Companies have long had the right and ability to monitor workplace email and phone conversations and track company vehicles on the road. But things have become more personal. It was inevitable that as GPS, radio-frequency identification (RFID) chips, and Bluetooth technology advanced and fitness trackers became ubiquitous, employers would seek to harvest the capability of these tools to improve employee health and safety and operational efficiency. Today’s wearables allow employers to monitor employees’ physical activity, posture, location, stress level, metabolic rate, and fatigue. This level of personal surveillance gives rise to a host of legal, privacy, data usage, data protection, discrimination, and morale issues that should be considered as employers deploy wearables and develop related workplace policies.
Given that technology moves faster than regulation, employee monitoring via wearables remains relatively unregulated and is generally lawful in most jurisdictions, provided there is appropriate notice as to the who, what, when, and why of employee monitoring that sufficiently negates an employee’s expectation of privacy. Caution, however, is warranted. Employer abuse of the data collected by wearables, or making adverse employment decisions based on employee monitoring, may lead to increased employment litigation and legislation.
What are Wearables
The most common wearables are fitness trackers, such as Fitbits. Companies have long sponsored employee fitness events and are now handing out trackers by the millions to employees. It has been estimated that by 2018, companies will have incorporated 13 million fitness trackers into their wellness programs with the goals of increasing employee health and reducing insurance and lost productivity due to sick leave. As more and more products and apps are designed to coordinate with fitness trackers and smartphones, information such as employees’ daily step count, calories burned, and hours of sleep can be downloaded and transmitted to employers who can collect the data and track their employees on customized dashboards.
Used positively, collective encouragement to exercise and be active can yield a healthier and more motivated workforce. Used negatively, the information collected by fitness trackers can be used to identify employees with health issues or who are perceived to be lazy because they don’t exercise. Then there is the issue of what data is collected and how it is stored (by individual or in the aggregate), used, and secured. Will it be stored locally or in the cloud under human resources’ lock and key for internal use only, or will it be bundled and sold to marketing agencies and manufacturers?
Fitness trackers are just the tip of the iceberg, for the scope and function of wearables are increasing exponentially. A Boston company, Humanyze, provides employee ID badges that incorporate biometric measuring capabilities that track movements and interactions in the office, including the length of conversations and voice tones via built-in microphones. Referred to as “people analytics,” these devices can help companies understand how their employees interact and move about the office which, among other things, can lead to a better-designed workplace, adjustment of module workplaces around project teams, or—more simply—identification of “risky” behavior.
Other wearables are oriented toward health and safety. The Upright Go is designed to track posture so that the wearer can adjust his or her sitting position. Hydration wearables like the Halo Edge can tell whether the wearer is properly hydrated, not an insignificant issue if an employee is working construction on a hot day. Kinetic makes Reflex, a wearable that detects high-risk postures and alerts the wearer. Its purpose is to limit lifting-related back injuries and sprains, significant issues for healthcare and warehouse workers. The information collected by Reflex is sent back to a dashboard that is monitored by supervisors. Similarly, SmartCap makes Life, which is either a hardhat or baseball hat, fitted with what is essentially a wearable electroencephalography (EEG) monitor that can measure fatigue and therefore alertness—important attributes if an employee is operating machinery. The U.S. Army plans to track soldiers’ health using an app called “Warfighter Analytics.” The app collects data using a soldier’s smartphone camera, microphone, and motion sensors.
A wearable of a different ilk is an exoskeleton robot developed by Hyundai that can help warehouse workers lift and turn without injury. In stark contrast, Swedish company Biohax International makes an implantable RFID chip housed inside a bioglass capsule smaller than a gel aspirin tab, which is injected into the web of an employee’s skin between their thumb and forefinger. The capsule uses near-field communication (NFC) to communicate with enabled devices. Once the capsule is injected, an employee need only place his or her hand in near proximity to an NFC-enabled door, computer, vending machine, photocopier, or other device to gain entry, record a purchase, or authorize access.
Privacy and Security Concerns
Employer video surveillance and the monitoring of computer systems, employee emails, and telephone activity has achieved acknowledgement, acceptance, and legal approval if done with notice—for example, a disclaimer in an employee handbook. Yet capturing “people analytics” and personal health information such as vital signs, hydration levels, activity levels, and brain activity is unprecedented and would seem to rise to a new set of employee privacy and discrimination concerns.
Nevertheless, the Fourth Amendment right to privacy applies only to government actors. Thus, there is no inherent right to privacy in the private employer workplace. Burdeau v. McDowell, 256 U.S. 465, 475 (1921). Any right to privacy or freedom from monitoring in the workplace would therefore have to arise from an employer policy or promise that creates an expectation of privacy, a union-management collective bargaining agreement, federal law, or a common law.
Section 7 of the National Labor Relations Act gives employees the right to engage in “protected concerted activity,” such as the ability to form a union and discuss their terms and conditions of employment, etc. 29 U.S. Code § 157. Surveillance of employees can violate the NLRA because it “chills” employees from engaging in concerted activity. The use of a “people analytic” wearable that keeps track of employees—and records who they are meeting with and when—could have a chilling effect on union organizing. In a unionized workplace, it may be appropriate, if not mandatory, to negotiate the who, what, where, and when of the use of wearables. To avoid conflict, employers should educate employees about wearables and promote their positives, like improved safety and health.
