What are the legal risks of tech gadgets at work?

While tech may be bolstering engagement programs or safe distancing measures, take note of data laws

What are the legal risks of tech gadgets at work?

What risks should you mitigate with tech gadgets or applications at the workplace?

In our ‘new normal’, many organisations are turning to technology to track data for things like employee well-being, especially with studies warning about the heightened risk of mental health issues.

Some organisations are also turning to technology to sustain safe distancing measures at the workplace.

Unfortunately, this also comes with its own set of complications. For example, trackers, such as apps used on personal mobile phones, have the ability to record its wearer’s location and even biometric data, in some cases.

READ MORE: Cyber threats at home? Remote workers may be using 'rogue' apps

While there has been raised awareness about cybersecurity breaches lately, and the loss of personal data, there’s another question employers should consider: can companies legally use the data collected as part of their evaluation of the employee’s performance and behaviour?

One employment lawyer told HRD that with prevailing local data laws like Personal Data Protection Act (PDPA), employers should be careful, even if the information is collected ‘outside of work’ – for instance as employees work remotely.

“The law does permit a company to do so if it had obtained the consent of its employees or otherwise notified them that the personal data that it was collecting from the wearable tech outside of office hours was also to be used in the employees’ performance review,” the lawyer told HRD.

“One of a company’s basic obligations under the PDPA is to obtain an individual’s consent when collecting, using and/or disclosing his or her personal data.”

READ MORE: Is it legal to monitor staff emails and phones?

While a company could rely on the PDPA’s exception to obtaining consent under the context of ‘managing or terminating an employment relationship between the organisation and that individual’, they still need to notify the individual of the purpose of the collection, use or disclosure of personal data before doing so, he added.

Nevertheless, he said companies should expect some level of resistance from employees in consenting to having their personal data used for such purposes.

At the end of the day, clearly communicating your intentions to your employees and working out the type of information they are willing to share are key things to remember.