The Internet of Things (IoT) refers to the phenomenon of connecting devices to the internet in order to send and receive data. While the IoT promises a future of convenience and control at home, it also presents office challenges that outpace the current body of employment law. For example, security badges can track your location throughout the office, BYOD (bring your own device) policies can blur the lines between work and personal life and the explosion of wearable devices generates ever more employee data to store and analyze.
Despite recent cloak-and-dagger talk about spying with devices such as microwave ovens that do more than heat your lunch burrito, according to Wired Magazine, technically it’s impossible. These devices are made to keep microwaves inside the microwave and the waves cannot penetrate even the door! There’s one more important point—just like most of our appliances, microwave ovens are not connected to the Internet. Since they’re not connected, they can’t compromise security at work or at home.
The smart manager will consult their attorney before charging into IoT projects around the office.
But What About Offline Data Collection?
Is there a way to collect and transmit data when devices are not communicating with the internet? Well, yes and no. There’s been a recent push to decentralize the internet, creating a mesh network of information stored in unused computer memory. This has led to companies like MaidSafe to work on distributed storage protocols that make data more difficult for anyone but the owner to locate and view. This is especially important when companies sell in countries with limited or sporadic internet access or in countries where governments attempt to gain control of company data.
So, yes, new ways of transmitting and securing data are being developed. However, they are still in their infancy and rarely used. As of right now, it is highly unlikely your digital security will be compromised when your devices are disconnected from the internal network or from the internet.
What Should Employers do?
Employers must consider the need to clearly document privacy policies surrounding devices that are trackable or continuously record data. These policies inform employees as to what data might be collected and lay out the ground rules of what data is collected and for how long it will be archived. These policies should detail not only employer obligations surrounding such data, but also employee security obligations.
An employee’s activities while using an employer’s computer system are largely unprotected by personal privacy laws. Emails are company property if they are sent using the company’s computer system. Employers with a valid business purpose have the right to monitor and view employee email. Emails are frequently being used as evidence during trial to prove employee misconduct or wrongdoing.
Also, the sheer volume of data that can be amassed presents its own liability concerns. An employer that does not actively control their data collection may sweep up more information than needed. This could make employee reprimands and legal actions more complicated if the employer possesses private (non-relevant) information about the employee’s activities. Even if such information played no role in the employment decision, the data nonetheless lets the employee claim discrimination or other unlawful activity.
Employee Rights to Privacy
Employees have an expected right to privacy regarding their private information in the workplace. Although business communications are considered proprietary, smart companies won’t use business devices to collect employee activity in common areas or outside the business. Business managers need to think carefully about data gathering in the office and play fair by spelling out what data is collected and the methods used. Appropriate places to notify employees include: the company notice board, policy guide, a signed document in the onboarding package, a discussion during employee reviews or periodic mention in company-wide communications.
Presently the highest business adoption of IOT is in the manufacturing sector. PWC states that 35% of US manufacturers are currently collecting and using data generated by smart sensors to enhance manufacturing/operating processes. It is likely that IOT will eventually be adopted by all kinds of businesses in the years to come. Gartner predicts that billions of IOT devices will be employed in businesses. Where once IOT was a futuristic concept it is now taking hold so the wise business will make an effort to get ahead of the trend, especially in the privacy arena.
In an age of increased reliance on electronic communications, an employee’s right to privacy in the workplace is evolving. Technology has enabled employers to monitor virtually all workplace communications. While this monitoring may feel to be a violation of staff privacy rights, it is usually allowed under the law. Other employee activities (such as private conversations) receive more privacy protections than business related work activities. The smart manager will consult their attorney before charging into IoT projects around the office and verify what data would be appropriate to store and what should be discarded.