From repurposing robots to help hospitals care for patients to mobilizing support for a virtual workforce, businesses have quickly transformed their operations to contain the spread of COVID-19. But many worry these actions could have the unintended side effect of sidelining privacy and data protection.
Is ‘Big Brother’ Watching?
As a society, we seem to be hurtling into the surveillance age envisioned in George Orwell’s book 1984. Technology and apps that are helping to prevent illness happen to collect a vast amount of personal data, prompting an array of concerns about digital privacy and ethics. It’s only natural to wonder whether “Big Brother” might be watching.
Once these tools and trackers are implemented, can we trust companies to use our personal information in the ways they say they will—and that we have allowed? What other uses could companies think of next? And what other potentially malicious circumstances might arise?
Data Collection Creates an Ethical Dilemma
Pandemic-related data collection also raises important ethical questions: Is it morally right to collect this type of private information to save lives—or should individual privacy remain a higher priority?
Digital ethics describes the moral principles governing the behaviors and beliefs about how we use technology and data. Or, in short, doing the right thing with data. It’s distinct from data privacy, which relates to collecting and processing personal information in a manner that aligns with customer expectations for security and confidentiality.
Gartner identified digital ethics as a top strategic technology trend in 2019. Now, there’s little doubt that this issue will become even more of a concern the longer the pandemic continues, as governments and businesses alike work toward solutions to operational challenges brought on by the virus.
“Shifting from privacy to ethics moves the conversation beyond ‘are we compliant’ toward ‘are we doing the right thing.’” — Gartner
Using Technology to Fight the Pandemic
Technology has proven to be a key asset in fighting the spread of COVID-19 in some countries. For example, Chinese hospitals have used robots in place of frontline healthcare workers to reduce their risk of infection. China also uses smart imaging to detect individuals who have a fever and drones to help identify and reprimand people who aren’t wearing masks in public as required. And many countries now use cell phones to track people congregating but not practicing social distancing and for contact tracing using a person’s GPS history.
Many of these strategies have proven successful in containing the virus. But it often comes at a cost.
New behavior-tracking apps collect large amounts of sensitive location and behavioral data that must be protected. What assurances can businesses give customers that their personal data will remain anonymous?
Navigating the Privacy Minefield
So far, urgent implementation of these life-saving tools and technologies has taken priority over individual privacy considerations. At first glance, this might seem like the right thing to do, but it also raises questions.
- Do people want their coronavirus-related health information to be shared?
- Do they want others to have access to their behavioral information? And is that safe?
- Once governments and businesses have access to this type of tracking and surveillance information, how can we trust them to revert to less surveillance when the pandemic ends?
- As a society, are we willing to accept this new level of surveillance and privacy intrusion forever?
Just because this information seems to be used for good at the moment doesn’t mean it can’t be obtained in the future by those with malicious intentions.
Digital Ethics and Privacy at Work
Businesses also have specific digital ethics and privacy considerations, especially as they balance their need to ensure a safe and healthy workplace with employees’ desire to protect their personal data.
Monitoring employees. There’s been a spike in purchases of tools and services for monitoring employees, as many organizations that didn’t previously support a remote workforce have had to quickly do so. While these tools can provide insight into an employee’s workday—such as whether they’re actually working the hours they report—they also raise ethical questions.
- Do employees know they’re being monitored?
- How can they be sure they’re not recorded through their webcams?
- How do you notify employees of these new processes without instigating cultural shifts, damaging trust and facing potential legal ramifications?
Ensuring people are healthy before returning to work. Another challenge you may face is re-engaging your post-quarantine workforce in a way that respects the privacy of employees’ health information.
- How do employees prove they’re healthy enough to return to the office without potentially revealing sensitive personal health information?
- How do employers maintain employees’ right to privacy while ensuring the health of the entire workforce?
Moving from Compliance-Driven to Ethics-Driven Practices
Individual employees may understand the need to share more personal information now than before the pandemic and put aside their concerns about a potentially Orwellian reality—at least for now. But they could easily change their minds when the danger passes and expect a return to business as usual.
These ethical considerations should stay top-of-mind in a post-pandemic environment. Your business will have to determine whether it’s enough to simply comply with data protection and privacy compliance obligations—or, instead, embrace a more ethically driven approach.
Who’s Most at Risk?
Organizations facing the greatest impact from data privacy risks include those processing a high volume of personal information or deploying new technologies or apps, as well as those that have had to quickly adapt to the new virtual environment. Others that should consider evaluating their data privacy practices include:
- New companies that are standing up internal functions for the first time or that do not have mature privacy programs.
- Organizations that are not yet in compliance with the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR).
Addressing Data Privacy and Digital Ethics Questions
To ensure compliance with privacy regulations and define your stance on digital ethics, you should understand what personal information your business collects, how you use and protect it, and how you communicate these practices both internally and externally.
You can take the first steps by:
- Defining your organization’s data privacy strategy to identify and mitigate enterprise-wide privacy risks.
- Assessing enterprise programs to identify opportunities for embedding privacy considerations—across the organization or for specific projects such as new app development.
- Performing a data inventory to provide a comprehensive view of how personal information gets used across the organization.
- Assessing compliance with key privacy regulations that apply to your business (CCPA, GDPR, HIPAA, GLBA).
- Developing policies and procedures to give customers clear choices for exercising their privacy and communication preferences.
Building a Culture of Trust
As new types of personal information become available, it becomes even more important to communicate a culture of trust, with both employees and customers. Instead of simply seeking compliance with privacy regulations, consider whether you’re doing the right thing with the private information you collect.
Ultimately, there might not be a clear right or wrong answer. Which means you’ll need to weigh your organization’s moral compass against the benefits of using the information you choose to collect.
RGP’s data privacy experts are here to support you. Let us know how we can help.