More than a decade ago, "dual-use" devices (meaning, one device used for both work and personal reasons) began creeping into workplaces around the globe. Some employees insisted on bringing their fancy new smart phones from home to replace the company-issued clunker and, while many employers resisted at first, dual-use devices quickly became so popular that allowing them became inevitable or necessary for employee recruitment and retention, not to mention the cost-savings that could be achieved by having employees buy their own devices.
Because of early resistance, many HR and IT professionals found themselves scrambling in a reactive fashion to address the issues that these devices can raise in the workplace after they were already prevalent. Today, most companies have robust policies and procedures to address the risks presented by dual-use devices, setting clear rules for addressing privacy, security, protection of trade secrets, records retention and legal holds, as well as for preventing harassment, complying with the National Labor Relations Act (NLRA), protecting the company's relationships and reputation, and more.
In the past year, we have seen the release and surge in demand of wearable devices: watches, fitness trackers, smart glasses and other technologies that can monitor everything from heart rate and location to capturing voice and video. The potential benefits of these wearable devices are undeniable. Companies can receive real time updates from their employees, save time locating goods and services, and increase efficiency for employees who need to work hands-free.
These technologies have real potential to make a broad impact for companies in all industries. According to a PriceWaterhouseCoopers' report much of 2014 was spent speculating, hyping up, and critiquing wearable devices and their impact on employers, employees and their consumers. The PwC report confirms what many industry experts predicted all along: we have entered a new era of devices that will have clear implications for a company's bottom line and open the door for business to cull, analyze and interpret data collected from these devices to deliver insights that can unlock tremendous value to the business.
What this means from a practical standpoint is that the infrastructure and approach to how companies manage their personnel will change considerably. There are lessons to be learned from the dual-use device experience of the past decade. When it comes to wearables, companies should consider taking proactive steps now to identify the risks presented by allowing wearables at work, and develop a strategy to integrate them into the workplace in a way that maximizes employee engagement, but minimizes corporate risk.
An effective integration strategy for wearables will depend on the particular industry, business needs, geographic location and, of course, corporate culture. The basic rule of thumb from a legal standpoint, however, is that although wearable device present a new technology frontier, the old rules still apply.
This means that companies will need to consider issues of privacy, security, protection of trade secrets, records retention, legal holds and workplace laws like the NLRA, the Fair Labor Standards Act, laws prohibiting harassment and discrimination, and more.
Employers evaluating use of these technologies should consider two angles. First, some companies may want to introduce wearable devices into the workplace for their own legitimate business purposes, such as monitoring fatigue of workers in safety-sensitive positions, facilitating productivity or creating efficiency that makes business operations run more smoothly.
Second, some companies may want to consider allowing "dual-use" or even just "personal-use" wearables in the workplace. In either case, companies should consider the following as part of an integration plan:
- Identify a specific business-use case
- Consider the potential for any related privacy and security risks including how best to protect company content and personal data
- Identify how to mitigate those risks
- Consider incidental impacts and compliance issues - for instance, how the technologies affect the existing policies on records retention, anti-harassment, labor relations and more
- Build policies that clearly define the rules of the road
- Train employees on the policies
- Deploy the technology
- Review the program after six or 12 months to confirm the original purpose is being served and whether any issues have emerged that should be addressed.
In other words, employers will need to run through a similar evaluation as when they adopted dual-use devices, while accounting for the unique features of these technologies. For example, will employees be permitted to record conversations with their colleagues? Will employees be able to use wearables in every room in the building, or should there be limitations, such as avoiding locker rooms, or classified areas? What about use while operating a company-owned vehicle?
There are many issues to consider and convening a work group of tech-savvy employees with interested managers and other HR professionals can help to spot and address potential concerns in a proactive way prior to these devices becoming more prevalent. The company should then create appropriate policies on use (or simply amend existing dual-use or personal use device policies to include these technologies), train employees on the new rules of the road, and then follow through with discipline for those employees who fail to follow the rules, potentially suspending the right to use wearables at work in such cases.
There is no question that wearables or even the next generation of technology - hearables and disappearables, devices that fit inside your ear or tuck inside clothing or your body - are here to stay. And if they have not yet shown up in your workplace, they soon will. By following these tips, employers can take steps now to develop an effective implementation strategy to maximize employee engagement and business benefits while minimizing company risk.
About the Author
Heather Egan Sussman is a partner in the law firm of McDermott Will & Emery LLP and is based in the firm's Boston office. She is co-chair of the firm's Global Privacy and Data Protection Affinity Group and is a Certified Information Privacy Professional. She is ranked by Chambers USA and The Legal 500 United States as a leader in her field.