Balancing employee privacy and public health and safety

Here's how to assess the privacy impacts of your COVID-19 response

Employee privacy could be a sleeping giant in the COVID-19 pandemic. A global workforce that is concerned about their jobs and their loved ones is likely to cooperate with the health-screening and tracking measures their employers may adopt. But what’s the cost to their morale and engagement? 

A regulatory obstacle course has already emerged, with governments around the world issuing more than 60 directives regarding protecting data privacy while responding to the COVID-19 pandemic. 

How can companies provide a safe workplace in a way that is defensible to privacy regulators? One way is to complete privacy impact assessments (PIAs). In this report, we’ll show how you can evaluate employee privacy using several common use cases encountered during the mobilize, stabilize and strategize phases of the COVID-19 crisis.


Mobilize:

During the mobilize phase of the COVID-19 pandemic, during which millions of workers shifted to work-from-home mode, employers verified the transition status of their workforce and received their first reports of employees testing positive for COVID-19. What lessons have been learned about how companies can provide a safe workplace, while also minimizing the impact on individuals’ privacy during this phase in future crises?

Learn more


Stabilize:

During the stabilize phase of the crisis, companies around the world are encountering a common challenge: a drop in worker energy, morale and productivity resulting from elevated levels of distress. What are the options for companies to measure and manage this new reality without causing further anxiety to workers or violating data privacy regulations?

Learn more


Strategize:

When COVID-19 infection rates decline and governments begin to lift stay-at-home restrictions, businesses will likely face a new challenge: providing an ongoing safe environment as workers return to their offices. What options will they have to screen and track the contagious status of workers in the least-invasive way, while also complying with a patchwork of varying global regulations?

Learn more

Mobilize: Minimizing the privacy impact of managing initial contagions

As with many things about the COVID-19 pandemic, companies were unprepared. This was clear from the ad hoc ways that employers initially assessed employees who were a risk to others, notified the people who may have been put at risk and made efforts to contain that risk. 

COVID-19 privacy guidance issued by the regulators (referenced in our survey) identifies key components they will look for in future pandemic-response procedures. They include:

  • Narrowly tailor health-screening questionnaires. Several countries — including Australia, Bermuda, Canada, Cyprus, Estonia, Germany, Gibraltar, Ireland, Lithuania, the Philippines and the United Kingdom (UK) — require limiting the collection, use and disclosure of personal information to the minimum necessary to prevent and manage COVID-19. Early versions of questionnaires asked employees whether they had traveled to China, Italy or South Korea, had been in contact with anyone infected, or had any symptoms of the disease — but ongoing discoveries about how the disease is contracted and spread should inform and further narrow these criteria.

  • Designate authorized individuals to handle the questionnaires. Belgium, Croatia, Hungary, the Netherlands, Romania and Spain prefer that any screenings be done by medical personnel. Other nations, such as Colombia, Finland and Georgia, require a dedicated response team to perform screenings properly and minimize disclosures. 

  • Inform screened employees of their rights. In some countries, such as Austria, employees can object to the disclosure of their status. Others, such as Switzerland and Uruguay, require employee consent. Romania requires notice to be given to employees regarding pandemic-related data processing. But in other countries, like Latvia, employers can inform the police if employees do not comply with quarantine orders.

  • Do not disclose the names of positive-testing individuals outside the response team. The identities of employees testing positive for a contagious disease do not have to be disclosed to management teams and the broader workforce across most countries with data privacy legislation, such as Mexico, New Zealand and the United States (US). Countries such as Denmark advise that when the status of employees needs to be communicated with their work teams, the reasons for being in quarantine or on medical leave should not be stated. 

 

Mobilize: Migrate to work-from-home (Q1 2020)

 

Key business problem

  • Safely transitioning the workforce out of danger from offices, client sites, and vacations to their homes

 

Potential new data processing

  • Status of worker travel obstacles and work-from-home  technical difficulties

  • Initial wave of infection reporting and contact tracing

 

Methods of data processing

  • Verbal reports

  • Software-based surveys

  • Technical monitoring

 

Privacy risks

  • Disproportionate data collection: Screening employee health status with questions that are too broad and reveal unneeded, sensitive information

  • Oversharing of personal data: Sharing the names of those testing positive beyond a designated response team

  • Insecure data storage: Storing health screenings and family member information in email strings or shared drives

 

Sample regulatory considerations

  • US restricts employee screenings that may reveal protected health information; Vietnam permits employers to self-report any possible workplace hazard; China mandates reporting worker names who exhibit COVID-19 symptoms

 

Minimizing privacy impact

  • Notice: Before the next pandemic, provide employees complete and repeated communication about how their data will be collected, stored, secured, and shared in a crisis 

  • Data minimization: Conduct anonymous surveys and push employees to designated help lines; restrict names of infected people to response team and authorized government officials

  • Consent: Default to opt-in surveys unless mandated by government regulation 

  • Security: Store health-screening data in restricted-access systems 

 

Stabilize: Minimizing the privacy impact of monitoring employee productivity

“How are you doing?” This question was asked millions of times around the world as supervisors sought to connect with their staff and support them in this uniquely challenging time. But what about more specific questions? To what extent can employers systematically collect information about employee morale or monitor their productivity?

