There is not a way to deny individual employee access to CU*Spy. Employee Security can be used to control access to Tool #329 CU*Spy Daily Reports, but this does not control other access points such as via the Timeout window or from within Inquiry and Phone Operator, as well as dozens of other places where documents can be scanned and retrieved.
A little background on why Tool #329 can be controlled: When 17.03 release first went live, this tool, along with about a dozen others, were set up not to use employee security at all. This was to match exactly how the old menu system worked for those same tools. So CU*Spy has always been freely open to all employees, no security at all. (Other tools on this list included the OUTQx shortcuts, the check digit calculator, etc. Plus any tools that already had their own, internal security including Phone Op and Teller.) Then about a year ago, based on feedback from CUs, we added security to all of those dozen tools again. But not because of access so much as because of how the “My Tools” feature works. People were complaining that they had all of these extraneous tools that they never actually used (Teller being the main one), simply because the home page lists everything they can access, including things that don’t require security in the first place. This change allowed CUs to ‘hide’ these tools just so the employees didn’t see a cluttered list.
We have no plans to incorporate employee security into the time-out window or other access points for CU*Spy reports, eStatements, and other documents.