Legal lowdown: Data gathering
James Froud, March 23, 2017
The potential technology-related legal pitfalls HR needs to consider in the future of work
1. Duty of care
By law employers are required to provide their employees with a safe place and system of work and to make reasonable adjustments. However, they can only act on reasonably available information. As employers collect more data on their employees with the use of wearable devices there is a risk they may inadvertently be assuming a higher duty of care. With access to information from devices that can track and report on fitness levels, sleep, heartrate, stress, activity levels and many other health-related metrics, employers will be armed with precisely the sort of information that may render them legally responsible in circumstances they would not be currently.
For example, what if through monitoring an employer noticed an employee with worrying health symptoms but did not take steps to inform the individual or address the situation? If something detrimental then happens to the employee related to their health, will the employer have breached their duty of care or duties under the Equality Act? These are questions yet to be answered, but one can see how employees may seek to bring claims in those situations.
As things stand, employers choosing to use this new technology should be careful about unintended consequences. While it may seem far-fetched, as the tech becomes more sophisticated and prevalent it is conceivable policy-makers will seek to amend the law and require employers to track this data to protect the wellbeing of employees. Of course, this may prove irrelevant if the robots take over first… But, then again, perhaps a move to increase employer responsibility will serve only to encourage the adoption of robotics.
2. Trade secrets
Employees are the vanguard for protecting business-critical information and can be the greatest threat to its security. Encouraging the use of wearable devices will multiply the risks by making data more vulnerable to attack and misuse. For example, the use of devices by employees outside of the workplace may bring sensitive information into an environment that is easier for a predator to hack, or for an off-guard employee to inadvertently disclose. The information held on devices that record conversations or track location may also be hugely valuable to someone seeking to understand the confidential operations of a business, or wanting to establish which personnel have high-security clearances or the likely whereabouts of sensitive data.
As employers start using productivity data to justify pay increases, promotions and dismissals, the risk of employees bringing claims is likely to increase. Employers need to be thinking prudently as to how they are using this data, treading carefully around discrimination issues. If an employee refuses to give their consent to process their data, for example, and they are subsequently not promoted but others are, they could bring a claim saying they are being discriminated against. Likewise, if an employer analyses employee activity levels and makes decisions using that data, then a less healthy, pregnant, older, or disabled employee could claim they are being discriminated against.
James Froud is an employment law partner at Bird & Bird
DNA testing in the workplace