While not a barrier to their use, wearables that collect significant data about employee health may create issues for employers under the Americans with Disabilities Act. The personal data collected may allow an employer to perceive or detect a disability. It may also constitute a “medical examination,” which per the ADA must be “job related and consistent with business necessity.” 42 U.S.C. § 12112(d)(4)(A). Thus, the burden will be on the employer to educate its workforce about the data collected, establish limits on how the data is used, and explain the workplace and employee safety benefits it hopes to achieve.
An Equal Employment Opportunity Commission policy guidance from January 2017 recognizes and creates an exception to the ADA medical examination requirement when fitness trackers are used in connection with a voluntary wellness program. To be truly voluntary, an employer cannot mandate participation in the program, deny an employee access to health coverage, or take adverse employment action if an employee refuses to participate in the program. In addition, the program must also be reasonably designed to “promote health or prevent disease.” The data collected can only be disclosed in the “aggregate” and may not identify individual employees, and the employer cannot require employees to agree to the sale of their health information as a condition for participating in the program.
The Health Insurance Portability and Accountability Act (HIPAA), the federal statute that mandates data privacy and security provisions for safeguarding medical information, generally will not apply to employee monitoring. HIPAA only applies to “covered entities,” which consist mainly of medical providers and insurance companies, but not most employers. 45 C.F.R § 160, 163. Thus, if a wellness plan is offered directly by an employer, it falls outside of HIPPA. If, however, a wellness program is offered as part of an employer-provided health benefit plan, then the personal health data collected would be covered under HIPAA and must be safeguarded appropriately.
Another law that would seem to apply is the Electronic Communications Privacy Act (ECPA), 18 U.S.C. §§ 2510-20. However, this law does not preclude monitoring and storage of data if an employee has consented to be monitored (for example, accepting a position and entering the workplace). Additionally, a related “business purpose exception” permits employers to monitor oral and electronic communications under the ECPA, as long as the company can show a legitimate business purpose for doing so.
Most states do not have laws applicable to wearables. But those that do—Connecticut, for example—regulate but do not prohibit employee data collection. Connecticut’s employee electronic monitoring law defines such activity to include “the collection of information on an employer’s premises concerning employees’ activities or communications by any means other than direct observation, including the use of a computer, telephone, wire, radio, camera, electromagnetic, photo-electronic or photo-optical systems…” Conn. Gen. Stat. 31-48d. Employers who do monitor their employees in this fashion must provide notice to all employees who may be affected, informing them of the types of monitoring that may occur and shall post, in a conspicuous place, a notice concerning the types of electronic monitoring that the employer may engage in. Similarly, Delaware law requires notice of monitoring or intercepting policies to the employee. Del. Code § 19-7-705. [Among the states with statutes applicable to workplace monitoring are Virginia, California, and Florida. Some states have passed laws prohibiting the mandatory implant of RFID devices. They include Missouri, North Dakota, and Wisconsin. Moreover, most states recognize a common law tort for invasion of privacy.]
Trade Secret Protection
As wearables become more prevalent in the workplace, competitors will take interest in the design and use of one another’s wearable technology, its specific application, the data collected, and how it can be used to gain competitive advantage. This type of data falls within the federal Defend Trade Secrets Act’s definition of a trade secret. [The definition of a trade secret in the DTSA is quite broad and includes information of any form, regardless of “how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing,” and of any type, “financial, business, scientific, technical, economic, or engineering information,” so long as: (1) the information is actually secret, because it is neither known to, nor readily ascertainable by, another person who can obtain economic value from the disclosure or use of the information; (2) the owner has taken “reasonable measures” to maintain the secrecy; and (3) independent economic value is derived from that secrecy.] “People analytics” wearables that monitor employee location and interaction in the workplace may be of particular interest. As one commentator points out: “The customization of the technology program to the employer’s workplace—e.g., which groups the employer chose to measure, in which locations of the workplace, which variables it chose to measure and which to ignore, etc., would all be valuable information to competitors if known.“ [Brian D. Hall, The Impact of Smart and Wearable Technology On Trade Secret Protection and E-Discovery (ABA Symposium on Technology in Labor and Employment Law, April 4-7, 2017)] Thus, encryption, appropriate mechanisms to guard against cyber-attacks, and limitations on access to the data are important to the maintenance of any employee monitoring program. Also, as with any collection of employee-related data, it is important to remain aware that such data is subject to subpoena, inspection, and review sometimes by the government—for example, the Occupational Safety and Health Administration or the EEOC—or a plaintiff employee. Thus, retention policies and a mechanism for responding to future e-discovery requests should be considered.
Wearables are likely to become prevalent in the workplace and can play a strong role in improving productivity, workplace communication, and employee wellness and safety. Yet employee buy-in is important (if not absolutely required in a union workplace) to avoid invasion of privacy concerns and negative morale associated with increased surveillance. Implementation of a monitoring program should be carefully planned and limited in scope if increased regulation is to be avoided. Adherence to applicable law, carefully drafted policies, employee education, proper data usage, and security are all essential to the successful use of wearables in the workplace.
Richard Reice is the head of the labor and employment group at Hoguet Newman Regal & Kenney. He is an experienced litigator, counselor and labor negotiator. He has also served as the EVP of HR for a Fortune 500 company.