Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Is Big Brother Watching? Wearables
and Other Trends in Electronic
Monitoring of Employees
Patrice Ettinger, Chief Privacy Officer, Pfizer, Inc.
Christine Lyon, Partner, Morrison & Foerster LLP
Jack Yang, Associate General Counsel, Global Privacy
Office at Visa Inc.
TYPES OF MONITORING
• Every step you take?
– Fitness trackers, wearables
• Every move you make?
– Location tracking (e.g., mobile devices, wearables)
– Video surveillance, biometric access controls
• Every word you say?
– Call recording, email monitoring
• Every game you play?
– Other apps on device, use of work computers
PURPOSES OF EMPLOYEE
MONITORING
• Protecting the company
– Physical security
– Data security
– Legal compliance
• Improving work performance
– Coordination
– Collaboration
– Attendance
CASE STUDY
• HR: VP plans to fire an employee for removing
that mobile worker app from her phone
• You: what app?
• HR: you know, the app all field sales
employees install on their smart phones, so we
know where they are in the field
• HR: just wanted to make sure there isn’t a
privacy issue here
HOW WOULD YOU ADVISE?
HR: We are meeting with the employee in an hour to do
the termination. I need an answer now. Are you saying
we would be violating some law?
A) No, there is no law prohibiting us from doing this.
Whether it’s a good idea is another question, of course
B) Well, no. I think there is legal risk, but if there is a
legitimate business purpose for the app and it’s a
requirement of the job, I think we can enforce that
requirement.
C) Yes, this is high risk. Let’s go talk to the VP right now.
NOT A HYPOTHETICAL
• Arias v. Intermex Wire Transfer, LLC (California Superior Court,
County of Bakersfield, filed May 5, 2015)
RISKS OF EMPLOYEE MONITORING
• Legal risks under alphabet soup of laws
– ECPA and SCA for electronic communications
– CFAA for personally-owned devices
– ADA and other anti-discrimination laws
– State laws (social media, biometrics)
• Reputational risk
– Employee morale
– Negative media attention
POLLING QUESTION #1
Does your company engage in geo-location
tracking of mobile devices?
A) Yes, but only company-issued devices
B) Yes, both company-issued devices and
employee devices used for BYOD
C) No
D) Not sure—but I will look into this when I get
back to the office
LOCATION TRACKING
• Growing recognition of sensitivity of geo-
location data
• Proposed state legislation
• Best practices:
– Limit collection, access, and retention
– Obtain express, informed consent
– Consider providing ability to turn off tracking
temporarily, at least while off-duty
POLLING QUESTION #3
Does your company issue wearable devices to
employees?
A) Yes
B) No
If yes, does your company receive data from
those wearables?
A) Yes
B) No
C) Not sure, but I will find out
WEARABLES
• Interplay with HIPAA, ADA for wellness
programs, health-related data
• Disparate impact concerns
• Best practices
– Limit (or eliminate) employer data collection
– Use a third-party vendor
– Be sensitive to employee perception—not
everyone can walk 10K steps per day
POLLING QUESTION #4
Does your company use biometric screening
devices?
A) Yes, biometric timeclocks and/or
biometric access controls
B) No
C) Not sure, but I will find out
BIOMETRICS
• State biometrics laws
– Fingerprint, palm scanning
– Facial recognition
• State employee fingerprinting laws
• Best practices
– Use a trusted third-party provider
– Collect algorithms rather than actual print
– Limit use, access, and retention
MANAGING YOUR MONITORING
• Be proactive
• Leverage your privacy impact assessment
• Limit data collection, use, access, retention
– Beware of secondary uses
– Beware of linking data
• Communicate
– Notices
– Explicit consent
– FAQs
QUESTIONS?