The COVID-19 pandemic is by no means over. Tragically, thousands still die each day worldwide. The effects of the coronavirus will reverberate at the personal, economic and even geopolitical levels for years to come.
Nevertheless, in most regions we see businesses either getting back to work or preparing to do so. Enterprises that focused for two months on creating secure, productive work-from-home (WFH) programs must pivot to reopening office buildings, manufacturing plants and other facilities. (Attend our Safe Buildings webinar to learn how.)
The general success — surprising to some, but not all — of WFH has complicated this endeavor, combined with understandable reluctance to return to shared spaces. Whether acting as consumers, employees, students, worshippers or trading partners, people are hesitant to gather indoors with large numbers of others.
And who can blame them? We believe that today’s expanded WFH programs will remain part of the post-pandemic work landscape. Moreover, we believe that just as the bring-your-own-device movement blurred the lines between work computers and personal devices, COVID-19 will blur the line between remote and in-office employees, with many knowledge workers doing plenty of both.
But before this blurring can take hold, facilities must reopen. And in order to do so responsibly, businesses must reassure employees and customers that all necessary measures are being taken to safeguard occupants. To that end, smart-building technology is changing rapidly, enabling procedures that were hard to imagine just months ago:
- Remotely measuring humans’ temperatures.
- Encouraging thorough hand-washing practices.
- Monitoring physical distancing.
- Tracing the potential impact of virus threats.
Privacy and trust
There’s yet another key piece in this already formidable challenge: guaranteeing the privacy of all this newly gathered data. We know through experience and research that data security is often what prevents companies from fully embracing new business models that the Internet of Things enables. But no enterprise can ignore the new healthy, smart buildings imperative, so taking steps to safeguard the resulting data is mandatory.
It’s all about building trust and transparency, with workers and customers alike. That entails adhering to data protection principles through a privacy impact assessment:
- Lawfulness, fairness and transparency. The processing must be lawful and fair. Also, when building trust about data privacy, we advise clients that it’s virtually impossible to over-communicate. Thus, businesses must not only take the actions noted in this list — but also they must continuously inform employees, customers, and other facility occupants of the steps that they’re taking. People need to be told what data is being recorded, its purpose, how it will be shared (if at all), and how long it will live.
We find that if all of this is communicated well, employees tend to be cooperative. For example, businesses should explain what information is being tracked for regulatory or compliance reporting purposes. More often than not, informing occupants that their data is being shared with the Centers for Disease Control and Prevention (CDC), World Health Organization (WHO), or similar entities is well received; it makes people feel they’re helping by giving researchers data to find an eventual vaccine or cure.
- Purpose limitation. How is the data to be used? Information gathered to keep a facility safe mustn’t be used, for example, to track productivity. If you tell workers that you’re monitoring them for proximity to other people for health reasons, then you cannot then ding them for spending too much time at the water cooler. On the other hand, depending on laws, regulations and agreements, it may be permissible to share some data (appropriately masked, as noted below) with the CDC or the WHO — if, and only if, building occupants are notified of this sharing.
One consideration that demands extensive thought is ethnic data. While often valuable to physicians and epidemiologists, this information has potential for misuse. The potential is there for gathering valuable insights and increasing access. However, there is also a risk that highly specific data can be sold and used for targeting of dubious marketing, or for exclusion from care or insurance options. “Counting a Diverse Nation: Disaggregating Data on Race and Ethnicity to Advance a Culture of Health,” from the Robert Wood Johnson Foundation, is a thoughtful paper that organizations should study before making decisions on ethnic data.
- Data minimization. Collect only data you need, and only because you truly need it for stated purposes — that is, to maintain a healthy workspace. Computing power and sensors have become so affordable that there’s a temptation to over-collect and sift through it all later. But that creates a major tear in the bond of trust.
Masking is a subcomponent of data minimization; as much identifying information as possible should be stripped from gathered data. For example, businesses like retailers that track health data on customers must assign each customer a random identifier.
- Accurate and up-to-date. Companies must ensure that the data they use is not incorrect. This is basic blocking and tackling, yes — but that doesn’t reduce its importance. Faulty data could result in the wrong person being recorded, or in other inaccurate details, including age, that could be important in COVID-19 situations.
- Storage limitation. Employees and customers must be assured that their personal data will be retained only as long as necessary. With 14 days being the often-cited period for COVID-19 incubation, that is a sensible minimum. We recommend that in lieu of specific demands (such as local regulations or research agreements), businesses delete personal information after no more than 30 days.
- Confidentiality and integrity. Data should be suitably protected, with safeguards such as access control. Businesses must insist that access is granted on a need-to-know basis and ensure that where sensitive data is stored or transmitted, they have in place appropriate security measures such as encryption and masking.
Worldwide, companies are seeking a way forward. While reopening facilities presents new challenges, businesses that put in the work to maintain trust with employees and customers and ensure their privacy will thrive going forward.
For more information, check out our Safe Buildings “no regret” offering, visit the Internet of Things section of our website or contact us.