As GDPR turns two and with CCPA live, it's time to talk about data privacy at work
- Much of the discussion of GDPR and CCPA focuses on consumers, but data privacy is also an issue for employees, writes Zoho's Raju Vegesna
A few months ago, the General Data Protection Regulation (GDPR), Europe's stringent and ambitious law protecting data privacy, turned two years old. While many companies have accepted the law as a sign of changing times, others seem to be doing the bare minimum to adhere to its requirements, especially those whose business models are built around selling and trading user data.
GDPR's reach extends beyond Europe, affecting any company that does business with European citizens or businesses. California's landmark Consumer Privacy Act (CCPA) took effect at the beginning of 2020, even as Google and others attempted to weaken its language and create exemptions for their own financial gain. While the legislation is a big step toward educating everyday people on the ins and outs of how and when their data is being used, few think about how their online activity at work may also have implications for their personal data privacy.
In both GDPR and CCPA, fines have been rare and when they do occur, relatively cheap. Until the fines and the monetary implications become more severe for tech companies, data privacy, particularly employee data, hangs in the balance.
Another way customer data is made vulnerable in B2B exchanges has to do with trackers. Companies that pay for advertising want to know whether their investment in outside marketing is translating to leads and increased traffic. This is why most software vendors work with third-party tech companies like Google, Facebook, Twitter and LinkedIn, among many others, to get analytics data on their customers, users, and prospective customers. This quid-pro-quo between businesses is problematic, and hopefully we are moving toward a future in which vendors hold their customers' privacy above benefits wrought from tracking and exchanging their behavior.
It's one thing to track the personal online activity of a user; however, it's entirely different to deal in the personal data of an unsuspecting employee who is using a service or software as a core function of their job.
What is the solution?
For employees looking to protect their data and privacy in the workplace, there are a few questions they can ask their employers:
- Does your employer pledge to keep employee data private? A recent Gartner survey found that more than half of companies used "nontraditional monitoring techniques" to track employees. In addition, when employees use apps such as Twitter while at work, they may be divulging information on how and when they use other common workplace apps, such as Salesforce or Zoom.
- Does your employer use apps that don't collect consumer data? While some apps only collect data that's necessary for them to work effectively, others clearly take the practice to another level by unnecessarily tracking things such as online activity.
The bottom line is, if the U.S. wants to continue without considerable oversight — something like Europe's GDPR — companies need to be more forthcoming about how their third-party partnerships are mining data from employees without them knowing.
Further, if today's businesses don't take action when it comes to privacy, they face many potential risks, such as losing key employees and damaging their company's reputation. On the flip side, educating employees in good faith has a number of benefits for business owners, such as attracting talent and building trust with their workforce.
Everybody wants to work for a company that is open and honest about how data and privacy may be affected when on company time, but employers and employees need to work together to ensure success.