Wearable Technology in the Workplace – Risk Mitigation | DCR Workforce Blog

Wearable Technology in the Workplace – Risk Mitigation

Today’s workforce management is all about the Total Workforce – which includes permanent employees as well as contingent labor, independent contractors and SOW project teams. And – every one of those workers may have tapped into the hot new fashion accessory – wearable technology. Today’s workers are wearing smart watches, activity trackers, smart glasses, wearable cameras, health monitors – the list is growing daily! When a company wants to mitigate the possible risks from allowing wearables into the workplace, it would be necessary to consider every class of worker who could walk into the workplace for a genuine reason. Any one of them could easily misuse their access and indulge in acts which undermine the company by invading its privacy. These could be illegal acts which steal proprietary information and records. They could also be whistleblowing efforts aimed at catching the company itself in wrongdoing.

Wearable technology is computing power in miniature and can prove as effective as a regular computer in some areas of its operation. While the policies of many companies address improper use of laptops or smart phones, few have been updated to cover all forms of wearable technology. How can a company mitigate possible risk from the presence of wearable technology at the workplace, whose capabilities are evolving at an exponential rate, with unforeseeable consequences? In developing a position on the use of wearable technology at work, many factors must be considered:

Legal Regulations: The law can always act as a deterrent but only for those willing to abide by it. The issue with the wearables at the workplace is that legislation and case history has yet to keep up with their potential for mischief. Many companies believe that they are protected by using a catch phrase like “computing technology”, but there are few legal precedents to determine whether this protection is adequate. The legal environment needs to track the various issues that are bound to crop up in this area in order to arrive at binding guidelines and regulations which exercise real control.

Invasion of Privacy: Courts look at the loss of an employer’s privacy in context as demonstrated by the case against John Robert Large, where he faced criminal charges for using a Google Glass-like device to make audio and video recordings of his conversations with the employees of HCR Manor Care in Lehigh County. Large was granted relief on the grounds that his recording happened in an office with an open door, where there was no reasonable expectation of privacy. But, with the proliferation of wearable devices, we need a standard and unambiguous definition of terms like privacy.

Consent is Mandatory: Workplaces need to establish policies which make it explicitly unacceptable to use or activate any wearable in order to surreptitiously infringe upon the rights of the workplace and workers without tacit or explicit consent. Policies cannot depend upon the protection offered by unenforceable social normative expectations alone.

Application Vendors to Respect and Protect Privacy: Application software makers will have to be brought on board, and to accept their responsibility to respect privacy laws and mitigate the risks posed to privacy by their applications. In the meantime, businesses will have to determine which devices are acceptable – and which are not.

Set Expectations: Office and workplace policies regarding the use of recording equipment, sharing of such recordings, or other actions resulting in an invasion of privacy should be clearly communicated to regular employees and to all contingent workers. Agreements with agency contractors and freelancers should clearly state the company’s policy regarding they types of permissible wearable technology and uses. Consequences of non-compliance should also be spelled out.

Protection from HIPAA: As it stands today, the Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of an individual’s health related information. However, smart wearables that collect data of health and fitness should be vetted and approved by HIPAA like Fitbit.

Better IT Security: Secure access to the internet is an absolute necessity. Shielding enterprise data from access and setting up firewalls and monitoring the traffic become imperatives. Establish secure file-sharing for sensitive documents and data. If an organization is yet to gear up for the mitigation of risks in Bring-your-own-device (BYOD) situations, their task is cut out for them in handling wearables at the workplace.

Businesses need to adopt an enterprise-wide culture of strong security and data protection, if they are to avoid the potential threats from wearables and other devices at the workplace.

Do share any experiences you may have had with wearables at the workplace and how you dealt with them.


Disclaimer:
The content on this blog is for informational purposes only and cannot be construed as specific legal advice or as a substitute for competent legal advice. They reflect the opinions of DCR Workforce and may not reflect the opinions of any individual attorney. Do contact an attorney for advice specific to your issue or problem.
Lalita is a people/project manager with extensive experience in operations, HCM and training and development across industries like banking, education, business consulting, BPO and information technology. She believes in a dynamic approach to life and learning as change is the only constant.