(TNS) -- The idea of being spied on at work — by employers’ cameras and microchips embedded in your body — seems, at first, a dystopian fancy.

But the reality is surveillance is already happening, and to find it, look no further than your own computer.

Email and message scanning, once the primary realm of industries required by law to record and track interactions between workers and customers, has become increasingly commonplace among companies with or without any legal obligation to keep logs of those conversations.

Tracking tools meant to tell employers where workers go, who they talk to and how much time they spend at their desks are already on the market.

Software designed to capture images of workers’ computers and what’s on the screen has begun to proliferate among businesses that rely on a remote workforce.

The more popular these tools become, experts in the field say, the greater the need to have a conversation: about regulation, privacy and the interests of workers and their employers.

“The case law on employee tracking is really from the 1980s, which is crazy considering how far the technology has come,” said Ben Waber, chief executive of Humanyze, a startup that sells smart badges to companies interested in tracking and learning more about their employees’ behavior. “Collecting (employee behavior) data is not difficult. Understanding it is very difficult. And as more and more players get in this space, eventually someone is going to do something wrong, and we’ll have reactive regulation, rather than the kind meant to prevent that bad behavior in the first place.”

Waber is staunchly for increased government regulation, an unusual position for someone in the industry that would be regulated.

But he’s not alone. Several leaders in the workplace analytics business have advocated for greater rules governing privacy and how worker data is kept and used.

With more legal oversight, Waber argues, employees may be able to maintain control over their data, ensure their privacy and avoid a future wherein employers are able to measure and control their every move, keystroke and interaction.

“Imagine if we had something like a HIPAA (the Health Insurance Portability and Accountability Act) for work. People would know what their rights are, companies could make sure they’re being compliant,” Waber said. “This is a really critical issue for our industry; companies like mine, big and small, we need to be demanding real, comprehensive regulation in the next five to 10 years — strong employee protection, a required opt-in system, data aggregation rather than individual monitoring, that sort of thing. And if we don’t, something bad is going to happen, and then we’ll see reactive regulation, which is never good.”

Humanyze, which has offices in Boston and Palo Alto, outfits workers with smart badges that track how employees spend their time, who they interact with and how long they spend doing what Waber calls “heads-down” work by pinging other badges and the employee’s own computer. It doesn’t track movement, typing speed or other metrics that Waber said are ripe for abuse.

The program, which is opt-in only, also doesn’t provide employers with worker-specific data. That means that while employers can see a general snapshot of their workforce — how much time, on average, their employees spend at their desk, which departments work the most together and so on — Humanyze’s software does not allow companies to zero in on any individual.

Employees can see their own data on a digital dashboard, but that information is kept private and stored using a number, rather than a name or specific identifier. Those who do not want to participate — an average of 6 to 7 percent at any given company, according to Waber — are given fake badges that look like all the others, but do nothing to track that particular employee’s behavior.

Waber doesn’t see his pro-regulation stance as being in opposition to his company. In fact, he said, he thinks his company can only survive in a world in which the kind of surveillance employers are allowed to conduct is limited.

It’s also why he rolls his eyes at the kind of surveillance that typically grabs headlines like microchip implants and wearable tracking devices.

Wisconsin tech company Three Square Market implanted a small radio-frequency identification, or RFID, chip — about the size of a grain of rice — into the hands of willing employees. Under the skin, between their thumb and index finger, the chip is primarily used to make mundane tasks more convenient, the company said: swiping into the building, logging into computers or paying for food at the cafeteria.

But experts have cautioned that once the chip is implanted, other data can also be collected, like the duration of employees’ bathroom breaks.

“Implanting chips, frankly, it’s a PR stunt,” Waber said. “There’s no valid reason to do anything like that from a data perspective. More tailor-made wearables that are looking at typing speed or how much time employees are walking around and where they’re going, beyond privacy issues, there’s some very serious methodical flaws when you’re looking at behavior through that sort of lens.”

At companies where emails, messages and other forms of electronic communication are recorded and stored, knowing who said what to whom is the whole point.

Upwork, a Mountain View startup that pairs businesses with remote contractors, allows employers to view screenshots and “activity summaries” of their freelancers’ computer screens, providing a virtual log of what they’re doing and when in what the company calls a Work Diary. The program acts as a visual record of how hired freelancers spend their time, and presents the screenshots as a grid of work-in-progress snapshots in hourly rows, each representing a 10-minute billing segment.

Actiance, headquartered in Redwood City, provides tools that allow businesses to track employee communication — via email, phone, text messages and more.

Though its business customers tend to come from industries like banking and health care, where this kind of tracking is mandated for regulatory purposes and to protect against things like insider trading, Actiance senior director of information governance Robert Cruz said the company has seen a sharp rise in companies not bound by law looking for ways to track their workers and record their communications.

“There’s a recognition of OK, I’m letting people use these internal networks, and there’s potential that high-value information or information that could be used to harm my company could get out through any one of these communication networks,” Cruz said. “Companies are more and more concerned about the loss of sensitive data, departing employees taking data with them, what’s leaving the system, and so on.”

Software like the kind Actiance provides scans communication for keywords or phrases and stores all messaging data for a set amount of time.

One of the phrases that might trigger a company to take a deeper look?

“Let’s take this conversation offline.”

©2017 the San Francisco Chronicle Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.