illinois RegulatedRegulatedOne-party consentLimitedNo specific law
IndianaNo specific lawNo specific lawOne-party consentLimitedNo specific law
IowaNo specific lawNo specific lawOne-party consentLimitedNo specific law
KansasNo specific lawNo specific lawOne-party consentLimitedNo specific law
Kentucky No specific lawNo specific lawOne-party consentLimitedNo specific law
Louisiana No specific lawNo specific lawOne-party consentLimitedNo specific law
MaineRegulatedRegulatedOne-party consentLimitedRegulated
MarylandRegulatedRegulatedTwo-party consentLimitedRegulated
MassachusettsRegulatedRegulatedTwo-party consentLimitedRegulated
MichiganRegulatedNo specific lawOne-party consentLimitedNo specific law
MinnesotaRegulatedNo specific lawOne-party consentLimitedNo specific law
MississippiRegulatedNo specific lawOne-party consentLimitedNo specific law
Missouri No specific lawNo specific lawOne-party consentLimitedNo specific law
MontanaNo specific lawNo specific lawTwo-party consentLimitedNo specific law
NebraskaNo specific lawNo specific lawOne-party consentLimitedNo specific law
NevadaRegulatedRegulatedIn-person, one-party consent, phone calls, two-party consentLimitedNo specific law
New HampshireRegulatedNo specific lawTwo-party consentLimitedRegulated
New JerseyRegulatedRegulatedOne-party consentLimitedRegulated
New MexicoNo specific lawNo specific lawOne-party consentLimitedNo specific law
New York RegulatedRegulatedOne-party consentRegulated Regulated
North CarolinaNo specific lawNo specific lawOne-party consentLimitedNo specific law
North DakotaRegulatedNo specific lawOne-party consentLimitedNo specific law
OhioRegulatedNo specific lawOne-party consentLimitedNo specific law
OklahomaRegulatedNo specific lawOne-party consentLimitedNo specific law
Oregon RegulatedNo specific lawIn-person, two-party consent, phone calls, one-party consentLimitedNo specific law
PennsylvaniaRegulatedNo specific lawTwo-party consentLimitedNo specific law
Rhode IslandRegulatedNo specific lawOne-party consentLimitedNo specific law
South CarolinaRegulatedNo specific lawOne-party consentLimitedNo specific law
South DakotaNo specific lawNo specific lawOne-party consentLimitedNo specific law
TennesseeRegulatedNo specific lawOne-party consentLimitedNo specific law
TexasRegulatedRegulatedOne-party consentRegulated Regulated
Utah RegulatedNo specific lawOne-party consentLimitedNo specific law
VermontRegulatedNo specific lawOne-party consentLimitedNo specific law
VirginiaRegulatedNo specific lawOne-party consentLimitedNo specific law
WashingtonNo specific lawNo specific lawTwo-party consentLimitedNo specific law
West Virginia No specific lawNo specific lawOne-party consentLimitedNo specific law
WisconsinRegulatedNo specific lawOne-party consentLimitedNo specific law
WyomingNo specific lawNo specific lawOne-party consentLimitedNo specific law

States with strict employee monitoring and GPS tracking laws

The following states impose stricter restrictions regarding employee surveillance.

Arizona

Arizona restricts how long employers can continuously track employees. It prevents employers from surveilling employees with electronic, digital, or GPS tracking for more than 12 hours continuously without authorization.

This law was put in place to protect employee privacy and prevent over-monitoring during off-duty hours.

Source: Arizona Revised Statute §13-2923

California

The right to privacy in California is unique because, unlike the federal Constitution, it explicitly applies to government agencies, private sector corporations, and individuals.

Employee GPS tracking is strictly regulated in California, with restrictions around geolocation and biometric information tracking.

Source: California Constitution Art I, Declaration of Rights

  • Employee tracking during work hours: California allows employers to track company-owned vehicles or mobile devices, provided they give advance written notice and obtain employee consent. Tracking must be limited to work hours only. Source: California Penal Code §637.7
  • Company device monitoring: According to California law, geolocation and biometric data are considered “sensitive personal information,” and employers must provide clear, written notification outlining exactly what data and devices are being monitored. Sources: California Consumer Privacy Act (CCPA), California Privacy Rights Act (Proposition 24) (CPRA), California Civil Code 1798.140
  • Video surveillance in public work areas: Video surveillance in public areas like locker rooms, break rooms, or lounges mustn’t include audio, and the business must make sure employees know they’re being recorded through clear, visible signage. Source: California Invasion of Privacy Act

Connecticut

In addition to providing prior written notice of the type of monitoring, employers in Connecticut must obtain employee consent and display public notices of how they’re being monitored in a location visible to all employees.

