Info of over 2.4m Wyze users exposed in data leak
Flexible working will require closer digital interaction between employers and workforces. But this should not be used as a result for heavy intrusion into personal data. Image Credit: IANS

When the European Union’s General Data Protection Regulation (GDPR) was introduced two years ago, it accentuated employee data rights that earlier privacy protection laws ignored. As a result, stringent controls were implemented with respect to the collection and handling of employee data.

The California Consumer Privacy Act (CCPA) and the Brazilian General Data Protection Law (LGPD) quickly followed with equally strict guidelines. In October, the Dubai International Financial Centre's Data Protection Law came into full effect, aimed to govern employee surveillance as well as monitor customer privacy.

Despite the number of nations joining the global privacy movement, the indiscriminate collection of personal data persists… and even increased. In fact, H&M was recently fined a whopping $41 million for illegally surveilling employees in Germany.

This is the second highest GDPR penalty levied in the EU, after Google's $57 million fine by the French Data Protection Agency for harvesting customer data.

Read More

Wake up call

H&M's compliance mishap is a glaring reminder for employers to take a hard look at how they collect, store, and use their employees' personal information. Mainly because: employee surveillance, already a contentious topic in the corporate landscape, will garner more attention with legal bodies, privacy watchdogs, and individuals in the post-COVID-19 world.

As hybrid work models crop up, technologies for collaboration among remote employees as well as interim practices like remote work tracking, regular health checks, and status surveys result in an unprecedented surge of personal data collection.

Hands off

The first step is to ensure that employees' personal information is stored in a secure, encrypted server. Aside from that, here are a few basic practices you can follow to adopt a privacy-by-design approach to employee data collection and handling.

Ensure employees are in the know

Employers should clearly spell out their data collection and monitoring practices whenever changes are made to policy. If your recently instituted COVID-19 based health and wellness programmes include additional collection of datasets like travel history and family health statuses, then obtain specific consent from employees.

Conduct privacy impact assessments

As we become more reliant on third-party videoconferencing and remote collaboration apps, reevaluate the vendors' privacy policies and understand how these platforms handle employees' data. In most cases, the long-winded privacy statements never give us a clear picture.

Deploy employee monitoring tools judiciously

Remote working has sparked an ethical debate about whether employers should use remote monitoring software to supervise workforce productivity levels. Today, we have tools that randomly take screenshots of employees' device screens and even monitor time spent on certain websites.

Measuring work hours or monitoring background activity doesn't instill confidence in employees. Imposing privacy-invasive tools into your employees' life can result in a severe backlash down the line.

Earning the confidence of your employees is perhaps more crucial at the moment, as it will determine whether your top talent chooses to stay with you after emerging out of the pandemic. Upkeep of transparent privacy control practices will assure your employees that their data is in safe hands.

The bottom-line is that individuals prefer to work for companies that respect their privacy and data. If any employer doesn’t take a strong privacy stand in these uncertain times, they face many potential risks such as reputation damage and losing key employees.

- Hyther Nizam, President - Middle East and Africa at Zoho Corp.