Why Less Data May Be More for Employers Using Wearables in Workplace
Employers deploying wearables in the workplace are possibly exposing themselves to more risk than they realize by collecting more data than they need.
While technologists may want them to deploy at a maximum, employers would be wise to limit the data they collect with wearables, according to experts at the recent Risk and Insurance Society (RIMS) meeting in Boston.
Employers must also secure whatever data they do collect, attendees were told.
Wearables represent a “huge safety opportunity” but “there are trade-offs,” said Brad Waldron, leading a discussion on the downsides of wearables.
Waldron is vice president of Risk Management for Caesar’s Entertainment out of Las Vegas. He and his fellow panelists, Ross Goren, a workers’ compensation attorney with Weber Gallagher Simpson Stapleton Fires & Newby, and David Wald, CEO and co-founder of aclaimant, a digital claims management firm, acknowledged the obvious upsides of wearables for safety and loss control but stressed the risks employers may be overlooking. While many risk managers are aware of the potential privacy risks, they may not be considering other potential landmines involving litigation, labor contracts, accommodations for disabled employees, sharing of medical information, reputational damage, incorrect data, even injuries from the devices themselves, they said.
Wearables are electronic devices that can be worn as an accessory, embedded in clothing, or implanted in a user’s body. Wearables from smart glasses, bracelets and clothes to virtual reality goggles and exoskeletons have been sold as a way to train employees, monitor performance and make workplaces safer.
The devices are capable of capturing data about their wearer’s location, environment, activity and biometrics, as well as transmitting visuals and sounds. They can provide information to prevent accidents and make workplaces safer, and if an injury or incident occurs, they can supply data on when, where, why and how it happened. A GPS or Bluetooth fob can tell where someone is at any given time, record how fast someone is moving or driving, or warn against a danger. Some wearables measure the humidity, temperature or sound levels while others take videos. A biometric based wearable can report vital signs including changes in heart rate and body temperature in real time.
“The amount of information that’s able to be collected is truly huge,” Waldron said. “Why would you bother with that?’
There are many whys. He said the “massive amount of information” might show where employees are and if that’s where they are supposed to be or if they are lost. Or that some structure is bending the wrong way or someone is operating the wrong equipment or operating it the wrong way. Is someone acting in an unsafe manner or operating too close to a danger zone? “It could be anything,” he said.
While the amount of data that can be collected is “huge,” so are the benefits to employers.
The data from wearables can be used to design workplaces and establish rules to make them safer and more productive. It can be used to train workers to perform ergonomically correct movements and gauge their productivity. It can be used to get help to workers. It can be used to investigate and verify accidents and injury claims quickly.
“You start to understand how your employees behave. The biggest issue when you start looking at loss control and protecting employees is that you don’t really know what they’re doing,” Waldron said. “You can have a strong behavioral safety program but those get penciled in. You can have people watching” with wearables, Waldron said.
The technologies can help protect employees from known hazards. “You can tell employees all the time, don’t cross that yellow line. If they’re anything like we know, the very first thing that they’re going to do is cross that yellow line just to see what happens,” he said.
The data can also provide more detailed information for incident investigations, thereby helping to control litigation costs by revealing how incidents actually happened. “When something happens, we’ve already logged that information. We go back and look,” he noted.
Those are some of the upsides.
Risks and Downsides
The major downside is that “in getting the stuff that you really want, you actually end up getting a lot of other things that you may or may not be prepared to handle or answer questions about,” said Waldron.
The panelists noted that the same wearable that records one person’s conversation or location can inadvertently capture others’ locations and comments, perhaps some that are harassing or threatening and foretell trouble. The same wearables used on the job may track individuals’ activities after business hours. Or they may catch an irregular heartbeat or detect a disability.
Some of the data may be information that the employer does not want or need or even look at. It may also be data that employees or their unions did not consent to have monitored. It just comes with the wearables.
What’s more, having all this data in its system could expose the employer to medical and cyber privacy issues and make it a target for discovery efforts of plaintiff lawyers.
“It’s a lot of things out there that really we don’t see coming,” is how aclaimant’s Wald described the risk landscape.
The panelists shared various risk scenarios, some real, others imagined. Among them:
An employee goes on a business trip and the company’s GPS reveals where the employee goes after hours such as bars, neighborhoods, homes or restaurants. “All kinds of information that you as the employer potentially don’t want, and don’t want to know. It happens off hours. Are you potentially now involved in something that you shouldn’t be involved in because you’ve arranged the tracking?” attorney Goren asked. Another employer using GPS is hit with a wage and hour claim because the company was still collecting information on employees after the close of business.
One worker’s audio sensor used to monitor decibel levels inadvertently picks up conversations all around including one where one employee threatens another. A violent incident happens soon thereafter, and the company says it did not expect or know about it. “How can you say, ‘I didn’t know this,’ when you have it, you’re collecting the data, you have it stored, and you know who reviews it?” Goren said. “You now have record of that you may have heard, you may be liable for not reporting that threat,” Waldron added.
