As wearable devices like FitBit, Garmin, and Jawbone and a culture of wellness in the workplace proliferate, employers who adopt such technology should be mindful of federal and state privacy laws, as well as the myriad of employment laws that are implicated by the use of these devices. The aggressive stance taken by federal employment agencies like the Equal Employment Opportunity Commission (“EEOC”) and the National Labor Relations Board (“NLRB”), as well as the use of such data in discovery, means that employers may want to tread carefully and methodically in adopting and utilizing these technologies.
Employers and Wearable Tech Generally: For some time, employer wellness programs and attendant distribution of wearable tech have grown in popularity as a way to incentivize employees to take care of their health—such as providing lower health premiums to employees who participate. Such a program by its very nature requires collection of sensitive personal information, including information relating to age, gender, health status, and disability. However, what happens if an employee wears her device to track her sleep cycle? Is that employee, clearly outside of her workplace and hours, on notice that her employer-provided wearable is logging that data? Is employee consent broad enough to cover data collection for employees outside the workplace? Does an employer have a business justification for the collection of this data should an employment agency come knocking? Further, more potential liability may arise in the sphere of data security—encouraging employees to use wearables could implicate employers if the wearable device company gets hacked, as FitBit was earlier this year. Having proper data security protection procedures in place may go a long way toward avoiding potential liability, both internally and with the vendor of their chosen tech.
In the employment context, the EEOC and NLRB also pose dangers in this new and uncharted area.
The EEOC and Discrimination: Wearable tech and discrimination laws go hand-in-hand. Collection and subsequent use of personal health information may create liability under the Americans with Disabilities Act (“ADA”) and the Genetic Information Nondiscrimination Act (“GINA”), as well as the state and local analogues to these laws. As collection of employee data becomes de rigueur, the EEOC likely will become more vigilant about whether personal health information of employees collected from wearable tech was used to make an adverse employment action. For example, an employer who surmises from wearable tech data that an employee has a certain disability or genetic condition, and thereafter terminates that employee, could be subject to investigation and litigation by the EEOC should the employee bring a charge. Or, in a more insidious example, employment discrimination litigation could arise if an employer, concerned with high health insurance costs, believes that people of a certain race or gender are more susceptible to a certain disease, and goes searching through employee data to support its assertion. An employer would be in extremely dangerous waters, whether an adverse employment action is taken against a current employee, or the bias used in screening out applicants in the hiring process.
The EEOC also has been aggressive in regulating and attacking wellness programs, which are regulated under the ADA. To that end, in May 2016, the EEOC promulgated rules and regulations relating to programs that collect disability-related data. One key aspect for employers to note is that the ADA prohibits employers from accessing the results of medical examinations for employees in wellness programs, unless the information is related to the employee’s position and a business justification exists for it. In that context, optics will matter. It will not look good to the EEOC if an employee complains of disability discrimination and their manager had access to such information without any justifiable reason. As a result, employers may want to carefully consider why they need such information, who will have access to it, and, most importantly, ensure that employee participation in such programs is voluntary.
Employers also may want to keep an eye on these issues given that the EEOC has specifically highlighted, in its Strategic Enforcement Plan for 2017 through 2021, its prospective focus on “data-driven selection devices used for hiring or firing.” While this may mean the use of Big Data in screening applicants—which is another area for employers to assess and monitor—it is possible that it will include investigation of employer collection and use of wearable tech data. Employers will want to ensure their use of employee data does not set the wrong kind of precedent.
The NLRB and Protected Concerted Activity: As a general matter, all employees—union and nonunion alike—have a right, under Section 7 of the National Labor Relations Act, to engage in “protected concerted activity,” which means that employees may freely associate or discuss terms and conditions of employment without fear of retaliation by their employers. The NLRB has brought Section 7 into the digital age through its extensive regulation of employee use of social media. Wearable tech is another potential avenue for the NLRB to regulate, for example, where GPS tracking data is collected. While some employers may wish to use this data to ensure employee productivity and security, the NLRB has found that GPS surveillance generally can chill employees’ Section 7 rights. Thus, there are precautions an employer ought to consider if it monitors employee location through wearable tech so as not to run afoul of the NLRB, such as articulating a legitimate business justification for the monitoring. For employers that have a unionized workforce, an issue that may imminently be litigated is whether personal data collection is a subject of collective bargaining. While the NLRB has not yet spoken on these issues, given how aggressively the agency pursued employer social media policies, it may only be a matter of time.
Discovery: Another question looming for those involved in employment litigation is whether data collected from employees’ wearable devices is discoverable. For example, if an employee is suing for disability discrimination, employers may be interested in collecting information from her wearable device—whether employer-provided or not—to determine whether she has a disability, and the details of that disability. Whether this information is discoverable civilly has not yet been determined, though there has been a criminal case where police utilized wearable tech data to determine the veracity of a witness’s testimony. Since this is new ground, employers can expect objections based on privacy and the reliability of the data collected. Marshaling arguments that the data was necessary, that the employee had no expectation of privacy with regard to the data, or that the employee consented in some way to disclosure of the data by herself putting it in play, may be successful.
Because wearable tech creates a minefield of employment issues, and much of this novel area has yet to be adjudicated, employers now utilizing wearable tech data in the employment sphere will be the ones creating the law in this area going forward. Employers therefore should think about, among other things, their own business justifications for the need and use of that data, the scope of employee consent to collect data, and the protection of that data. Employers with any questions regarding their existing programs or how to set up such programs should contact Sedgwick’s cybersecurity and employment teams.