Source: Connecticut General Statutes § 31-48d

Delaware

Delaware prohibits employers from intercepting email, internet usage, or telephone conversations unless they meet one of two notice requirements:

  • They provide electronic notice to employees every day they access company emails and internet services.
  • They provide one-time notice of the monitoring policy in writing, which is acknowledged by the employee.

Source: Delaware 19 DE Code § 705 (2025)

Illinois

Illinois imposes strict restrictions on how employers collect, store, and use biometric data such as fingerprints, facial scans, and voiceprints.

  • Before collecting personal information, employers must explain to employees why and how personal data is collected and obtain written consent.
  • Employers must securely delete biometric data once it’s no longer needed, or within three years of an employee’s last interaction with the company.

Source: Illinois Biometric Information Privacy Act (BIPA) 740 ILCS 14 

Maine

Maine has introduced strict disclosure requirements for employers.

  • The law prevents employers from monitoring personal spaces and protects employees from being forced to install tracking apps on their personal electronic devices.
  • It also establishes that employers must inform candidates about its surveillance practices during the interview process and provide written notice to all employees at least once per year.

Source: Act to Regulate Employer Surveillance to Protect Workers LD 61

New York

Employers in New York must notify employees if they monitor devices beyond company-issued ones. Employers must inform employees that personal telephone conversations, emails, and internet usage may be subject to monitoring “at any time by lawful means.”

Source: New York SB S2628

What employers need to know for employee monitoring

While local laws for employee tracking differ, there are some common themes among most state regulations:

  • Notice: In many states, employers need to provide written notice prior to monitoring and GPS tracking.
  • Consent: Employees should give consent to monitoring activities voluntarily and without fear of employer retaliation. And monitoring policies should be clearly defined, including how and what data will be collected and the legitimate business purpose for tracking.
  • Personal devices: Generally, employers can’t force employees to install monitoring software on personal devices. Personal device monitoring typically requires a signed consent form from employees.
  • Recorded calls and audio: All states require either one- or two-party consent to legally record calls and audio.
    • One-party consent means that a single person involved in the call has to consent to recording.
    • Two-party consent means that all parties involved must consent.
  • Privacy: Employers are strictly prohibited from using cameras or listening devices in private areas like restrooms, locker rooms, break rooms, or lounges.
  • Email and internet monitoring: Most state laws don’t prevent employers from monitoring emails and internet usage on company devices and servers.

Notable GPS tracking rules

There’s no federal ban on GPS tracking. However, some states impose restrictions on how employers monitor employees’ locations.

  • Notification and consent: Employers in many states that track vehicle and device locations must provide written notice to employees and receive their consent, which must be given voluntarily. Use our free GPS tracking policy template to create a document you can use to obtain consent.
  • Company-owned vehicles: Most GPS tracking laws don’t apply to company-owned vehicles, allowing employers to legally monitor the vehicles in their fleets.
  • Tracking duration: Some state laws limit the scope of GPS tracking by only allowing tracking for a certain duration or while employees are on the clock.
💡Pro Tip
If your employees work in multiple states, you can’t rely on a single monitoring policy. You may need to comply with the laws of each state where monitoring takes place — and not just where your business is headquartered.

This is particularly important if your employees or vehicles regularly cross state lines, because a policy that’s legal in one state may not be compliant in another.

5 best practices for compliant employee monitoring

“Monitoring should never be implemented simply because an employer is curious or wants to keep an eye on employees,” warns Edgar Ndjatou, owner of Officium, LLC. Before implementing employee tracking, managers should ask “whether doing so supports trust, productivity, compliance, and a healthy workplace culture.”

This often means finding that delicate balance between safeguarding company interests and respecting worker privacy.

1. Establish clear policies

“[T]he most effective monitoring programs are the least surprising,” says Alberto A. Hernandez, Esq., Attorney at The FOIA Lawyer. “Employers that clearly explain what is being monitored and why, and how the information will be used, are by far less likely to have legal disputes or backlash from employees.”

So create a strong employee monitoring policy. Apart from explaining what’s being tracked, it should also explain the purpose of tracking and clarify who, what, why, how, and when employee monitoring will take place.

