Employee data collection is a longstanding practice. In light of the trends in privacy law, employers may want to reassess what they are collecting and how long the information should be retained.
Data Privacy
Technological development has always outpaced privacy concerns, but never more so than in the past decade. Collection and centralization of personally identifiable information (PII), tracking of movements and digital surveillance are all at unprecedented levels. Regulations and laws are only just beginning to catch up to the ability of both governments and private entities to deploy these capabilities.
What exactly is there to worry about? The mass collection and centralization of data by giant multinationals such as Facebook and Google is as good of a place to start as any. Two decades of vacuuming up the personal data of users of various online services has created the most impressive marketing capabilities in history, but these profiles have astounding potential for damage when they are used the wrong way or fall into the wrong hands.
Unauthorized information that is captured in data breaches tends to find its way to massive “combo lists” that are sold and traded on the dark web. Social security numbers are added from this breach, home addresses and phone numbers from that one, personal health information from yet another. Soon, a frighteningly complete profile of millions of individuals is available to anyone willing to pay the asking price.
These are just the established data privacy issues. The emerging ones are even worse. High-quality facial recognition technology is just beginning to roll out across the public places of some countries. Artificial intelligence is not only making mass facial recognition possible, but magnifies the power and reach of any application that involves capturing and sorting information: scanning pictures, analyzing speech, sifting through text and location data. This threatens to not only shatter anonymity and privacy, but allow for highly advanced impersonation and take the concept of “identity theft” to new levels.
Some businesses chafe at the trouble and added expense of new and emerging data privacy regulations, but they are vital to both protecting rights and privacy and instilling confidence in end users. Customers want to be able to submit their payment information without worry about data breaches and identity theft, use services without wondering what is being done with their personal information and use devices without fear of surveillance or having location data tracked. The need for meaningful safeguards only grows greater as technological capabilities increase.
After years of fighting, Facebook has lost its appeal against the class action lawsuit over the use of facial recognition technology. The company could face billion dollars of penalty if they fail to win the case.
Google’s Acquisition of Fitbit may have privacy implications if they combine the health and fitness data with what they know about users from search and other Google services.
Google’s new “Privacy Sandbox” privacy standards proposal is a compromise solution for programmatic advertising while respecting users’ privacy when they browsing the web.
Instead of sending personally identifiable information directly to advertisers, Google is allegedly using hidden web tracking pages to keep its online advertising profitable.
Too many organizations either provide for no security and privacy training and awareness or take a completely inadequate or ineffective (bad) approach. Effective regular training and ongoing awareness can provide tremendous return on significantly better security and privacy practices.
Annual Privacy Governance Report from IAPP and EY focuses on the ongoing COVID-19 pandemic and its impact on privacy professions, along with the Schrems II decision and the resulting complications it has created for data transfers.
EU officials are considering wide-ranging regulation that would include heavy restrictions on a range of "high risk" AI applications; a leaked document also indicates that a facial recognition ban is being proposed.
Facebook is anticipating a loss of $10 billion to the Apple privacy changes in 2022, while Snapchat is in the midst of an overperforming Q1 that has seen the company's shares rally to increase 50% in value.
Information displayed is very similar to what is seen on Apple's privacy labels, but it remains to be seen if Google Play effectively enforces the inclusion of accurate information about Android apps.