As we said in our privacy predictions for 2021 and is worth repeating as we celebrate International Data Privacy Day: Now is the time to focus on your employees’ privacy. Some regulations, like the EU General Data Protection Regulation (GDPR), cover employees’ data, but many others, such as the California Consumer Privacy Act (CCPA), don’t. Regardless of specific requirements, our research shows that values-based employees care about the values of their companies, with data privacy and confidentiality being at the very top of the list. And when their companies’ values match the values they embrace, employees work harder and become advocates for their employers.
This year’s Privacy Day occurs under unprecedented circumstances that make this celebration even more important. The need to manage the pandemic has been driving employers around the world to collect, process, share, and store an extraordinary volume of very sensitive employee data. And these initiatives vary. For example, 40% of European employees responding to Forrester’s PandemicEX Survey said that their company investigated COVID-19 screening, such as temperature checks, for employees. Another 33% adopted mobile tracing apps. In their haste to manage the pandemic’s impact, many employers deprioritized their data protection responsibilities. Now, it’s time to ensure that adequate safeguards are in place — because undermining employee privacy when developing and implementing your pandemic response is a mistake.
Forrester investigated how employees feel when they are asked to share their personal and sensitive data for pandemic management purposes. The results of that research show that employees display varying preferences and attitudes about sharing their personal data.
- German respondents don’t like to share their health data but trust their employers to take privacy seriously. With the highest share of consumers familiar with GDPR rules, the German public is also particularly able to remain vigilant on their employers’ privacy posture. Conversely, employees in the UK are most comfortable with their employers collecting their medical data. In fact, the UK is also the country with the highest adoption of contact-tracing solutions in the workplace in Europe. When it comes to sharing data via contact tracing, German and UK employees are opposites. Germans trust the government more than their employers to collect their medical information via track-and-trace devices, while the opposite is true for UK employees.
- Trust in government to handle personal data varies widely; Italian employees exhibit the most trust and their French counterparts the least. And Italian and French employees strongly disagree on whether it’s acceptable to sacrifice their privacy. Generally, Italians are the most prepared to give up some of their privacy to ensure public health and safety during the pandemic. French employees, on the contrary, are the least prepared to do so. When it comes to their demand to have their personal data deleted ASAP, however, both groups agree, with a substantial majority of 60% in each country.
- Across the five European countries Forrester surveyed, almost 60% of employees want their personal data to be deleted as soon as it’s not needed for pandemic management, with the UK leading the pack. Spain closes the list.
As countries implement massive vaccination programs and employers develop return-to-work strategies that account for the continued evolution of the virus and its management, privacy is back in the spotlight. With “vaccination certificate/passport” apps, citizens could potentially begin to travel and resume other normal activities, but these apps involve identity checks and other potential privacy abuses. As employers figure out how and whether to use knowledge about their employees’ vaccinations, they must incorporate the things we’ve learned about pandemic management and employee privacy over the past 11 months.
Happy International Data Privacy Day!