The answer depends on the details of the monitoring, as well as where it occurs. For example:

  • Employers in most Middle Eastern countries, as well as Brazil, China, Cyprus, Singapore and the US, can require employees to allow their productivity to be monitored, while in Russia, voluntary participation is permissible.

  • Employers in Colombia and the US can require employees to take a mandatory, personally identifiable survey about their general level of energy or confidence in the company. In contrast, those in Australia, Brazil, Canada, Czech Republic and Germany must take a voluntary approach to identifiable surveys. In France, Hong Kong, India, Italy, South Africa and the UK, participation must be both voluntary and anonymous.

 

Stabilize: Optimize work-from-home (Q2 2020)

Key business problem

  • Sustaining remote workforce energy, morale, and productivity

Potential new data processing

  • Status of worker challenges: mental and physical health, childcare and eldercare responsibilities, and work-from-home productivity

Methods of data processing

  • Verbal reports

  • Software-based surveys

  • Technical monitoring

Privacy risks

  • Disproportionate data collection: The unprecedented risks of COVID-19 and the situation of all workers at home may lead employers to use technical or other means they wouldn’t have used in the office to infer worker productivity or related personal capacities  

  • Insecure home offices: Roommates and family members in ongoing regular proximity may overhear confidential conversations and access work devices and printouts

Sample regulatory considerations

  • US extends employer liability into the employee's home offices

Minimizing privacy impact

  • Data minimization: Anonymize surveys and word questions toward answers related to job-capacity management; limit technical scanning of productivity to anomalies where other indicators suggest job-capacity limitations 

  • Security: Provide workers clear and specific guidance and training regarding work-from-home security considerations, including access to work-related spaces, devices, and papers; alerts regarding COVID-related phishing scams; and secure  use of online-meeting software

Strategize: Mitigating the privacy impact of health passports, temperature checks and contact tracing

As the COVID-19 pandemic abates, employers will have to decide how to permit employees, contractors, clients and visitors to return to their offices in a way that sustains a safe workplace. Some companies are considering whether to require a ‘health passport’ — a certification from a physician or other reliable healthcare source that the holder has tested negative to COVID-19 or has not recently presented symptoms — to allow access to company facilities. This approach may work in countries such as Singapore, for example, where its Personal Data Protection Act allows employers to collect personal data through various means — and without employee consent — during public emergencies that threaten the life, health or safety of individuals. 

Many companies are also weighing the pros and cons of instituting temperature checks at some or all of the entrances to their facilities once they reopen. However, multinationals will likely face difficulty adopting one approach globally. For example, according to the findings of our survey of PwC privacy specialists across 47 countries:

  • In China, the Contagious Disease Prevention Law requires that employers report on confirmed and suspected infections of a contagious disease to Chinese health authorities in a timely manner. Accordingly, employers are required to regularly and frequently conduct temperature checks on employees and workplace visitors, and they also can require employees to report any health issues to a team designated to handle workplace safety.

  • In Slovakia, thermal-scanning checks have become compulsory at all workplace entrances, whereas in other EU member states, such as France and Iceland, employers are permitted to perform them, but cannot mandate them. 

  • Russia requires employers to give employees notice about any use of thermal imaging and destroy any recordings within 24 hours.

  • In the US, the Equal Employment Opportunity Commission recently released guidance that permits temperature checks for use during a widespread pandemic to help identify the high temperatures commonly associated with viruses.

  • Luxembourg prohibits daily temperature checks and the systematic collection of employee health symptoms.

App-based contact tracing will soon reach many people in one way, shape, or form. Different versions by governments, employers, and mobile-phone makers are being offered to employees for use on personal and company-owned devices they use for work. They share the same concept: users of the app are notified if they have been in close proximity to someone else on the same app who has reported positive for a COVID-19 test. That notified user can then have a reason to self-quarantine and get tested. Many public-health stakeholders see this as an important tool in getting the world to return to their places of work in a safe way — if a large majority of a population adopts it. 

