Digital Ethics and Privacy at Work

 Businesses also have specific digital ethics and privacy considerations, especially as they balance their need to ensure a safe and healthy workplace with employees’ desire to protect their personal data.

Monitoring employees. There’s been a spike in purchases of tools and services for monitoring employees, as many organizations that didn’t previously support a remote workforce have had to quickly do so. While these tools can provide insight into an employee’s workday—such as whether they’re actually working the hours they report—they also raise ethical questions.

• Do employees know they’re being monitored?
• How can they be sure they’re not recorded through their webcams?
• How do you notify employees of these new processes without instigating cultural shifts, damaging trust and facing potential legal ramifications?

Ensuring people are healthy before returning to work. Another challenge you may face is re-engaging your post-quarantine workforce in a way that respects the privacy of employees’ health information.

• How do employees prove they’re healthy enough to return to the office without potentially revealing sensitive personal health information?
• How do employers maintain employees’ right to privacy while ensuring the health of the entire workforce?

Moving from Compliance-Driven to Ethics-Driven Practices

Individual employees may understand the need to share more personal information now than before the pandemic and put aside their concerns about a potentially Orwellian reality—at least for now. But they could easily change their minds when the danger passes and expect a return to business as usual.

These ethical considerations should stay top-of-mind in a post-pandemic environment. Your business will have to determine whether it’s enough to simply comply with data protection and privacy compliance obligations—or, instead, embrace a more ethically driven approach.

Who’s Most at Risk?

Organizations facing the greatest impact from data privacy risks include those processing a high volume of personal information or deploying new technologies or apps, as well as those that have had to quickly adapt to the new virtual environment. Others that should consider evaluating their data privacy practices include:

• New companies that are standing up internal functions for the first time or that do not have mature privacy programs.
• Organizations that are not yet in compliance with the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR).

Addressing Data Privacy and Digital Ethics Questions

To ensure compliance with privacy regulations and define your stance on digital ethics, you should understand what personal information your business collects, how you use and protect it, and how you communicate these practices both internally and externally.

You can take the first steps by:

• Defining your organization’s data privacy strategy to identify and mitigate enterprise-wide privacy risks.
• Assessing enterprise programs to identify opportunities for embedding privacy considerations—across the organization or for specific projects such as new app development.
• Performing a data inventory to provide a comprehensive view of how personal information gets used across the organization.
• Assessing compliance with key privacy regulations that apply to your business (CCPA, GDPR, HIPAA, GLBA).
• Updating your organization’s privacy policy and communicating privacy practices to increase transparency and trust with employees and customers.
• Developing policies and procedures to give customers clear choices for exercising their privacy and communication preferences.

Building a Culture of Trust

As new types of personal information become available, it becomes even more important to communicate a culture of trust, with both employees and customers. Instead of simply seeking compliance with privacy regulations, consider whether you’re doing the right thing with the private information you collect.

Ultimately, there might not be a clear right or wrong answer. Which means you’ll need to weigh your organization’s moral compass against the benefits of using the information you choose to collect.