As organizations work feverishly to return to business in many areas of the country, they are mobilizing to meet the myriad of challenges for providing safe environments for their workers, customers, students, patients, and visitors. Chief among these challenges are screening for COVID19 symptoms, observing social distancing, contact tracing, and wearing masks. Fortunately, innovators are
Out of Sight is Not Out of Mind – Monitoring Workers Working From Home
Just over a month ago, we provided a high-level checklist to help organizations think about critical issues as employees begin working from home to reduce the spread of COVID19. Consistent with “shelter-in-place”/”stay at home” orders, millions of workers that can are now working from home. However, out of sight is not out mind as many
Key Components of a COVID-19 Screening Program
Stopping the spread of coronavirus is critical to overcoming the COVID-19 pandemic. As testing is ramping up around the country, some states and localities have imposed health screening requirements in an effort to identify persons at risk of being infected and stopping them from infecting others. Whether mandatory or recommended, screening employees and visitors could
Privacy & Cybersecurity Issues to Watch in 2020
2020 may very well be the most impactful year for data privacy and cybersecurity in the United States. In honor of Data Privacy Day, we discuss some of the reasons why that may be the case. In short, as privacy and cybersecurity risks continue to emerge for organizations large and small, the law is beginning
10 Steps for Tackling Data Privacy and Security Laws in 2020 for In-House Counsel and HR Pros
After years of data breaches, mass data collection, identity theft crimes, and failed attempts at broad-based federal legislation, 2020 may be the year that state privacy and data security legislation begins to take hold in the U.S. For example, the California Consumer Privacy Act (“CCPA”) and the New York Stop Hacks and Improve Electronic Data
OCR Recognizes Insider Threats to HIPAA PHI, You Should Too
As we have observed here, news reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk is malicious insiders.
California’s “Your Data, Your Way” Initiative
California keeps making privacy headlines for its trailblazing California Consumer Privacy Act (“CCPA”), set to take effect January 1, 2020, but there is another set of privacy bills making its way through the California state legislature, that, if passed, will provide consumers with further privacy protections.
The “Your Data Your Way” initiative, comprised of four
Can Hackers Break Into GPS Trackers Used For Your Fleet?
The answer may be yes.
GPS trackers enable businesses to derive greater efficiencies and productivity from their employees and their vehicle fleets. But, when businesses deploy this technology, HR departments often raise valid concerns about employee privacy on and, in some cases, off the job. When employers install GPS trackers on company-owned vehicles, these privacy
Secret Video Surveillance Found in Hospital Labor and Delivery Rooms
The New York Times newly established Privacy Project, recently highlighted the extent to which our society has created a “facial recognition machine” – cameras are everywhere, even in doorbells. Segments of society have accepted widespread surveillance on public streets, shopping malls, and in common areas of office buildings, apartment complexes, schools and similar
As Wearable Technology Booms, Sports and Athletic Organizations at all Levels Face Privacy Concerns
As wearable and analytics technology continues to explode, professional sports leagues, such as the NFL, have aggressively pushed into this field. (See Bloomberg). NFL teams insert tiny chips into players shoulder pads to track different metrics of their game. During the 2018-2019 NFL season, data was released that Ezekiel Elliot ran 21.27 miles per hour for a 44-yard run, his fastest of the season. The Dallas Cowboys are not alone as all 32 teams throughout the league can access this chip data which is collected via RFID tracking devices. Sports statistics geeks don’t stand a chance as this technology will track completion rates, double-team percentages, catches over expectation, and a myriad of other data points.
There are obvious questions and concerns about the use of this technology, and not just at the professional level. Wearables can be found at all levels of sports and athletic activities, including at colleges and high schools. At the professional level, the NFL is unique in that it allows teams to use the chip data during contract negotiations. However, players do not have full access to this information, unless specifically granted by individual teams. This is important since there is much debate over who truly owns this data. And, for a variety of reasons, players and athletes want to know where their information is stored, how it is stored, whether and how it might be used and disclosed, who has access to it, and what safeguards are in place to protect it. Major League Baseball and the Players Association added Attachment 56 to the 2017-2021 Collective Bargaining Agreement to address some of these concerns. But, again, these and other questions are not unique to professional ball players.
With devices ranging from wearable monitors to clothing and equipment with embedded sensors, professional teams, colleges and universities, local school districts, and other sports and athletic institutions, as well as the companies that provide the wearables, can now collect massive amounts of data such as an athlete’s heart rate, glucose level, breathing, gait, strain, or fatigue. On the surface, this data may relate to an athlete’s performance and overall wellness, which may be somewhat apparent to onlookers without the aid of the device. However, alone or aggregated, the data may reveal more sensitive personal information relating to the athlete’s identity, location, or health status, information that cannot be obtained just by closely observing the individual. When organizations collect, use, share, or store this data, it creates certain privacy and security risks and numerous international, federal, and state data protection laws may apply. Any sports or athletic organization that develops a wearable device program, or has reason to believe that these devices are being used by coaches and others to collect similar data, should be mindful of these risks and regulatory issues.
Below is a non-exhaustive list of some of these laws:
Continue Reading As Wearable Technology Booms, Sports and Athletic Organizations at all Levels Face Privacy Concerns