Employer-Issued Fitness Trackers Are All the Rage — But Are Your Privacy Practices Up to Snuff?
In just the past couple of decades, we’ve gone from desktop computers and mobile phones to laptops and smartphones. Now, we even have smart watches capable of receiving text messages and phone calls, tracking our sleep patterns and daily fitness activity, and more (cue Black Mirror montage).
While technology has certainly changed the way we live, it has also changed the way we work. We need to ask ourselves: What does it mean for employee privacy when technology is advancing at such an astronomical rate?
What Is an Employee’s Right to Privacy?
An employee’s right to privacy largely depends on where and how an employer is accessing their personal information. For example, most employees believe their online social media accounts (whether set to “public” or not) are private, that their employers should not view their accounts (even if the employee is trolling the company), and that employment decisions should not be made based on online comments.
However, as we know, employees cannot reasonably expect such privacy, particularly when they access their social media accounts on work-issued laptops or smartphones. Similarly, employees may expect a right to privacy when it comes to their personal email accounts, but if those accounts are accessed on a work-issued device, that right to privacy dwindles.
In fact, employers often require employees grant them access to accounts or services the employer provides. Even where states have stepped in to regulate employee use of online accounts, employers’ rights are generally respected when the employer owns or subsidizes the device. For example, the Wisconsin Social Media Protection Act restricts employer actions that interfere with employees’ online activities, but it does not prevent employers from requiring their employees to provide access to information on an electronic device supplied or paid for by the employer.
But all of this leads us to a bigger question: What happens when employees’ health data collides with devices provided by the employer?
Technology and Healthy Living in the Workplace
In recent times, many employers have committed to promoting healthy living by implementing health and wellness initiatives in the workplace, ranging from smoking cessation programs to “biggest loser” weight loss challenges. The goal is to help employees stay fit and healthy, because healthy employees tend both to be more productive and to incur fewer health care costs. According to the National Council on Strength & Fitness, employers save an average of $6 for every $1 spent on employee wellness.
As part of these health and wellness initiatives, many employers have begun providing employees with fitness trackers and encouraging them to sign up for voluntary digital health monitoring. Employers may also request that employees complete biometric health screenings that identify certain health goals. Typically, in exchange for their participation, employees are promised cash, reduced premiums, or reimbursements for copayments and deductibles, which have increased significantly as health care costs continue to rise.
According to the Kaiser Family Foundation’s annual survey, 21 percent of large employers that offer health insurance collected data from wearable devices last year, up from 14 percent in 2017. This compilation of employee data is part of a concerted effort to improve the health of an employer’s workforce. As a result, employers have access to the information collected from employees’ fitness trackers. Depending on the device’s sophistication, the employer can see how many steps the employee takes, the distance walked, the hours the employee spends in a sedentary state, 24/7 heart rate, and sleep duration and quality. If an employee is too sedentary, some fitness trackers will alert the employee to get moving. Depending on the setup of the fitness tracker, the reminder may even come directly from the boss.
Concerns About Data Collection
Opponents of the employer-provided fitness tracker trend believe employers will inappropriately utilize the information retrieved from fitness trackers. Some suspect the use of fitness trackers and the information generated by them will cause employers to favor healthier employees over others. Questions are being asked about how much data the tracker can obtain and share with employers.
Will employers be able to tell who smokes? Will employers be able to guess who may be pregnant or have prostate trouble based on how often they go to the bathroom? Will employers keep an eye on who visits the vending machine or kitchen the most? Many fitness trackers have GPS capabilities, and some employers use GPS to track employees’ movements while working, but will employers begin tracking what employees do on the weekends or in their free time as well? Will employers be able to track drug use via these devices? If employers are accessing this data, are they studying it and making decisions based on the information? Additionally, many opponents believe that employees do not really have a choice in opting into their employers’ health and wellness programs.
While the employer-provided fitness tracker trend is growing at a significant rate, it is unlikely the law will advance as rapidly. However, there is current legislation that can affect what an employer can do with information obtained by fitness trackers, and there are best practices that employers can implement to mitigate risk.
While the US Supreme Court has already suggested that employees may lack any reasonable expectation of privacy when it comes to employer-provided technological equipment, some states have passed legislation the regulates employee privacy a little more stringently — including legislation that specifically limits what employers can do with employees’ biometric data (e.g., the Illinois Biometric Information Privacy Act).
Best Practices for Handling Employee Health Data Securely
While there are some legal risks involved in outfitting your workers with fitness trackers and the law is not yet fully developed in regard to this matter, there are ways for employers to start mitigating their risks today.
For example, you should not require employees to use fitness trackers or fine employees who opt out of the program. You should obtain written consent from employees who wish to enroll in the program before they are issued fitness trackers. You should also implement a policy regulating the proper use of information obtained from fitness trackers. The policy should describe the reason the company implemented the program, the nature of the tracking device, the data being tracked, how you will use (and not use) the data, and how you will keep the data secure. Notice to the employee is key when establishing what privacy employees can reasonably expect.
In this age of data breaches, the more data fitness trackers record, the greater the risk the information will be compromised. Privacy risks are relatively low for fitness trackers that collect nondescript data such as activity, steps, and calories. You should consider providing fitness trackers that only track basic, relevant fitness information. Additionally, you should limit the nucleus of individuals who may review the data and ensure that the IT department has implemented data security protocols that protect this information just as rigorously as you protect trade-secret data.
You also should consider obtaining fitness tracker information through a service that limits how you will receive the information. For example, Fitbit has some protocols in place to prevent employers from accessing information employees have not agreed to share. Instead of sending specific results regarding individual employees, Fitbit forwards aggregate data about the workforce overall to employer program administrators. If you cannot determine exactly whose fitness information you are reviewing at any given time, you can mitigate risk of privacy or discrimination complaints based on information obtained from fitness trackers.
Employers that have implemented or are interested in implementing health and wellness programs that include fitness trackers should remain committed to protecting employees’ personal information and should refrain from inappropriately using employee data obtained by fitness trackers. You should work hand in hand with your employment counsel to ensure you are addressing all of these concerns and complying with local laws.
A version of this article originally appeared on the Fisher Phillips site. This article is for informational purposes only and does not constitute legal advice.
Lariza Hebert is an associate in Fisher Phillips’s Houston office.