Ohio
Ohio Employee Monitoring Laws: Workplace Surveillance and GPS Tracking (2026)

Ohio employers can generally monitor work email, phone lines, and company computer systems under the federal wiretap law's business-use exception. Ohio has no state notice statute or social-media-password law, but it does have a genuinely new, dedicated tracking-device statute, effective March 20, 2025, that shapes how employers can legally use GPS on company vehicles and phones.
This article provides general legal information about Ohio employee monitoring law as of July 9, 2026. It is not legal advice and does not create an attorney-client relationship. Consult an Ohio-licensed attorney about your specific situation.
Scope: This article covers Ohio law on an employer's authority to monitor employees, access personal accounts, and conduct video, GPS, and biometric monitoring. It does not re-derive Ohio's general one-party consent rules (see our Ohio recording laws guide) or GPS law outside employment (see our Ohio GPS tracking laws guide).
The Federal Baseline: the "Ordinary Course of Business" Exception
Ohio's starting point for any workplace monitoring question is federal, not state, law. Title I of the Electronic Communications Privacy Act makes it unlawful to intentionally intercept wire, oral, or electronic communications without consent, 18 U.S.C. sections 2510-2523, but the statute carves out a broad exception for the owner of a communications system. Under 18 U.S.C. section 2511(2)(a)(i), a provider of a wire or electronic communication service, a category extended by courts to employers who own the phone, email, and computer systems their staff use, may intercept communications on that system in the ordinary course of business.
The leading case applying this exception is Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th Cir. 1983), where an employer monitored a sales line as part of a standing training program. The court held that once a monitored call is determined to be personal rather than business-related, the employer's ordinary-course exception generally ends, and continued listening can create liability. Ohio has no separate notice statute narrowing or expanding this federal baseline.
Does Ohio Require Notice Before Electronic Monitoring?
No. A small group of states, Connecticut, Delaware, New York, and (starting in 2026) Maine, require employers to give employees written or posted notice before monitoring phone, email, or internet use on the job. Ohio has not enacted a comparable statute, so an Ohio employer can generally monitor company email, internet use, and phone lines on employer-owned systems relying on the federal ordinary-course exception, without a state-mandated notice step. A written monitoring policy is still good practice, since it documents that surveillance occurred in the ordinary course of business and matters if an employee later brings a common-law privacy claim.
Does Ohio Restrict Employer Access to Social Media Passwords?
No, not currently. Twenty-seven states, verified through the National Conference of State Legislatures' 50-state tracker, bar employers from requiring an employee or applicant to disclose a personal social media password; Ohio is not one of them, and no bill addressing the issue is currently advancing through the Ohio legislature. Ohio employees have no state-law right to refuse such a request beyond general retaliation and discrimination protections that may apply on other grounds.

Video and Audio Surveillance in Ohio Workplaces
Pure video recording without audio is not "interception" of a "communication" under Ohio's wiretap statute, but Ohio Rev. Code 2907.08 fills the gap. The voyeurism statute prohibits surreptitious recording of a person in a state of nudity, or eavesdropping, in a place with a reasonable expectation of privacy, such as a restroom or locker room, with penalties from a third-degree misdemeanor up to a fifth-degree felony with mandatory sex-offender registration when the victim is a minor. An employer that installs a camera in those spaces, even for loss-prevention reasons, faces criminal exposure regardless of a posted monitoring policy.
Ohio's courts have also narrowly construed employee invasion-of-privacy claims where the employee consented to the monitoring itself. In Lunsford v. Sterilite of Ohio, L.L.C., 162 Ohio St.3d 231, 2020-Ohio-4193, the Ohio Supreme Court held that an at-will employee who consents, without objection, to a workplace drug-testing procedure using direct visual observation has no invasion-of-privacy claim over that observation. The case involved drug testing rather than a hidden camera, but it signals that Ohio courts weigh an employee's own consent heavily against a later privacy claim, while surreptitious recording in a genuinely private space without disclosure or consent remains squarely barred by ORC 2907.08.
Cameras in common work areas, sales floors, and entrances are generally permissible without a state-specific notice requirement. Audio recording of employees is governed separately by Ohio's one-party consent rule under Ohio Rev. Code 2933.52(B)(4); an employer recording a conversation involving employees, rather than merely reviewing stored business communications, needs at least one participant's consent, not for a criminal, tortious, or injurious purpose, which the employer can supply if it is a party to the conversation. See our Ohio workplace recording laws guide for depth.
