Data privacy and health wearables in the workplace: Who should be accountable? (Reader Forum)

As 5G networks expand, industry experts are watching how the spread of 5G will stimulate the growth of wearable devices. Even without 5G, the market for connected wearable devices doubled between 2016 and 2019 and is expected to reach more than one billion by 2022, according to Statista.

One area where the demand for wearable devices is expected to increase is in corporate wellness programs. More companies than ever before are handing out company-sponsored wearables to encourage employees to follow healthy habits - such as taking a certain number of steps per day - in order to lower the company's health rewards. Wireless fitness trackers and smartwatches provide an easy way to keep track of employee progress.

Carriers are also likely to benefit from this trend, both in delivering the devices and their connectivity to enterprise customers, and in managing buyback programs. This places Carrier in a critical position to help organizations better manage how employee privacy is protected when they wear a proprietary health wearable.

Devices in the workplace are becoming more and more personal

In the past, it was expected that technology released by companies that were used to do business on behalf of a company would contain only business-related data. For example, traditional desktop computers typically had little personally identifiable information. This has changed over time with the advances in device mobility. These days, laptops and mobile devices that regularly leave the office likely contain a cache of personal data in addition to work files. Now think about what wearables bring to the table. These small personal devices, which may be given to an employee as part of a corporate wellness program, are fully connected computing devices on which the information collected and shared is strictly personal in nature. This could include highly sensitive health details.

So what happens to the sensitive health data when an employee leaves an organization to work elsewhere? Will portable devices be reused, recycled, or returned to a carrier? And which party - the individual user, the company sponsoring the device, or the network operator - is responsible for ensuring that the data is deleted? These are all questions that must be considered before placing a device on a person's wrist.

Wellness tools versus health devices

Everyone involved in the company's own healthcare wearable ecosystem - employees, employers, and freight forwarders - needs to understand how privacy laws apply. First and foremost, wearable devices are not health devices, which is why they are exempt from HIPAA regulations. The HIPAA regulations only apply to information created, received, or managed on behalf of health care providers and health plans. To get around HIPAA regulations, many wearables companies simply label their products as wellness tools in their privacy policies or terms and conditions.

Many wearables and wellness apps, while exempt from HIPAA regulations, do collect important personal information about a person's exercise routine and general health. The information collected is then either sold by the device manufacturer or app provider for marketing purposes or used to improve their products. In addition, wearables sponsored by employers can also pass on data about people to a health insurance company.

Needless to say, the risk of private information falling into the wrong hands without proper data management is high.

Protect sensitively Health information

Right now, data hygiene is still an issue that companies have not fully addressed. Last year, Blancco, in partnership with Coleman Parkes, conducted a survey of 1,850 senior business executives on how they handle data. More than half (56%) said their organization does not have a data cleansing policy that is regularly communicated effectively across the organization, increasing the risk of potential data breaches. Wearables can be a catalyst for companies and their employees to become more involved in the process, as it involves a whole range of personal data.

When an employee is offered a device that contains and discloses sensitive personal information, it is important that organizations are transparent about how data is being used and have clear procedures for handling that data. By being open about who has access to device data and why it's being made available to others, organizations can comply with data protection regulations and protect the company's reputation with current and future employees. While many people are happy to have their information shared, once they know the reason is to lower the cost of health care for both the company and its employees, it is imperative to give the user the option to choose to meet in the overall context.

Another consideration is what happens if an employee returns a device that contains sensitive personal information. A company's data cleansing practices should be in place and clearly expressed in the event that equipment is reused, returned to the company's wireless service provider, or otherwise disposed of.

Improper measures can result in confidential user information remaining on the devices. Take a factory reset, for example. If device data is encrypted by default, a factory reset should make device data inaccessible. However, unless linked accounts on the wearable are proactively disconnected, private information can still be reloaded onto the device even after a factory reset.

Whose role is it to ensure that wearables are safely disinfected in the workplace?

With corporate-sponsored healthcare wearables growing in popularity, the responsibility for ensuring best practices for data cleansing is often shared among different actors in the wearable ecosystem. As mentioned above, organizations that are issuing the device need to be careful about how the data is managed and removed. This process should be the same for wearables as it is for other company-released technologies such as mobile devices and IT devices. One option is to work with an ITAD or other service provider to securely erase and wipe the device before handing it over to a new employee or trading with the network operator.

Employees also have a certain amount of responsibility. If they wish to link other personal accounts and devices to their company-provided wearables, it is in their best interests to proactively disconnect all wearable device connections in due course.

The role of a carrier comes into play when it offers portable leasing packages and buyback programs. This offers operators the opportunity not only to keep used equipment out of landfills, but also to open the door to revenue through the secondary equipment market. This means that freight forwarders need to put in place data cleansing processes and relationships to ensure they are not liable for the disclosure of personal information. It also makes sense for carriers to offer their business customers the same direct consumer education that they use for privately owned devices.

As wearables become a matter of course in the workplace, privacy issues will continue to emerge, especially when it comes to sensitive health information found on wellness wearables. Proper data hygiene should continue to be handled and standardized by all parties involved in the portable device ecosystem, from the individual user to the company to the network operator.

related posts

continue reading https://dailytechnonewsllc.com/data-privacy-and-health-wearables-in-the-workplace-who-should-be-accountable-reader-forum/?feed_id=5075&_unique_id=61c6c8c6cf8a8