Even though we are currently in the throws of summer, 2020 is right around the corner, and the implications are immense.
In the U.S., politicians are gearing up for a chance to spar with political opponents while establishing new public priorities, one of which is bound to be about privacy.
Two years ago, Europe’s General Data Protection Regulation set the tone for privacy, making it a cornerstone of their landmark legislation. Now, those values are expanding to countries around the world, including the United States. In addition to California’s Consumer Privacy Act, ten other states in the U.S. are considering data privacy legislation.
Moreover, the movement is going global. To date, more than 80 countries have adopted GDPR-like privacy laws, making it increasingly apparent that it will define the political, professional and social landscape for years to come, and it’s something that will define the debate in 2020.
The result is a delicate balance for law enforcement officials, IT leaders, and businesses as they strive to protect sensitive information – a difficult task that seems to become more challenging by the day – without violating the privacy rights of their employees through things like monitoring programs or endpoint data loss prevention protocols.
The Monitoring Movement
For government organizations and businesses of all sizes, the possibility of a data breach is an ever-present specter that is becoming both more prevalent and more expensive. According to respondents of a global cybersecurity survey, it will cost an organization more than 12% of their annual revenue to fully recover from a data breach, a number that has increased by more than 25% in just two years.
A significant number of these breaches originate from employee error. Businesses agree employees are their biggest weakness in IT security – according to a study of over 5,000 businesses published by Kaspersky Lab. No wonder, most organizations are turning to some form of employee monitoring software to protect client data. It’s estimated that more than 80% of all organizations are using monitoring technology to prevent data misuse and theft.
While implementing such technology can help companies shore up a critical element of their cybersecurity initiatives, the privacy movement – and good sense – ensures that they can’t do so at the expense of employee privacy.
To put it simply, as we head into 2020, privacy needs to be baked into any monitoring initiative, ensuring that all stakeholders, including customers, employees, and applicable third parties, maintain their privacy rights.
Privacy in the Workplace
While monitoring services and their various use cases are diverse, there are several best practices that help companies apply this technology from a privacy-minded perspective.
First, implementing privacy-minded workplace monitoring means knowing what you are trying to monitor in the first place. For example, organizations deploying employee monitoring software as a defense against insider threats need to weigh the software’s functionality against a security assessment that catalogues the company’s risk landscape.
By identifying and addressing specific threats, it’s possible to take a surgical approach to employee monitoring initiatives that avoids unwanted consequences.
More specifically, to ensure regulatory compliance and to garner employee support, monitoring initiatives must be proportionate to the data risks facing the company. For instance, in the UK, companies are encouraged to conduct a Data Protection Impact Assessment, an established review process that helps organizations ensure parity between the priorities of data protection and privacy.
Regardless of locale or particular assessment method, companies should consider
- any adverse effects of the monitoring arrangement
- alternatives to monitoring
- the obligations that accompany monitoring
- The legitimacy of monitoring purpose.
Perhaps most importantly, clear communications about the assessment process and the monitoring programs not only help companies comply with emerging or established regulatory standards, but they ensure that employees are aware of the oversight impacting the information. When privacy is the priority, monitoring isn’t done in secret. Instead, all stakeholders are brought into the process.
Finally, today’s employee monitoring software is incredibly capable, and companies can harness this to protect their employees’ privacy. Customizable software enables companies to monitor only during certain hours, in specific locations, or when particular data sets are accessed. Moreover, modern techniques like pseudonymization, auto redaction etc. can further promote privacy. At a time when the lines between personal and professional computing devices have become increasingly blurry, powerful software can ensure that personal information isn’t captured as part of data security initiatives.
Because the data security and employee privacy landscape is complicated, we’ve created this white paper to help organizations adopt the best solutions in the most intentional and comprehensive way.
Even as we enjoy the sun of summertime, there is an awareness that 2020 is just around the corner.
It will undoubtedly bring many difficult conversations, and the political rancor will be at an all-time high. As politicians gear up to put their best-foot-forward for the voters, companies should do the same thing in their efforts to protect their employees’ privacy.
In 2020, those two things are bound to intersect.
We produced the “Data Privacy in 2020” white paper to help organizations demystify this process, making it possible for your company to protect their employee privacy even as they tackle difficult issues like data security. Download and share it with your colleagues and give us your comments on how you’re strategically approaching data privacy in your organization in 2020 on social media by mentioning @teramindco and #privacy2020.
The contents of this article are intended to convey general information only and not to provide legal advice or opinions. The contents of this article should not be construed as, and should not be relied upon for, legal advice in any particular circumstance or situation. The information presented in this article may not reflect the most current legal developments. No action should be taken in reliance on the information contained in this article and we disclaim all liability in respect to actions taken or not taken based on any or all of the contents of this article to the fullest extent permitted by law. Teramind would advise consultation with legal counsel or an attorney for advice and legal opinion on specific legal issues.