GPS and Vehicle Tracking of Ohio Employees: The New ORC 2903.216
Until recently, Ohio had no law directly addressing a hidden GPS tracker, and prosecutors had to stretch the menacing-by-stalking statute to cover it. That changed on March 20, 2025, when Ohio Revised Code 2903.216, created by Senate Bill 100, took effect. It makes knowingly installing a tracking device or app on another person's property, or causing a device to track another person, a first-degree misdemeanor without consent, rising to a fourth-degree felony with a prior conviction, an active protective order, or a history of violence.
The statute matters for employers because it lists a business exception (good-faith tracking for a legitimate business purpose, covering fleet logistics and delivery tracking, though it excludes private investigators) and an owner exception (track what you own for the duration of ownership or lease). Both generally cover an employer tracking a company-owned vehicle, with no statutory duty to give advance notice. Tracking an employee's personally owned phone or car is different: the employer does not own it, so a tracker there without consent runs directly into the statute.
One feature of ORC 2903.216 is unlike almost anything else in the country and worth knowing even outside the employment context: consent to tracking is presumed revoked once a divorce or dissolution is filed between spouses, or a protective order is issued, and the tracker must be removed or disabled within 72 hours of being served with that filing or order. That rule does not target employers, but Ohio HR and benefits teams fielding an employee's protective-order-related request should be aware the same statute governs it. See our Ohio GPS tracking laws guide for the full exception list and penalty structure.
Biometric Monitoring: Time Clocks and the Ohio Data Protection Act
Employers increasingly use fingerprint or facial-recognition time clocks, and in trucking, driver-facing cameras that can capture biometric identifiers. Illinois' Biometric Information Privacy Act is the strongest law of this kind nationally, requiring written consent before collection and creating a private right of action; it does not apply outside Illinois. Ohio has no comparable biometric consent statute, and no state law requires an Ohio employer to obtain consent before enrolling employees in a fingerprint or facial-recognition time clock.

Ohio does have a law that sounds relevant but is not: the Ohio Data Protection Act, ORC Chapter 1354, enacted in 2018 as the first law of its kind nationally. It is a cybersecurity safe harbor, an affirmative legal defense a business can raise in a tort lawsuit if it maintains a written cybersecurity program conforming to a recognized framework like NIST or ISO 27000. It creates no consumer or employee rights, requires no consent before collecting biometric data, and mandates no retention or destruction schedule. An Ohio employer with a documented cybersecurity program has a stronger defense if biometric time-clock data is later breached, but that is a shield for the business, not a right for the employee. Ohio's breach-notification statute, ORC 1349.19, also excludes biometric identifiers from its protected data elements, so a breach exposing only fingerprint or facial-recognition templates does not by itself trigger notification. Ohio employees are protected mainly by employer policy and common-law tort claims, not a dedicated biometric statute.
What Ohio Employees Can Do About Monitoring Concerns
An employee who believes an employer crossed a legal line has a few concrete options depending on what happened. A hidden camera in a restroom or locker room can support a criminal report under ORC 2907.08 and a civil invasion-of-privacy claim, though Lunsford shows that any consent the employee gave to the underlying procedure will matter. Unauthorized tracking of a personal vehicle or phone can support a report under ORC 2903.216 and a civil stalking protection order under ORC 2903.214. Monitoring tied to a protected characteristic, retaliation for a workers' compensation claim, or interference with NLRA-protected activity may fall under the Ohio Civil Rights Commission or the National Labor Relations Board instead of a monitoring-specific statute.
Because Ohio's monitoring rules span several distinct sources, criminal privacy law, the new tracking statute, tort law, and federal wiretap and labor law, an employee with a specific fact pattern should keep records and consult an Ohio-licensed employment attorney rather than assume a single statute covers the situation. See our Employee Monitoring Laws by State hub and US Recording Laws by State.
