Everyone is being tracked one way or another. Some of it is life-saving, as in the case of COVID-19 tracing, while other tracking helps us do our jobs more safely.
Tracking, enabled by wearables, is enforcing social distancing, enabling contract tracing and monitoring health information specifically for COVID-19.
Securing data from wearables, however, is not new and has been used for safety purposes in warehouses and on the factory floor. Sensors can follow movement and motion to ensure ergonomic safety. And recent wearable innovations include a voice memo feature allowing workers to record potential hazards.
While a general consensus exists on the use of wearables to deliver necessary data, there is not a clear policy on how this data is protected. And that is a concern both to employees and employers.
With regard to gathering and retaining information relative to the pandemic, Linn Freedman, chair of data privacy at legal firm Robinson & Cole, LLP said in a recent EHS Today article that “a reasoned approach should be taken to only collect the minimal amount of information necessary for the company’s purpose, and the information should only be retained for the time that it is necessary to be used for that purpose.”
And from a general perspective of collecting personal data, Risa B. Boerner, a partner at legal firm Fisher Philips, said in an article that regulations, such as the California Consumer Protection Act, require employers to notify employees of the collection of personal information and provide the business purpose for the data. She notes that things are unclear given that “even where there is no statutory obligation to provide such notice, employees who learn that personal data was collected without notice through a wearable device could potentially assert claims for invasion of privacy, among other things.”
What is difficult to discern is a general agreement about data protection. David Reis of legal firm Arnold & Porter has written, “Unlike employers in other countries, which are subject to laws such as the EU’s General Data Protection Regulation or Canada’s Personal Information Protection and Electronic Documents Act, employers in the United States cannot look to an overarching, prescriptive statute governing their treatment of employees’ personal information.”
As we continue to capture data, it is imperative that data privacy be codified in an overall universal standard. Perhaps concerns by both employers and employees will give rise to an overall standard.