Employee monitoring policy outline

  1. Scope
    • Whom does the policy apply to? Employees, contractors, temporary staff, etc.
    • Which devices are monitored? Laptops, phones, tablets, networks, email accounts, internal messaging platforms, etc.
  2. Purpose
    • Why is data being tracked? Maintaining security, protecting clients, increasing productivity, etc.
  3. Activities tracked
    • Computer and internet: Tracking active vs. idle time, application usage, websites visited, etc.
    • Time and attendance: Monitoring work activity, breaks, and schedule adherence
    • Facial recognition and geofencing: Tracking clock-ins and clock-outs to prevent buddy punching and time theft
    • GPS tracking: Company vehicle and worker locations
    • Cameras: Transit through common areas and facility entry points (excluding private spaces like restrooms)
  4. Tracking time
    • When are employees being tracked? Only while on the clock, or during specific times
  5. Data security
    • Where is sensitive personal data stored? On a secure internal company server or with a specific cloud provider
    • What security measures are in place? Data encryption, system audits, etc.
  6. Access to data
    • Who can access employee data? IT, HR, management, etc.
  7. Data retention
    • For how long is data stored, and when is it deleted?
  8. Privacy
    • Can employees expect privacy regarding their data, communications, or files created, sent, received, or stored on company-owned assets or networks?
    • When can the company access or disclose workers’ activities and information without prior notice?
  9. Employee responsibilities
    • Do employees understand, acknowledge, and consent to the policy before accessing company networks?
    • Can they modify or uninstall company security or monitoring software from their devices?
    • What channels can employees use to access, transmit, or store sensitive or illegal information?

2. Notify employees when policy is created or updated

After creating an employee monitoring policy, set up a company-wide session or one-on-one meeting with your team members to clearly communicate the details. “…Giving notice is cheap, but even one lawsuit can cost tens of thousands of dollars,” warns Barry E. Janay, Esq., Owner and President, Law Office of Barry E. Janay.

Updating the policy annually and communicating it to employees every year — including to new hires when they join — can help you stay compliant across states, even if your local laws may not require it.

Best practices

  • Allocate enough time. Explain the policy in detail, and leave plenty of time to answer employee questions and address their concerns.
  • Discuss real cases of when monitoring helped workers, if possible. This can reduce concerns and encourage employees to accept the policy.

3. Collect only the data needed, only when needed

Edgar’s advice is:

“Start with a legitimate business purpose and collect only the information necessary to accomplish that purpose.”

Once you’ve narrowed down what your company needs to track and what it doesn’t, the next step is to review if tracking those activities and areas is legally permitted.

“Consider every [monitored] area on a case-by-case basis,” advises Gregory Calliste, Jr., Partner at Phillips & Associates. He further states:

“For example, a room that is typically used as an office could be designated by the company as a room used for breast pumping. In this case, the room should not be monitored at all to avoid legal trouble.”

Set the following boundaries

  • Limit the scope. Monitor only those activities that directly impact the business. For example, you may track employee clock-ins so the company can ensure accurate payroll.
  • Ensure off-duty privacy. Clearly define boundaries about when tracking begins and ends.
  • Monitor consistently across employees and departments. Ensuring uniform tracking can help avoid discrimination or harassment lawsuits.
  • Set data deletion timelines. Define exact data retention periods and set up automated deletion of data when it’s no longer needed.

4. Secure sensitive data

Treat employee data like sensitive HR information. Store it securely, restrict access to authorized personnel, and delete it when it’s no longer needed.

To keep sensitive employee data protected, implement the following

  • Role-based access control (RBAC): Restrict access to the monitoring dashboard and data to essential personnel — HR, payroll, or specific department managers.
  • Audit logs: Maintain secure, tamper-proof records of who accesses data, along with the date and time of access.
  • Multi-factor authentication (MFA): Require MFA for all accounts and applications that can be used to view or store employee activity data.
  • Encryption protocols: Ensure workforce software or monitoring platforms encrypt data while stored on servers and being transferred over networks.

5. Seek legal advice

If your monitoring practices don’t comply with federal and local laws, they can:

“trigger discrimination claims, retaliation complaints, wage and hour disputes, disability accommodation concerns, employee relations issues, union organizing activity, and invasion-of-privacy allegations. Even when an employer’s intentions are legitimate, inconsistent application of monitoring policies or inadequate communication about how monitoring data is used can create legal exposure,” – Edgar Ndjatou.

Best practices

  • Consult an employment attorney when you’re:
    • Preparing to roll out a new monitoring program
    • Expanding operations into new states
    • Planning to introduce new monitoring tools
    • Changing what data you collect
  • Review your monitoring policy whenever state or federal laws change.
  • Keep records showing that policies, notices, and consent forms were reviewed and approved by legal experts.
  • If you operate across multiple states, confirm that your policies comply with the laws in each.

Buddy Punch can support you in responsible employee monitoring

Time tracking software like Buddy Punch can help you stay compliant with employee monitoring laws while reducing risk and preventing time theft.

  • Policy compliance: Buddy Punch gives you control over which monitoring features you enable, which can help you align with the federal and state laws applicable in your jurisdiction.
  • Employee transparency: Employees can view their own activity data on the Buddy Punch self-service dashboard. This can help them better understand how they spend their time and adjust their work habits so they’re more productive.
  • Employee privacy: Buddy Punch tracks employee location during their work hours only, keeping you compliant with laws in most states.
  • Non-invasive data collection: Buddy Punch allows users to add necessary data only, preventing managers from collecting intrusive updates about employee activity.

Contributors

Privacy Preferences