A wearable discloses data indicating an irregular heartbeat or other medical issue on an employee. “If you’re an employer, now you have to look at how do I accommodate,” Goren suggested, referring to requirements of the ADA, the Americans with Disabilities Act. To Wald, the firm may now face the possibility that act of collecting the data itself constitutes an illegal medical examination? Or could it be an improper lie detector?
Regarding the European Union’s General Data Protection Regulation, California’s data privacy law and other such laws on their way, Waldron sees a nightmare ahead if companies are required to purge somebody’s records or supply copies of everything at their request. “We have multiple sensors that are collecting 30 data points each every second; that is a lot of data,” he noted. “It becomes incredibly difficult to comply with those requirements, and they’re very, very real.”
An employee claims he or she was wrongly terminated. The employee was wearing a sensor when the firing took place. So, there is evidence on what really happened. “And that’s the thing,” said Ross. “It’s not such a bad thing. There are instances where that is great, when we’re having this conversation we can use this.”
Hotel guest room attendants wanted a way to signal for help if they became injured or were being harassed, assaulted or otherwise in trouble. A Bluetooth button that would send a help alert with the location of the employee seemed the solution. But the fix got complicated because the workers and their union did not want management to be able to trace exactly where they were in the giant complex.
How employers use the data may matter. The NBA allows devices on players to track movement, speed and other metrics during practices. What if the device picks up a medical condition in a star player who is in negotiations for a new contract? Or what about the case of Amazon tracking how quickly employees pack and ship goods and then using automation to fire those who fail to meet the company’s standards. At the same time, Amazon does not use the data to reward top performers. What will NBA players and Amazon workers think about the fairness of using their data for the employer’s benefit but not for their benefit? How will this affect employee cooperation going forward?
Similarly, devices can send real time alerts if someone such as a lone worker falls or is injured. What if the employer does nothing? Is that negligence? Goren suggested the employee has some obligation to help employees because it is tracking them: “You have seen them. Now you have to do something.”
Wearables Risk Management
The panelists said they are concerned that companies adopting wearables technology may not be thinking about these exposures before putting the devices into operation. They said that identifying the exposures is the first step in managing the risks that come with wearables.
They also advised involving all stakeholders in the decision-making over whether and how to use wearables and over what data to collect. Waldron said it’s important to involve stakeholders because the technology and the law are evolving:
“Involve legal in doing this. Involve your unions when doing this. Involve your HR teams, and other operations guys. Involve everyone in the discussion,” he said.
Most important, he said, employers must involve their employees. “They need to know what you’re tracking and why you’re tracking it because they can turn around at the end the day and say here’s your tracker and you don’t want this. You want them to buy into this,” he said.
The three stressed transparency overall and in negotiating with unions, which tend to support wearables for safety but oppose them if they track where employees are. Goren advised employers to try for that “middle ground that gives you an opportunity to create a safer environment, a more productive environment, a more data driven environment without having to put yourself in harm’s way legally.”
“Be open to start the discussion with them. Have them there every step of the way because if they are agreeable to this, that’s a big win right there,” Wald said of working with unions and employees.
Wald also advised employers to use their new knowledge about the risks in talks with vendors and walk through with everyone involved how the actual data collection is supposed to happen.
A major part of risk management with wearables involves controlling the data being collected.
Even before selecting a technology, employers should ask what they hope to get out of it. “How do you want it to impact your business? What’s relevant from an employment perspective to accomplish that goal?” Waldron advised.
“How do you control limited data that you want, but make it work for you? asked Goren.
They advised being careful about biometric data in particular. “This is really where you can plug into a lot of the landmines here,” said Waldron.
“Do you need to know somebody’s heart rate? Do you need to know how quickly they’re moving? Can you restrict the collection of their information when they’re punching the clock? Are there ways to turn that on and off. You need to make a hard assessment of the use of the data, and you have to open that up.”
Some devices do allow employers to restrict the data. Wald noted that certain wearables have different sensor capabilities as well as ways to turn off certain collections. Some devices have no GPS and no Bluetooth. Wearable companies have ways to itemize the data employers get to minimize potential privacy violations, he said.
Wald’s advice: less is more. “You want to figure out what your problem is, and what your desired outcome is and figure out how to solve that with collecting less data. I think less is more in this approach,” he said, adding that the more data collected, the higher the litigation related risk.
Whatever data is collected needs to be securely handled.
“As you’re doing that, even if you’re restricting what’s going in, there needs to be some security provisions to make sure that whatever data you are collecting remains confidential, remains private,” stressed Waldron.
Other risk management strategies include pooling data so it is anonymous rather than linked to individuals. “You can pool and can use it to look at trends, to look at what’s going on,” said Waldron.
Employers should also have correct waivers in place with all affected employees.
However, Waldron imagined what he called a “terrifying” scenario where even anonymous data and waivers would not be enough protect an employer. A plaintiff attorney argues that the employer pooling the data had the ability to know about an issue and consciously chose not to know. “I don’t care what jurisdiction you’re in, you’re going to have a very difficult time establishing that that waiver is truly what limited your exposure. That is a very big deal and something at this point untested,” the Caesar’s Entertainment risk manager said.