Data Privacy and Workplace Wearables: Can Employee Fitness Lead to Employer Pitfalls?
Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe NowAs the popularity of wearable fitness trackers increases and new models constantly hit the market, consumers continue to jump onboard the fitness gadget bandwagon. At the end of 2015, an estimated 33 million consumers owned wearable fitness devices from manufacturers such as Fitbit, Jawbone, Nike, and a host of others. With worldwide shipments of wearable devices expected to reach 110 million by the end of 2016, especially as the holiday season hits, many employers are taking notice of this trend and turning to fitness trackers to ramp up their corporate wellness programs. However, technological efforts to move employees toward improved fitness could walk employers into potential legal landmines. Here are some potential issues to consider.
Threats to Health Data Collected
Recent high-profile data breaches have created a heightened focus on data security and privacy threats, particularly related to financial data. Similar threats to data captured by fitness trackers and smartphone health applications also demand attention. Encouraging employees to use these devices and apps could unknowingly expose them to a myriad of privacy risks. The data collected by fitness devices could include:
•GPS coordinates;
•heart rates;
•blood pressure;
•calories burned;
•sleep patterns; and
•other activity.
Users often set up profiles in fitness devices’ companion mobile apps or websites by adding their name, address, telephone number, gender, date of birth, pregnancy status, eating habits, weight and other health-related information. This personal data is eventually stored in servers and, therefore, susceptible to hackers.
Employer Exposure to Liability under Antidiscrimination Laws
In addition to concerns related to unauthorized access to employees’ personal information, employers must also carefully consider legal issues that could arise from their companies’ internal use of employee health data. Companies that have incorporated fitness wristbands into their employee wellness programs typically set up a mechanism to allow employees to report their health progress by syncing their devices or user profiles to a portal. Improper handling of data collected from fitness devices could lead to potential liability under various laws prohibiting discrimination.
Steps Employers Should Consider
Due to potential privacy and antidiscrimination law implications, employers should exercise caution when incorporating fitness trackers and related technology into workplace wellness programs. With respect to fitness tracker vendor selection, employers should fully vet vendors before entering into a wellness program partnership. Due to the nature of information involved, employers should require the vendor to confirm what personal data the vendor will collect, and how the vendor will store, use, and distribute it.
Employers should also examine the vendor’s encryption procedures, especially pertaining to the data transferred from the fitness devices to related smartphone apps.
Employers should also carefully review and examine their own internal policies to ensure that their practices and procedures do not run afoul of antidiscrimination laws. An employer’s use of health-related data must be strictly limited to the administration of the workplace wellness program and cannot be used to make employment decisions.
Companies seeking to incorporate wearable fitness devices into wellness programs should continue to follow standard guidelines and consider the following recommendations:
•Avoid the collection of personal information and health data unrelated to wellness program goals.
•Enforce policies that prohibit supervisors or other decision makers from accessing health data reported via fitness devices to ensure that employment-related decisions are not based on any employee’s health status.
•Whenever possible, consider contracting the administration of a workplace wellness program to a third party vendor so that the employer only receives aggregate information that does not identify individual employees.
•Notify employees in writing that any participation in the company’s wellness program is voluntary, and offer employees reasonable alternatives to receive the incentives or rewards offered for completing health-related activities or achieving certain health outcomes.
•Because certain fitness devices collect GPS information, ensure that this data is not used in a manner that violates employees’ reasonable privacy expectations.
•Consider obtaining employees’ consent to collect personal data reported via wearable devices.
•Create policies to ensure that employees are well-informed regarding the information to which the employer will have access, and how the employer intends to use such information.
Fitness trackers are revolutionizing the way companies think about wellness. As demonstrated by the popularity of these devices, wearables could motivate employees in a way that significantly improves employee health and companies’ bottom lines. In taking steps to modernize wellness programs, however, employers must not lose sight of the inherent risks associated with utilizing this type of technology. Employers would be well-advised to seek legal counsel to ensure that their steps to increase employee fitness are moving in the right direction.
For more information, contact Ice Miller’s Labor, Employment and Immigration practice or Data Security and Privacy practice.
This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.