More Ohio Laws
- Ohio AI Meeting Recording Laws
- Ohio Alimony Laws
- Ohio At-Will Employment Laws
- Ohio Car Accident Laws
- Ohio Car Seat Laws
- Ohio Child Custody Laws
- Ohio Child Support Laws
- Ohio Common Law Marriage Laws
- Ohio Dashcam Laws
- Ohio Data Privacy Laws
- Ohio Deepfake Laws
- Ohio Divorce Laws
- Ohio Dog Bite Laws
- Ohio Drone Laws
- Ohio Emancipation Laws
- Ohio Expungement Laws
Disclaimer
This article provides general legal information about Ohio employee monitoring law as of July 9, 2026. It is not a substitute for individualized legal advice. Employment monitoring disputes often involve overlapping statutes, employer policy, and federal law, and outcomes depend on specific facts. Readers should consult an attorney licensed in Ohio for advice about a particular situation.
Related articles
- Employee Monitoring Laws by State
- Ohio Recording Laws
- Ohio Workplace Recording Laws
- Ohio GPS Tracking Laws
- Ohio Data Privacy Laws
- US Recording Laws by State

Last updated: July 9, 2026. Statutes cited reflect their in-force version as of that date.
Frequently Asked Questions
Can my employer read my work email in Ohio?
Generally yes, once the email is on an employer-owned system. Ohio has no state electronic-monitoring notice statute, so employers typically rely on the federal ordinary-course-of-business exception in 18 U.S.C. section 2511(2)(a)(i).
Can my employer ask for my Facebook or Instagram password in Ohio?
Ohio has no dedicated social media password statute, unlike 27 other states verified by NCSL, and no comparable bill is currently advancing through the legislature.
Does Ohio law require my employer to tell me I'm being monitored?
Not by a dedicated statute. Unlike Connecticut, Delaware, New York, and Maine, Ohio has no general electronic-monitoring notice law, so no state-mandated notice is required before monitoring employer-owned systems.
Can my employer GPS track a company vehicle I drive in Ohio?
Yes. ORC 2903.216, effective March 20, 2025, exempts good-faith business tracking and vehicles the employer owns or leases. No state statute requires advance notice for company-vehicle [GPS tracking](/us-laws/gps-tracking-laws).
Can my employer track my personal car or phone in Ohio?
Not without your consent. The business and owner exceptions in ORC 2903.216 do not cover a personally owned vehicle or phone. Doing so without consent is a first-degree misdemeanor, rising to a felony with aggravating factors.
Can my employer put a camera in an Ohio workplace restroom or locker room?
No. Ohio's voyeurism statute, ORC 2907.08, prohibits [recording someone without consent](/us-laws/is-it-illegal-to-record-someone) in a place with a reasonable expectation of privacy, and this applies to employer-installed cameras like anyone else.
Can my Ohio employer require a fingerprint scan for the time clock?
Under current state law, yes. Ohio has no biometric consent statute. The Ohio Data Protection Act (ORC Chapter 1354) is a cybersecurity liability shield for businesses, not an employee consent right, so it does not change this.
Did Ohio's Supreme Court really say I have no privacy claim if I'm monitored at work?
Not that broadly. In Lunsford v. Sterilite of Ohio, 2020-Ohio-4193, the court held that an at-will employee who consents without objection to a specific intrusive procedure, there a direct-observation drug test, has no invasion-of-privacy claim over it. Nonconsensual, hidden recording in a genuinely private space remains barred by ORC 2907.08.
Sources and References
- Ohio Rev. Code 2933.52(B)(4), one-party consent exception to the wiretap statute(codes.ohio.gov).gov
- 18 U.S.C. section 2511(2)(a)(i), exception for interception of communications in the ordinary course of business(law.cornell.edu).gov
- Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th Cir. 1983)(law.resource.org)
- Ohio Rev. Code 2903.216, Illegal use of a tracking device or application (effective March 20, 2025)(codes.ohio.gov).gov
- Ohio Rev. Code 2907.08, Voyeurism(codes.ohio.gov).gov
- Lunsford v. Sterilite of Ohio, L.L.C., 162 Ohio St.3d 231, 2020-Ohio-4193(supremecourt.ohio.gov).gov
- Ohio Rev. Code Chapter 1354, Ohio Data Protection Act (cybersecurity safe harbor)(codes.ohio.gov).gov
- Ohio Rev. Code 1349.19, Breach notification statute(codes.ohio.gov).gov