Picture this: An employer decides to make sure it doesn’t collect any data while using technology to enforce social distancing at work and keep its employees safe.
First it sends each employee a brand-new personal thermometer and asks them to check their temperature each morning. If they find themselves below the risk threshold and decide to go to the office that day, they only need to provide confirmation that they meet the threshold at the front door. Nothing is recorded or tracked. If they find themselves higher than the threshold, they can work from home until they are clear again, no questions asked.
The employer also provides personal wearables to the employees when they each return to the office for the first time. The devices measure their proximity to other wearables and emit a small audio signal as a reminder to socially distance.
The wearables don’t collect or process any data. The result is a wearable that enables the employer to provide employees both safety and privacy without having to trade one for the other. While balancing safety, productivity and privacy – three goals seemingly at odds – creates dilemmas for employers, there are ways to achieve all three without trade-offs.
Take privacy versus safety for example. The trade-off would be, how much do we invade privacy to offer a certain level of safety? That question frames the solution as a compromise between the two – it would actually be better to try and fulfil both values.
As employees return to the office, employers are collecting more data to ensure both safety and productivity. By taking a risk-based approach, which considers what data is being collected and how it’s being used, organisations can protect employees while managing privacy risk.
The higher the risk, the more important it is to justify that a particular solution is indeed balanced and proportional to the risk we are assessing. Here are six principles to guide risk-based employee data collection.
Purposeful processing
If you decide to collect data, make sure it has a predefined purpose. For example, you might feel that the storage of daily temperature readings is needed to track trends and spot anomalies on behalf of your employees.
You may be justified in holding historic data, but for how long? If the data is only used to track sudden changes, holding on to last month’s data won’t be useful and so we recommend you delete it. Likewise, once temperature checking is no longer mandatory or recommended there’s no reason to keep any personal data related to the programme.
Once data has fulfilled its purpose, there’s no reason to keep collecting and storing it.
As a standard practice, if data is no longer valuable to the organisation and there’s no regulatory requirement to hold it, data leaders should prioritise minimising the risk this data represents to individual users’ privacy. Though matters of privacy often raise ideas of “doing the right thing” for the data subject, regulations such as GDPR impose hefty fines – making what is best for individual privacy equally good for business.
When assessing your data to better validate what stays and what goes, consider calculating the realised value the data brings to the organisation (actual, not potential) and the risk it carries in financial terms.
Proportionality
Default to the least invasive measure possible to satisfy your goals. Once a measure becomes disproportional to the risk or the purpose can be achieved in a different way, remove it.
Taking employee blood samples every morning would be the safest method of tracking the virus in the workplace. This method, however, is also the most expensive, most intrusive, and is likely to face strong opposition from everyone involved – given it would need to also be an opt-in programme, lack of participation will greatly hinder effectiveness. It also goes without saying that blood samples contain DNA, which has the most sensitive data about that individual – collecting it as an employer may be excessive.
This example aside, the less intrusive a measure and the less sensitive the data you collect, the less resistance you will face and the fewer privacy issues you will have.
Subsidiarity
Ask yourself, what amount of data is enough? Can you achieve the same purpose with less personal data or without processing personal data at all? Only collect the minimum amount necessary.
For contact-tracing technologies, many data points can be collected – people interacted with, location, time spent in each location, times it was turned on/off. If used outside the office the number of data points multiplies tenfold – leisure venues, home and family addresses, commute information, and more.
As you can imagine, these technologies can very quickly evolve and be used for monitoring purposes either deliberately or accidentally, all of which could benefit the organisation but at the cost of privacy.
When looking to collect data and implement a method to do so, make sure you only collect what you need. Simple contact tracing does not need to track the many things it possibly can, doing so will only increase the complexity of management and the risks involved – keeping data technologies focused and functional is key.
Transparency and equality
Don’t do anything in the dark. Be abundantly clear to staff what data you collect, for what purposes and who has access to it.
If you have revised your data protection policies in light of Covid, share them with employees and the public. Not only will this keep the organisation accountable for its uses of new personal data but it will also raise awareness among employees and open the privacy discussion up for questions and scrutiny.
Apply measures equally for all staff to prevent discrimination and protect autonomy. Work with HR to understanding potential cultural sensitivities to different procedures to make sure that safety and privacy technologies are accessible to everyone that needs them.
Risk-based decisions
Make decisions in light of the risks you are trying to mitigate and acknowledge – and communicate – that decisions are subject to change. Don’t hesitate to retrace steps taken early and adjust accordingly as things change to maintain or improve safety.
When it comes to returning to the workplace, every decision will lead to a certain risk. Following these principles equips employers with a framework to assess and mitigate privacy risk by making decisions based on the current situation and continue to measure the relevance of decisions as conditions change.
Bart Willemsen is a research vice president at Gartner