But what is the most privacy-responsible way for companies to roll out an enterprise version of app-based contact tracing? Here are some considerations for corporate privacy officers to be addressing in their PIAs for these solutions:

  • Get employee buy-in. Employers need to get a high proportion of employees returning to offices to download the app, carry their phone with them while at the office, get tested if their risk factors increase, and self-report positive tests knowing they will end up being quarantined again. Employers may not need to take a mandatory approach to achieve that objective if they can win over their employees with clear and frequent communications about how it all works, appealing to the worker’s interest in helping to make the workplace safe and productive for everyone.

  • Keep geolocation data anonymous and encrypted. Employees should be able to trust that their employers, coworkers, neighbors, and hackers can’t trace their whereabouts while using the app. Some versions of these apps accomplish this by de-identifying a device’s location data and encrypting it on the device itself, not on a company server. Privacy officers need to dive in and understand these technologies and data flows as part of their PIA.

  • Don’t feed data to government authorities. Employers should exercise all available rights to keep their workforce data confidential in order to build and sustain employee trust in the app and achieve positive outcomes for everyone involved. 

  • Make everything temporary. To meet the proportionality principle embedded in privacy laws around the world, the app and all of the data associated with it should be deleted once employers have returned to a pre-defined and communicated state of acceptable risk of contagion. Employers will want to resist the urge to re-use this data for purposes unrelated to COVID-19 management, such as workspace-capacity optimization. 

Employers can play a unique role in the app-based contact-tracing ecosystem. As employers, they can have a more influential, daily relationship with employees than their employees’ phone makers or government agencies. Employers are able, in their unique role, to explain to employees how everything works and architect it in a way that respects employees’ rights and freedoms as well as provide them a meaningful feedback loop. A multinational considering this option should perform a PIA that addresses the variables unique to each country in which it plans to deploy this technology.

 

Strategize: Return to the office (Q3+ 2020)

Key business problem

  • Ensuring a safe environment to work within an altered business environment

Potential new data processing

  • Worker illness indicators: elevated temperature and coughing

  • Worker proximity with contagious coworkers

Methods of data processing

  • Verbal reports

  • Manual and automated temp-checks

  • Manual and device-based contact tracing

Privacy risks

  • Disproportionate data collection: Contact-tracing apps require employees to always carry phones including on personal time to be most effective, potentially expanding geolocation collection of all apps on the phone, and resulting in disruptive false-positive notifications causing new quarantines 

  • Oversharing of personal data: Temp-check queues at office entrances can stigmatize employees to others nearby if their temps are elevated and they are asked to leave

Sample regulatory considerations

  • US permits temp checks that are not physically invasive; Slovakia mandates temp-checks at employer entrances; France permits employers to offer but not compel temp-checks

Minimizing privacy impact

  • Disproportionate data collection: different versions of app-based contact tracing can result in processing more data than is needed for the intended purpose of notifying affected individuals

  • Data minimization: Provide private areas with private exits for temp checks and minimize the storage of personal data related to temp checks 

  • Consent: seek employee buy-in for device-based contact tracing

The consumer has dominated the global debate over data privacy since its inception two decades ago. But most of those consumers are employees who arrive to work with the same privacy expectations they formed as consumers. If people feel trapped about the privacy choices available to them as consumers, some of the tracking and monitoring envisioned by their employers to cope with the COVID-19 pandemic may accentuate these feelings and affect the trust they place in their co-workers, employers and society at large. 

All members of the C-suite — not the privacy leaders alone — have a stake in the emotional well-being of their employees and their commitment to the values of the company. As the executive leadership teams plot their strategies to adjust their business models to the new post-COVID realities, one of their agenda items should be to formalize an employee data ethics policy. The foundation of that policy should be the principle that informed employees understand their best interests and should be empowered to make decisions about both their health and their data. Adherence to this principle will likely help global regulatory compliance and help restore employee confidence in the changed and challenging world around them.

 

Post-COVID-19 workforce privacy action plan
1
Update global employee privacy policies and employee training to account for pandemic response
2
Communicate frequently about all ways worker data is collected, used, protected, and shared
3
Equip employees to work from home securely and privately with standardized and tested capabilities
4
Design privacy-friendly default settings into workforce-facing technologies, putting employees in control of their personal information, and deleting employee data collected during the crisis when it is no longer needed
5
Systematize global privacy regulatory monitoring and response, using a network of local advisors and a tool such as PwC’s Risk Atlas

Contact us

Jay Cline

Jay Cline

US Privacy Leader, Principal, PwC US

Sean  Joyce

Sean Joyce

US and Global Cybersecurity and Privacy Leader, PwC US

Joseph Nocera

Joseph Nocera

Cyber & Privacy Innovation Institute Leader, PwC US

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide