You set up time tracking for your Filipino team.
Your VAs clock in. They clock out. Hours get calculated.
Everything’s working.
But then you start wondering.
Who can actually see all this data?
Should your project manager have access? What about your business partner who doesn’t work with the VAs directly?
And what about the VAs themselves? Can they see their own logs?
These aren’t just “nice to have” policies you figure out later.
There are actual laws about this. In the Philippines. In the US.
Get it wrong and you could be violating labor laws or data privacy regulations.
Let me walk you through who should see these logs and who shouldn’t.
Timing your VAs’ work without the compliance headache?
Give your VAs, managers, and HR exactly the access they need—nothing more, nothing less
What These Logs Actually Contain
Basic time logs are simple.
Clock in time, clock out time, total hours for the day, which project they worked on.
That’s the baseline.
But a lot of time tracking tools capture way more than that.
Activity levels. Keystrokes and mouse movements. Which websites got visited. Some take periodic screenshots. Some even capture webcam photos.
Once you’re collecting that kind of data, you’re not dealing with a simple timesheet anymore.
You’re collecting personal data. Sensitive personal data.
The Philippine Data Privacy Act cares about this. GDPR in Europe definitely cares about this.
So the rules change depending on what you’re collecting.
The VA Needs to See Their Own Logs
Let’s start with the most obvious person who needs access.
The worker themselves.
Your VA should be able to see their own time logs. All of them.
Why? Because they need to verify their hours are accurate. They need to check that what they clocked matches what’s showing in the system.
This isn’t just good practice. It’s a legal right in most jurisdictions.
Under GDPR and similar privacy frameworks, people have a “right of access” to personal data held about them.
In the Philippines, the Data Privacy Act gives individuals the right to access their personal information and dispute any errors.
Practically, this means your time tracking system should let VAs log in and see their own data. Clock times. Hours worked each day. Total hours for the pay period.
If your system captures screenshots or activity levels, they should be able to see those too.
Direct Managers Need Access to Their Team
Next up is the person who actually manages the VA day to day.
The project manager. The team lead.
They need to see time logs for their team.
Why? Because they’re responsible for approving hours, allocating work, and making sure projects stay on track.
They need to know who clocked in today. Who’s logged the most hours this week. Whether someone forgot to track time yesterday.
But here’s the key part.
Managers should only see logs for people they actually manage.
If you have multiple teams, each manager should only have visibility into their own team. Not everyone’s data.
This is called role-based access control..
HR and Payroll Need Full Access
This one’s non-negotiable.
Your HR team and whoever runs payroll need to see time logs. All of them. For everyone.
Why? Because they’re legally required to.
They calculate wages, overtime, holiday pay, 13th month pay in the Philippines. They process payroll.
In the Philippines, DOLE can inspect employment and payroll records at any time. If you can’t produce accurate time records, you face penalties.
In the US, the Department of Labor can demand to see time and wage records during investigations.
HR and payroll are the custodians of these records. They need comprehensive access.
Who Should Not Have Access
Now the important part.
Who shouldn’t see these logs?
Random managers from other teams. If someone doesn’t manage a particular VA, they have no reason to see that person’s time logs. Even if they’re curious. No business need equals no access.
Founders or executives browsing out of curiosity. Unless you’re directly managing someone or investigating a specific issue, you don’t need to be scrolling through screenshots of your team working. It’s invasive and it creates a culture of mistrust.
Business partners who aren’t involved in operations. Your co-founder who handles sales doesn’t need access to time tracking data.
External clients without a contract. If you’re using VAs to serve clients, those clients don’t automatically get access to your VAs’ time logs. That needs to be explicitly agreed upon.
The general principle across privacy laws is “need to know.”
If someone doesn’t need access to do their job, they shouldn’t have it.
And here’s what VA communities say about this.
They hate when monitoring data gets shared beyond the immediate supervisor. They tell stories about screenshots showing up in company Slack channels. About managers sharing someone’s low activity score as a joke.
That stuff destroys trust fast.
The Philippine National Privacy Commission takes workplace monitoring seriously. If a VA complains that their employer is misusing monitoring data, NPC can investigate.
Better to lock down access from the start.
Practical Steps to Lock Down Access
So how do you actually implement this?
Start by mapping roles to purposes.
Your VA needs to see their own logs to verify accuracy.
Managers need to see their team’s logs to approve work.
HR and payroll need comprehensive access to calculate wages and respond to audits.
Everyone else? No access.
Build this into your time tracking system using role-based access controls.
Most platforms support this. You assign users to roles, and roles determine what data they can see.
Then turn on access logging.
Every time someone views time records, that access gets logged. Who accessed what, when.
The Philippine National Privacy Commission specifically recommends maintaining logs of access to personal data.
Next, distinguish between different types of data.
Basic time logs like clock in and clock out times are lower risk.
Detailed activity data like screenshots are high risk. Keep those for as short a time as possible.
Maybe you need screenshots for one pay period to verify hours. After payroll is processed and there’s no dispute, delete them.
Update your privacy notices and employment contracts to explain what you’re collecting, who can see it, and why.
Workers should know upfront that time tracking includes screenshots, who can review them, and how long they’re kept.
Finally, train the people who do have access.
Your managers need to understand that time logs aren’t entertainment. They’re business records that contain personal information.
Don’t share screenshots in team chat. Don’t gossip about someone’s activity levels.
Use the data for its intended purpose. Verify work is happening, calculate pay accurately, resolve legitimate disputes.
Bottom Line
Time and activity logs aren’t public information.
They’re employment records that contain personal data.
The VA needs access to verify their own data. Managers need access to approve work. HR needs access to process payroll.
Beyond that, access should be restricted and documented.
No browsing out of curiosity. No sharing for entertainment. No keeping invasive monitoring data longer than necessary.
Get this right and you build trust with your team while staying compliant with Philippine labor law and privacy standards.
Get it wrong and you risk complaints, investigations, and a team that doesn’t trust you.
The rules exist for good reasons. Follow them.