Make sure you protect your organization when implementing technology that collects data from your workers.
Data security is imperative, now more than ever.
“Mankind generates as much information now in two days as it did from the dawn of civilization up to the year 2003”, Eric Schmidt, former Google CEO, said back in 2010.(1) Nearly 10 years on, our society is more technology reliant than ever before and brings increased exposure of identity information to the web via cloud services every day.
Phishing, ransom attacks, malware, hacking, these are all words we don’t like to hear but it’s important not to shy away from them and mitigate your vulnerabilities as best you can.
Sensors used to help safeguard workers from injury are becoming the norm in a lot of organizations. It’s critical to be up to speed with guarding your data collection when taking on these technologies.
Alexey Pavlenko, CTO & Co-Founder of Soter Analytics, a global ergonomic technology company that develops wearables for worker safety, believes the security of data collection is a two-way conversation. Not only as an organization do you want your data to be safe but practicing privacy-respect and being transparent to workers about their data is important for building trust and assisting with any adoption barriers.
“Clear information should be readily available for businesses purchasing products that collect data from their workers. Be prepared and ask the right questions before you engage. This is not just to keep you safe from data leaks but also to be able to assure your employees about the safety of their personal information”, says Alexey.
Sensors used for safety
Certain products do have a significantly higher risk around hacking threats like identity theft however generally, devices used for safety are deemed a fairly low risk (2). They typically don’t store any financial details or passwords that would be required for any kind of identity theft. They may hold movement and biometric data and while the user would not like this information revealed, the safety threat in terms of identity or financial loss is less.
Although the risk is low, it is important to research the company’s data security management policies to ensure correct use and storage of the data.
Check data management policies
If some areas fall outside of the scope of the team engaging the technology, then talking to inhouse IT specialists or simply asking for proof or information is not unreasonable. (4)
Make sure the product has been designed and manufactured by engineers and not by a traditional consumer-goods producer
Question and ask for detailed proof that the engineers are trained in data security and have addressed the security concerns with the principle of ‘reasonable security’ in terms of the technical, physical and administrative requirements
Check that encryption measures have been included so that they are less vulnerable to hacking
Be mindful of unsophisticated devices that do not necessarily have the space to add the processing power required by security measures and can sometimes lack robust data security
Check and make sure there is possibility of regular updates and they are conducted to ensure the security of any possible threats
Ask for a copy of the vendor's Data Privacy Policy. It is worthwhile checking if they have clear information available that covers their legal obligations, explains exactly what the company deems as ‘personal information’, how they secure it and that it is written in layman's terms, so it is possible to distribute to workers and unions
Understand exactly what data is being collected and how is it being stored
Data breach disclosure laws
If using the product in Europe, make sure the company is GDPR compliant. The legislation came into force across the European Union in May 2018 (3). GDPR stands for The General Data Protection Regulation and was brought about to protect consumers and organizations collecting data must do so under strict legal conditions. Data is anything that can be processed to uniquely identify an individual, from name, address, photos, genetic or biometric data.
If the product is from the US, there is no federal data privacy law so check with the company as to what state laws they have adhered to and what their definition of ‘personal data’ is as this differs between the states. Each state has its own form of data security measures they must follow.
Conclusion
As industry and laws around this are continually evolving, it is important to involve everyone in the organization in the discussion when deciding to deploy any safety technology - Health & Safety teams, HR, legal, innovation teams, operational management.
Executing proper assessment of data management policies and security and involving all stakeholders in the decision making helps to eliminate fear and sets up for positive outcomes.
References
1. Siegler, M.G. (2010) Eric Schmidt: Every 2 Days We Create AS Much Information As We Did Up to 2003. TechCrunch. Retrieved from: https://techcrunch.com/2010/08/04/schmidt-data/
2. Shahmiri, Sara. “Wearing Your Data on Your Sleeves: Wearables, the FTC, and the Privacy Implications of This New Technology.” Texas Review of Entertainment and Sports Law 18.1 (2016): 25–. Print.
3. GDPR.EU. What is GDPR, the EU’s New Data Protection Law? Retrieved from: https://gdpr.eu/what-is-gdpr/
4. Toni-Louise Gianatti. (2020). WEARABLES FOR SAFETY. Professional Safety, 65(8), 16–17.