While the COVID-19 pandemic continues to wreak havoc, organizations in all sectors are being challenged to adapt to unpredictable waves of change. As various jurisdictions begin to allow offices and other physical operations to reopen, business leaders are looking toward employee surveillance and mobile contact-tracing systems to simultaneously protect employee health and wellness and mitigate business and operational risks.
As you review your own plans to loosen the reins and return to a new normal, consider your options carefully — or risk compromising your long-term road map.
Contact Tracing: A Tenuous Balancing Act
The process of identifying people who may have come into contact with an infected person, typically for public health reasons, has rightfully emerged as a technique leveraged by businesses for near-term survival. In the battle against COVID-19, artificial intelligence–driven technologies are being deployed at scale in the mad rush to reduce the spread of the virus.
However, this short-term solution comes with significant long-term implications because the impact of these predominantly reactive approaches warrants broader ethical debate.
While no one disputes the life-saving benefits of contact tracing, data privacy experts are concerned about the fallout from hastily deployed technologies during the COVID-19 pandemic response. The Stored Communications Act and other parts of federal law in the US include emergency exceptions that permit a company's release of personal data for government use — a public health pandemic or emergency being one example of an exceptional circumstance. This already allows technology and telecommunication companies to disclose, without individuals' consent, large amounts of data about them to the federal government, and at an unprecedented scale.
How the government uses and disposes of the data in the longer term remains to be seen. Meanwhile, your business's use of the same data is scrutinized by various compliance and regulatory requirements, even if exceptions apply during the COVID-19 pandemic response.
Businesses should, without delay, review their data privacy program to better understand the impact on employees and customers in the likely development that the states or the US government mandate disclosure of data to help with pandemic-reduction efforts.
By ensuring that any changes in the collection and processing of sensitive private information are aligned with both internal and external data privacy policies, businesses and IT leaders can safeguard against the risk of exposure or detrimental relaxing of data-handling best practices to enable pandemic-related data processing.
Public Safety vs. Privacy
Changes in operational processes can be viewed as an opportunity to reinforce your employee's knowledge in the following areas:
The business still needs to define where to draw the line between safeguarding the public and being surveillant of the public. How can we reap the benefits that contact tracing provides while still ensuring that the private information leveraged is obtained consensually and used only for specified purposes?
To answer these questions, business must reinforce the primary objective — that is, the maintenance of public safety and global health. With this objective in mind, we can move to establish a set of parameters around the business use of this data. These include:
While businesses need to make quick decisions about privacy, they can also make thoughtful decisions by setting parameters and limits while ensuring employee consent. This will help both businesses and employees get through this challenging period. As noted in a recent MIT Technology Review article, "there's a strong argument that much of what we build for this pandemic should have a sunset clause — in particular when it comes to the private, intimate, and community data we might collect."