You may have heard the term, but how well do you really understand the “Internet of Things”? Armed with an ever-increasing list of Internet-connected devices capable of collecting employee data, how can your company leverage advantages to employee productivity and collaboration and reduce exposure to information security and privacy pitfalls?
In an interview with Bloomberg BNA, Christin McMeley, chair of Davis Wright Tremaine’s Privacy & Security Practice, highlights emerging technology trends, discusses the regulatory and legislative landscape and offers practical advice to help employers navigate the uncharted waters of the Internet of Things.
Bloomberg BNA: But seriously, what is the Internet of Things and how is it changing the modern workplace?
McMeley: People have a lot of different ideas about what the Internet of Things actually is. Michael Mandel of the Progressive Policy Institute has one of my favorite explanations. He said that it is the extension of the Internet to the physical world. In other words, the IoT connects physical objects to the Internet and often connects those objects to other objects through the Internet.
Almost any object you can think of has been connected. Automobiles, jewelry, light bulbs and more. The IoT is changing everything, including the modern workplace. Consumers often think of it in terms of the convenience or quality-of-life value their personal devices can bring, while businesses see it as providing cost savings and other benefits. The IoT also is renowned for the vast amounts of data devices can collect, which drive business analytics and innovation.
Bloomberg BNA: Many people are familiar with workplace IoT issues that have received a lot of press attention, such as the collection of employee health data via wearable technology and “Bring Your Own Device” policies. What are some other IoT trends you are monitoring that employers are leveraging?
McMeley: Employers are tapping into the big data aspects of the IoT to gauge things like productivity and collaboration. Sensors can determine whether people are using conference rooms, eating lunch together, working remotely or taking breaks, etc. Employers also use GPS to remotely monitor vehicles and drivers, as well as mobile device management to track the location of personal devices.
The tracking of health and fitness information is often used to achieve cost savings related to health and benefit plans. The other examples above show how tracking technologies can be used to measure employee productivity, or even theft or fraud. Connected devices also can be used to find efficiencies and to promote safety. For example, they can direct the route a driver takes and can determine whether that same driver is following speed limits.
This tracking and collection of data may have legitimate business justifications, but employee privacy considerations also should be taken into account when these programs are designed.
Bloomberg BNA: What legal trends are developing in response to the increased prevalence of these technologies in the workplace?
McMeley: There are a lot of predictions about what the IoT is going to become, the benefits it will provide and the risks it presents. Because this is such a new and growing area, regulators and legislators seem to be watching and taking a wait-and-see approach with respect to whether IoT-specific legislation is needed.
The Federal Trade Commission (FTC) 2015 report on the subject recognized that the IoT is in its infancy and that any IoT-specific legislation at this time would be premature.
Instead, the staff called for Congress to enact both general data security legislation with a national breach standard, as well as baseline privacy legislation that would include mandatory privacy disclosures and offer consumers choices concerning how their data is collected and used. Commissioner Maureen Ohlhausen confirmed the Commission’s continued stance on this issue during an IoT panel at the International Association of Privacy Professionals’ Global Summit on April 6.
The Commission isn’t, however, taking a wait-and-see approach to consumer protection, stating that its priorities in this area are the security of the devices and the privacy of the information collected.
The Commission has brought enforcement actions against two IoT companies – one a company that markets Internet-connected video cameras designed to allow consumers to remotely monitor their homes and the other a manufacturer of network routers and “cloud” based services. Both companies allegedly failed to establish and implement reasonable security practices necessary to protect consumers’ privacy.
While the National Labor Relations Board hasn’t specifically addressed the IOT, it has weighed in on privacy and monitoring of employee e-mails and social media accounts. Any kind of monitoring that tracks employee congregation and could be used to deter collective bargaining activities might face NLRB scrutiny.
At the state level, there are laws relating to employee monitoring, tracking and privacy. For example, California, Delaware, Michigan, Tennessee and Texas prohibit electronic tracking of vehicles without their owner’s consent. States, such as Connecticut, Massachusetts and Texas, require employers to provide notice to employees of certain privacy practices.
Employers also may have contractual obligations under collective bargaining agreements to disclose employee monitoring or to take other actions related to those activities.
Bloomberg BNA: What practical advice would you give to employers on avoiding thorny privacy issues, particularly in areas where regulation and compliance aren’t clearly defined?
McMeley: Remember that employees are consumers, too. There have been several FTC employment actions related to employers not securing employees’ private data. As employees bring connected devices into the workplace, employers should ensure they take reasonable measures to secure the information collected and follow guidance provided in the FTC’s 2015 IoT report and in the IoT enforcement cases.
Although we haven’t seen this particular case yet, an employer’s unfair or deceptive collection or use of employee information could subject them to FTC enforcement actions. Therefore, employers should consider the security of the devices they use to collect employee information, how they communicate their practices to employees and the choices they give employees about the data collected.
For example, some recommended location tracking practices include:
Bloomberg BNA: Any final thoughts?
McMeley: This is a rapidly developing area—operationally as well as legally. Similar to customer data, employers need to understand what employee data is being collected, how it is being used and what disclosures or consents need to be made or obtained and to confirm that the data is adequately protected, including by third parties.
Get up-to-date news and expert analysis from respected practitioners and Bloomberg BNA's legal editors, and practical research tools with a free trial to the Labor & Employment Law Resource Center.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)