Augmented reality makes an appearance in the workplaceReprints
The surge in development and use of wearable technology is helping employers protect workers and encourage healthy behavior, but it’s also raising privacy concerns.
As employers use wearable devices — including so-called “smart” vests, belts, watches and helmets — to monitor employee movements and behavior, they can gather vast amounts of personal data that could leave them liable to breach of privacy allegations if they misuse use the data or if the data is accessed by criminals or other entities.
While wearable device makers say they have privacy protocols in place, experts advise employers to restrict their use of wearables and only gather data that’s relevant for their health and safety objectives.
Wearable devices have become a huge market over the past several years.
In August, the Stamford, Connecticut-based research and advisory firm Gartner Inc. forecast that 310.4 million wearable devices will be sold worldwide in 2017, up 16.7% from 2016, and that sales of wearable devices will generate revenue of $30.5 billion in 2017.
While corporate use of the devices is often related to employee wellness programs, they are also used to monitor safe employee behavior, such as lifting techniques, and track employee location in potentially dangerous locations, such as construction sites (see related story).
A report last year by financial services firm PricewaterhouseCoopers L.L.P. warned that wearables “have the potential to capture and store more personal data than any other device that we’ve ever owned,” including details about employees’ every move, habits, interests and health information.
Rachel Michael, Park City, Utah-based thought leader of the ergonomics practice group within Aon Risk Solutions, defines wearables as technology “with some kind of data feed.”
There are three potential outcomes from a wearable campaign, she said: employers want to compare their group with an established threshold, they want to change individual behavior, or they want to change organizational behavior.
“These are the three things we would start our clients with,” Ms. Michael said. “Which of these three things are you trying to get by implementing wearable technology?”
Given the rapid development and use of wearables — the next generation will likely include exoskeletons that augment a person’s strength and endurance — employers need to be aware of security issues, said Thomas Ryan, New York-based senior principal and director of workers compensation research and integrated casualty consulting at Willis Towers Watson P.L.C.
“There are very viable and potential risks associated with wearables,” Mr. Ryan said, “and I think the big one that’s at the forefront for a lot of employers is cyber risk, because there are concerns about any type of hacking of the data, privacy invasion and losing control of the data that’s been accumulated and having that data compromised.”
“Not unlike the early days of laptops and smartphones,” the PwC report said, “questions about security and privacy have yet to be resolved for wearables. As wearable technology becomes more ubiquitous in the workplace, transparency and employee education will go a long way toward resolving these issues.”
Ms. Michael of Aon said employers should define what they want from their wearable technology campaign before they purchase the devices and “certainly before they go implementing them with employees.”
Employers should restrict their data collection to data that they need for legitimate purposes, said employment attorney Kate Bischoff, owner of Thrive Law & Consulting L.L.C. in Minneapolis.
“From a risk management perspective, it becomes an issue of what information do we want, what do we not want, and how do we figure out how to get the right information and use it appropriately?” she said. “I think there are some really great things we can do with wearables; it’s just that I’m a little concerned that we say, ‘Well, let’s track everything and see what information we can get from it,’ and I think that’s not necessarily the way to go.”
Under laws in most states, employees have a reasonable expectation of privacy, Ms. Bischoff said.
“We might not want to know where employees are when they’re not on duty,” she said. “If we go beyond gathering things for the workplace, but we’re gathering information about the employee, that makes me nervous.”
Brett Kelsey, Plano, Texas-based chief technical officer for McAfee Inc., said he is a proponent of wearable technology, “but I’m a guy who likes to play the devil’s advocate from a security perspective.”
“The concern I have is, one, what data are they actually storing? And second, what level of protection do they have — not just of the data itself, but for the device?” Mr. Kelsey said. “All-around usage and availability security is a complete afterthought — that’s not even a consideration in the creation of the device.”
Collecting employees’ medical information could lead to legal concerns surrounding the Health Insurance Portability and Accountability Act of 1996, which provides data privacy and security provisions for safeguarding medical information.
“Don’t collect the information if you don’t need to use it,” said Ms. Michael of Aon Risk Solutions. “Unless you are going to command a million-dollar assembly line project from collecting this data, why are you measuring employee sleep cycles? Why are you measuring employee heart rates? You’re collecting what could be considered personal medical information? Why?”
Ms. Michael also noted that companies can resolve many issues related to posture without using wearables.
The U.S. Occupational Safety and Health Administration’s general duty clause could also cause problems for companies, Ms. Michael said, since it states that the burden is on the employer to make a place of employment that it is safe from reasonable and known hazards.
If a company collects data through wearables that shows the workplace is unsafe but does not make any changes, “you just told us you have a really bad place to work and you haven’t done anything about it,” Ms. Michael said.
Karla Grossenbacher, a partner with law firm Seyfarth Shaw L.L.P. in Washington, said companies need to obtain their workers’ consent when collecting sensitive information.
“If it’s voluntary,” she said, “and you got their consent and you use it for a purpose that you didn’t tell them about when you got their consent, then the consent isn’t effective and you’re looking at potential invasion of privacy issues. And then if you don’t take reasonable precautions, then you can find yourself in a data breach type situation and open to a negligence claim.”
Manufacturers of wearables say they take measures to protect privacy.
Gaia Dempsey, co-founder and vice president of corporate affairs at Los Angeles-based Daqri L.L.C., which manufactures smart glasses and helmets, said the company asks for consent from the end user for all the data it collects.
Enterprise customers — which the company defines as a company with 10,000 employees or more — using the devices with their workers are contractually required to create privacy policies that are in line with industry standards, be transparent with the data they collect and how it will be used, and communicate that information to the end users, she said.
Eric Martinez, CEO and founder of Modjoul Inc. in Clemson, South Carolina, said his company restricts the data it collects through its smart belts to a worker’s location, motion and environment.
“What we were advised was not to put biometric sensors on our belt,” he said. “We don’t touch skin, so it was hard for us to do it anyway. At work, you just want to know if you’re busy and you’re doing the job right. We don’t care about how many calories you burn — what we care about is are you safe or can we help you be safe by telling the supervisor there might be an unsafe act going on.”
Chad Hollingsworth, CEO and co-founder of Triax Technologies Inc. in Norwalk, Connecticut, said the company’s spot-r system is strictly for the workplace.
“The way we approach wearables is we want them to work well and protect workers when they’re on the job site, which is the most dangerous part,” he said. “But when they leave, I don’t need to know what they’re doing or where they’re going or how they’re going about their day.”
Douglas Turk, chief marketing officer with JLT Specialty USA, a unit of Jardine Lloyd Thompson Group P.L.C. in Los Angeles, said he believes that “the privacy concerns will be traded off with some kind of economic or health benefit” for the end user. Mr. Turk is the firm’s expert in this area and leads the development of JLT’s partnerships around wearables.
“The best kind of example,” Mr. Turk said, “is there are millions of people wearing some form of physical activity tracker, managing their activity, and many programs today reward people for their results.”
In June, JLT Specialty USA announced it was partnering with insurtech company Altumai L.L.C. on a program aimed at reducing worker injuries in the food and agriculture industry. Wearables are included in this program, and Mr. Turk said that “the data is currently anonymous when analyzed in the aggregate and it is specific to the employee when dealing with claims and loss and safety in the field.”