How Businesses Can Proactively Address Employee Privacy Concerns During COVID-19
Even before COVID-19, companies had been embracing digital solutions to help them improve business processes, automate tedious administrative functions, and better coordinate facets of their operations.
Fast forward, the global pandemic has brought unprecedented change to businesses worldwide and their employees. Many businesses have had to reevaluate how they do business while addressing health and safety concerns, and accelerating the adoption of technology to keep up with all the security and employee privacy concerns surrounding the handling and storage of personal data.
On one hand, moving paper processes to digital alternatives certainly automates a lot of the work and minimizes human error. On the other, decision makers have always scrutinized security and privacy “in the cloud,” where data sometimes isn’t completely under the company’s control.
So, what can businesses do during, and post-COVID, to ensure employee privacy and their data is protected?
Formulate and Standardize Formal Processes for the Strict Collection and Storage of Data
Before addressing the question of how to go about formulating strict data collection and storage processes, organizations first need to clearly identify what they are allowed to collect and store, and who can access the data. Identify the regulatory bodies that govern how you handle data collection. There should already be established guidelines regarding authorized changes in the collection, storage, and access of information during the pandemic that can be closely followed.
Different privacy regulations have different rules requiring organizations to notify their employees regarding data collection—what needs to be collected and how it is meant to be used. Some regulations like the California Consumer Privacy Act (CCPA), for instance, require employers to also explain to workers if previously collected information will be repurposed and how.
The EU’s General Data Protection Regulation (GDPR) is another privacy regulation having a big impact on businesses. GDPR guidelines direct employers to:
- Review their cybersecurity framework
- Ensure data is protected both when in transit (i.e. being accessed) and at rest (i.e. in storage)
- Guarantee encryption and data control without exceptions
- Proactively train employees in compliance
Businesses need to fully understand the privacy regulation requirements and guidelines under which they operate. However, as a rule of thumb, it boils down to clearly knowing what needs to be gathered and how you’ll use it.
Using privacy regulatory guidance, businesses can then formulate and standardize the strict data collection and storage processes that need to be communicated to employees:
- Update system security measures to meet the needs of new norms (e.g. remote work or bring your own device practices)
- Establish network limitations to guarantee secure collection and storage of data
- Apply encryption, monitoring, and other security measures for data transfers, while also implementing employee guidelines on cloud-based data sharing and public backup services
- Ensure the monitoring of data transfers focuses on specific and legitimate compliance purposes
- Update internal communication policies and always keep employees informed
- Vet vendors and other partners against internal security standards where applicable
Learn more about compliance.
Implement Digital Solutions to Assist in Automation, Compliance, and Processing
The growth of the software-as-a-service (SaaS) industry reflects how replacing paper processes with digital solutions that securely store data in the cloud has become a successful strategy for companies to gain a competitive edge. The SaaS industry is set to become a $157 billion market by the end of 2020.
Businesses need SaaS platforms—a small ecosystem, typically—to be able to support remote workers, bolster the business processes that their functions support, and maintain efficiency in the distributed, partially home-based workplace. Beyond that, a new tech stack can be developed (or complement your existing one) with solutions that are either compliant with data privacy regulations or offer features or functionalities that make it easy to do so. SwipedOn is committed to GDPR compliance and helping customers comply with the regulations—from secure data processing to covering legal requirements.
SaaS solutions should offer robust security measures such as:
- Product security:
- High reliability with offline availability
- Secure management of passwords
- Network and application security:
- Highly secure and reliable data servers
- Secure and continuous backups
- Secure and reliable cloud data storage
- Encrypted access and authenticated sessions
- Additional security details:
- Regulatory compliance (e.g. GDPR)
- User training and guidance
Companies also need to make their employees a priority during the pandemic by leveraging technology to enforce social distancing and assist in contact tracing efforts. Contact tracing has been demonstrated to effectively slow down the spread of an outbreak, and it signals that a company is concerned with the well-being of its employees. With SwipedOn, you can easily carry out contact tracing at the touch of a button in the web dashboard.
Put Communication Plans in Place Well Before They’re Needed
In the “new norm” of the global pandemic, data privacy is top of mind for employees shifting to new ways of working, especially the millions of people that are now working remotely. From a compliance standpoint, data privacy is increasingly important as COVID-19 measures like temperature checks and even antibody testing fall under the collection of medical information, which should remain confidential between employer and employee; and processed in a manner clearly communicated and agreed upon between both parties under the guidance of applicable privacy regulations.
The more pressing concern is what happens during emergencies or COVID-19 positive cases.
Businesses must be diligent in implementing a communications plan for the most dire situations.
Take note of some best practices:
- Prepare templates and SOPs for sharing required information before it is needed. Identify who needs to know what and enforce strict information security when implementing the plan.
- As soon as you have reliable data, inform employees that possible exposure in the workplace has occurred, but do not disclose identifying information of the COVID-19 positive case. This ensures sensitive health information is not divulged while also communicating urgent issues to your workforce.
- Effectively communicate to employees that medical information should not be shared and should be kept private. Make sure to train employees on new guidelines and remind them to always take personal responsibility for their own privacy and data security.
To learn how contactless solutions can keep your employees and visitors safe and healthy throughout the COVID-19 pandemic, take SwipedOn’s visitor management system for a free 14-day trial.