Is Big Brother Watching? Wearables

and Other Trends in Electronic

Monitoring of Employees

Patrice Ettinger, Chief Privacy Officer, Pfizer, Inc.

Christine Lyon, Partner, Morrison & Foerster LLP

Jack Yang, Associate General Counsel, Global Privacy

Office at Visa Inc.

TYPES OF MONITORING

• Every step you take?

– Fitness trackers, wearables

• Every move you make?

– Location tracking (e.g., mobile devices, wearables)

– Video surveillance, biometric access controls

• Every word you say?

– Call recording, email monitoring

• Every game you play?

– Other apps on device, use of work computers

PURPOSES OF EMPLOYEE

MONITORING

• Protecting the company

– Physical security

– Data security

– Legal compliance

• Improving work performance

– Coordination

– Collaboration

– Attendance

CASE STUDY

• HR: VP plans to fire an employee for removing

that mobile worker app from her phone

• You: what app?

• HR: you know, the app all field sales

employees install on their smart phones, so we

know where they are in the field

• HR: just wanted to make sure there isn’t a

privacy issue here

HOW WOULD YOU ADVISE?

HR: We are meeting with the employee in an hour to do

the termination. I need an answer now. Are you saying

we would be violating some law?

A) No, there is no law prohibiting us from doing this.

Whether it’s a good idea is another question, of course

B) Well, no. I think there is legal risk, but if there is a

legitimate business purpose for the app and it’s a

requirement of the job, I think we can enforce that

requirement.

C) Yes, this is high risk. Let’s go talk to the VP right now.

NOT A HYPOTHETICAL

• Arias v. Intermex Wire Transfer, LLC (California Superior Court,

County of Bakersfield, filed May 5, 2015)

RISKS OF EMPLOYEE MONITORING

• Legal risks under alphabet soup of laws

– ECPA and SCA for electronic communications

– CFAA for personally-owned devices

– ADA and other anti-discrimination laws

– State laws (social media, biometrics)

• Reputational risk

– Employee morale

– Negative media attention

POLLING QUESTION #1

Does your company engage in geo-location

tracking of mobile devices?

A) Yes, but only company-issued devices

B) Yes, both company-issued devices and

employee devices used for BYOD

C) No

D) Not sure—but I will look into this when I get

back to the office

LOCATION TRACKING

• Growing recognition of sensitivity of geo-

location data

• Proposed state legislation

• Best practices:

– Limit collection, access, and retention

– Obtain express, informed consent

– Consider providing ability to turn off tracking

temporarily, at least while off-duty

POLLING QUESTION #3

Does your company issue wearable devices to

employees?

A) Yes

B) No

If yes, does your company receive data from

those wearables?

A) Yes

B) No

C) Not sure, but I will find out

WEARABLES

• Interplay with HIPAA, ADA for wellness

programs, health-related data

• Disparate impact concerns

• Best practices

– Limit (or eliminate) employer data collection

– Use a third-party vendor

– Be sensitive to employee perception—not

everyone can walk 10K steps per day

POLLING QUESTION #4

Does your company use biometric screening

devices?

A) Yes, biometric timeclocks and/or

biometric access controls

B) No

C) Not sure, but I will find out

BIOMETRICS

• State biometrics laws

– Fingerprint, palm scanning

– Facial recognition

• State employee fingerprinting laws

• Best practices

– Use a trusted third-party provider

– Collect algorithms rather than actual print

– Limit use, access, and retention

MANAGING YOUR MONITORING

• Be proactive

• Leverage your privacy impact assessment

• Limit data collection, use, access, retention

– Beware of secondary uses

– Beware of linking data

• Communicate

– Notices

– Explicit consent

– FAQs

QUESTIONS?