While surviving 2020 took remarkable flexibility from a business perspective, dealing with the long-term impact of the Covid-19 pandemic will mean continued adaptation. For companies hiring or supplying employees and contingent labor, Covid-19 forced a dramatically different approach to personal recruitment and management, a process that continues to evolve. However, one trend likely to remain prevalent is the rise of remote working from rare perk to operational norm. Managing this transition sustainably will mean confronting another challenge — how can businesses and agencies maintain staff privacy without sacrificing productivity?
On one level, remote working has created new opportunities for supplying and retaining talent. However, on another level, telecommuting also moves staff away from managers’ line of sight. As their employees become less visible, many organizations’ natural response is to increase their remote monitoring efforts. Although as many as 50% of businesses were monitoring employee emails before the pandemic, last year saw a boom in specialized workplace surveillance tools designed to gauge remote worker productivity — thousands of newly remote businesses deployed tools like Hubstaff or productivity scores in software such as Microsoft 365.
Unfortunately, while these monitoring tools may have some use, they also present a potential pitfall to the companies that use them. The more information you collect on employees, the greater your business’s cybersecurity risk becomes. The recent rise in data breaches has made the risk of data exposure something businesses can no longer ignore. By the end of the second quarter last year, 2020 was already considered the “worst year on record“ regarding the total number of records exposed.
As data breaches increase, the public appetite for privacy legislation grows. Last year started with the enactment of the much delayed California Privacy Rights Act (CPRA) and ended with the passing of tighter legislation in the form of the California Consumer Privacy Rights Act (CPRA).
PREMIUM CONTENT: Developments in Data Privacy: 2020 Global Update
Among other stipulations, this legislation will make many businesses with California-based customers or employees, contractors, or suppliers subject to fines, which start at $2,500 per violation from the 1st of January 2023. These violations include exposing personal information through a data breach or sharing/selling it to third parties without an individual’s permission. When it comes to their contingent workers’ personal information, responsibility will lie with both staffing agencies and the company hiring from them. Any impacted entity storing personal information will have a responsibility to keep it safe and use it responsibly.
Regardless of whether the CPRA currently impacts them or not, this legislation should send a strong signal to businesses elsewhere in the country. Attitudes towards data use are hardening both at the public and the legislative level. The unanimous passing of the CPRA in November points to an increased likelihood of further legislation in other states and a potential future federal data privacy law. Rather than get caught two steps behind, businesses should focus on creating a future-proofed policy around staff privacy that brings transparency and security to the forefront.
To start with, this means being upfront about how, why and when you monitor staff. While this might sound a bit daunting, studies show that most employees are okay with being monitored if they are told first, or it benefits them in some way.
However, businesses should also back up transparency with protection. Tools such as password managers rolled out alongside business-wide privacy protection can help embed privacy within your operations. Doing so will both keep you ahead of the regulatory curve and make privacy a productive business asset.