Contact Us
Call us
United States
+1 646 893 3042
Accounts receivable department
+1 646 974 0772
All other
+32 2 793 02 19
North America: USA and Canada
Collibra Inc.
61 Broadway, 31st Floor
New York, NY 10006 - USA
EMEA: Belgium
Collibra NV
Picardstraat 11 B 205,
1000 Brussels - BELGIUM
View all
Register for access
Register for access
  • Dashboard
  • University
  • Data Citizens
  • Marketplace
  • Product Resources
  • Support
  • Developer Portal
By signing up you agree to Collibra's Privacy Policy.
My Profile
John Smith
Data Scientist, USA
Cloud-Ready Data
Digital Transformation
Data Governance

Wearables at Work: Productivity Boost or Privacy Concern?

Wearables at Work: Productivity Boost or Privacy Concern?

An article about workplaces wearables came across my Twitter feed recently, and it made me think about a conversation I had with our blog editor a few months ago on how popular devices, like headphones, collect data that could identify you. This article addresses another kind of popular device – wearables. The article talks about the rise in the number of organizations providing wearables to their employees – either to monitor the workplace for safety concerns or to promote a healthier lifestyle through devices like Fitbits.

But what many organizations fail to consider are the privacy implications of doling out wearables to their workforce. Wearables are data collecting devices. And like any Internet of Things (IoT) device, organizations need to ensure that the data they are capturing and storing from these devices goes through the appropriate governance and protection measures. With stricter data protection regulations such as the European Generation Data Protection Regulation (GDPR) coming into effect in less than a year, the spotlight on how you protect the personal data you collect is getting even stronger. And trust me, you don’t want the data coming from a wearable device program to be the cause for an audit, or worse, a breach.

But the onus doesn’t only fall on the company. Employees, too, are increasingly becoming data citizens and need to be aware of the implications of accepting company-provided wearable devices. Take Fitbits or other activity-monitoring devices as an example. These devices collect a variety of data points, from your heart rate to the number of steps you’re taking to the amount of time you’ve been sitting idle. Now consider if the data provided by your activity-monitoring device was paired with other data collected by your employer. Under the GDPR, that combination of data could be considered personally-identifiable. Or consider the fact that your employer has just provided you with a wearable that knows where you are at all times.

Now, the point of this post is not debate if companies should provide their employees with wearable devices (or if employees should accept them). Rather, it is to raise awareness about the many ways you generate data every day through everyday IoT devices. What seems like a harmless HR program designed to boost your activity levels could turn into a data breach nightmare if your company isn’t properly governing and protecting the data it collects. So what should you do?

Employers – before you launch wearable programs, discuss where you’ll store the data and how you’ll govern and protect it. Put it through the same rigor that you would any personally-identifiable information that you collect about employees or customers. And communicate the safeguards you’re putting in place before you distribute the devices. If you introduce 3rd party devices be sure to review their data protections and privacy programs and certifications.

Employees – be vigilant. Ask your employer what they intend to do with your data, where they are storing it, and how they are governing and protecting it. Don’t just assume that it falls under the same protection rules as your address, social security number, or health history. And if they can’t give you a good answer, then politely decline the device until these measures are put into place.

Does your organization provide wearables to its employees? If so, what measures have you taken to ensure the data is governed, protected, and secure?

Related resources

View all resources

More stories like this one

Feb 25, 2021 - 3 min read

Driving GDPR Compliance

Read more
Jan 14, 2021 - 4 min read

5 Steps to build an enterprise data protection framework

Read more
Oct 28, 2020 - 4 min read

6 typical GDPR questions explained

Read more