Workforce Data Privacy in the Modern Work EraWorkforce Data Privacy in the Modern Work Era
It takes culture as well as individual and corporate responsibilities to ensure workforce data privacy and compliance.
October 4, 2022
Digital workforces continue to be highly distributed, mobile, and flexible, requiring more visibility into employee productivity, work habits, and well-being. At the same time, regulations continue to mount for employers and their use of workforce data collection tools, bringing new focus to workforce data privacy, security, and compliance.
COVID-19 forced remote work and left a long-lasting imprint on modern work. According to a recent report from Foundry, when asked where their employees would work in the future, only 29% of organizations said office only; 41% said in a hybrid format, while 30% said remote only. From a technology perspective, 51% cited efficient collaboration concerns, 47% cited morale concerns, and 38% cited security maintenance concerns.
As companies turn to tools to help them and their employees work wiser in this new era, the collection, processing, storage, and security of workforce data, and cultural implications of taking action on insights are top of mind for everyone from individual employees to the C-suite.
Currently, two states, Connecticut and Delaware, have electronic monitoring laws in place. As of May 7, 2022, New York signed law SB 2628 requiring employers to give notice of employee monitoring of phone, email, and Internet access or usage. More states will likely follow.
Employers have a responsibility to disclose use of data collection tools, as well as maintain the highest security and privacy standards. That's easier said than done. Six years ago, Dark Reading published an article highlighting that employee data was more at risk than customer data. Back then, the focus was on encryption. Today, regular penetration testing and encryption of data in transit and at rest are table stakes. Single sign-on (SSO) and multifactor authentication (MFA) are expected, as well as SOC 2 compliance for vendors that hold sensitive data on behalf of customers.
The Struggle to Adapt
While employers look to conform to those policies, many struggle with the right level of detail to capture to ensure employees don't feel monitored, while having sufficient insights to achieve business goals. An Aug. 14 New York Times article, "The Rise of the Worker Productivity Score," shined light on how some tools and approaches might be seen as being excessive, unreasonable, and ultimately counterproductive. These approaches increase mistrust among employees, causing some to implement workarounds that generate false signals, such as the pooling of badges for one employee to swipe everyone in/out of the office to spoof in-office attendance.
Establishing trust is not unlike confidential employee surveys. The first best practice that companies should adopt is to analyze activity data at an aggregate level. The second best practice is for personal browsing activities and websites visited to be automatically redacted or ignored through intelligent classification of work-related websites and applications. Third, rock-solid governance over access to sensitive personal information, such as Social Security, salary, and performance reviews, must be applied. Finally, location information should be used to aid in cohort analysis only to understand work-from-home vs. in-office needs.
The most critical factor remains the collective actions of individuals and the company for the good of all. For example, companies today are ensuring privacy by ignoring personal websites visited and performing analysis only on those sites and apps classified as work-related. Companies are also giving employees access to their own personal data. This allows employees to be aware of their habits and understand that the company treats privacy and security seriously.
Once employees are aligned, companies can then start looking at aggregate insights indicating high utilization of specific departments due to bottlenecks in processes, poor use of technology, or lack of training and skills.
While the right technology platform can surface the insights and spur action, it still all comes down to culture, individual, and corporate responsibilities to ensure workforce data privacy and compliance. It's up to everyone to trust, believe, and apply the insights for mutual benefit.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023