Categories: Technology

By Steven C. Sheinberg, General Counsel of the Anti-Defamation League & Guest TMT blogger.*

A recent McKinsey report on twelve “disruptive” technologies included four that will fundamentally transform how employers relate to their employees: mobile Internet, automation of knowledge work, the Internet of things and cloud computing. I would add to the list three results of these technologies: big-data, cybercrime and privacy.

From an employment law perspective, the common element here is data – data that flows to, is stored by, and is used (or misused) by employers, third parties and employees.

Employers

As new devices and technologies are deployed, employers will likely inadvertently gather information they probably do not want – for instance, protected health information (perhaps by detecting a disease-related app on a phone) or detailed records of employee movements (which can be very harmful in wage and hour litigation).

As employers look at these (and other) large pools of data (including applicant data), some will wish to “mine” this data using increasingly low-cost “intelligent” automated systems.  Such work has to be carefully done – both algorithmic errors and poor statistical methodology can easily lead to significant errors in the information derived from the raw data.  The results, from at least an EEO point of view, can be quite disastrous.

This data will likely be stored on third-party “cloud” storage systems –an arrangement that will raise new risks for employers.

Third Parties

Employers need to be concerned data in third party hands -- whether it is there intentionally or not.

For instance, employers ask employees to use devices that are loaded with third party apps – and sometimes they even ask employees to use these apps.  These apps routinely collect significant amounts of data, including location and unique device identifier information. Such data can be combined to create a very detailed profile on users.   This data – owned, protected and even sold by these third parties – can create a new window into an employer’s operations that litigants and corporate spies alike would love to see.

Next, data will inevitably end up in third party hands through litigation and discovery.  As the cost of sophisticated analytics concerning that data is falling, there will be a sea-change in how employment cases are litigated – especially class actions.  And in the regulatory and EEO context, as a recent White House panel on so-called “big data” concluded, “the federal government should build the technical expertise to be able to identify practices and outcomes facilitated by big data analytics that have a discriminatory impact on protected classes.”   The use or misuse of this information by the government or litigants will require a very sophisticated legal response – one that will likely involve the world of statistical analysis and coding.

Information will also end up in third party hands through crime.  Whether inadvertent or not, the primary source of data breaches is through an employee’s keyboard.  As the breaches continue and the costs rise, employers will have to take radical approaches to data protection, including new levels of data segregation, radically shoring up security-related policies and treating mobile phones, whether company-owned or not, as on par with laptops.

Employees

As data is produced by more and different devices, there will be serious questions about who owns the data those devices store and generate.   Will an employee-owned, GPS-enabled app used on a “BYOD” device contain data that is owned by the employee (say, concerning their fitness activity) or, because it was worn during work, will it contain proprietary information (such as a record of where the employee visited)?   Employers must understand what data their employees are gathering – and update policies and executive employment agreements to deal with it.

In the social media context, employers will be forced to grapple with always-on devices, including those that constantly stream video.  It is unclear whether a simple workplace ban on such recording (as recently permitted under the NLRA) will survive video streaming’s convergence with social media --the latter of which the NLRB maintains can be a form of protected concerted activity.

Last, employers need to have action plans in place for data breaches caused by or impacting employees.  Employers should also ensure that insurance policies cover employee-caused data breaches and incidents involving employee information.

Concerns about privacy cover all three areas, but this is well covered elsewhere.

Summary

This short survey illustrates that the world of the employer will more and more involve data-driven risk –placing their lawyers deep in the world of statistics, system design and security management.

---

*EBG appreciates Steven C. Sheinberg’s contribution and respects his views, but notes they are his views and not necessarily those of EBG or any of its attorneys.

Tags: automation of knowledge work, Big Data, Cloud Computing, cybercrime, mobile Internet, privacy, Steven C. Sheinberg, the Internet of things
Back to Workforce Bulletin Blog

Search This Blog

Blog Editors

Related Services

Topics

Archives

Jump to Page

Subscribe

Sign up to receive an email notification when new Workforce Bulletin posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.