In classic spy movies or TV shows such as the Bond movies or Get Smart, our spy hero would have some object on his person that secretly doubled as another device altogether: the glasses that were actually x-ray spectacles, the shoe that was actually a phone, the cigarette that was actually a dart gun. Today, we have already entered an age in which such “wearable” smart devices are not only owned and utilized by many employees, but we all know that these devices actually have a huge range of functions: the Apple watch that can make phone calls and create recordings, the Google Glass that can videorecord anything the viewer looks at, not to mention the smartphones that are essentially a fully functioning, connected computer in your pocket. Add to these any number of other connected devices within the so-called “internet of things” –from the FitBit to iPod Nanos – and you’ve got a lot of information flow to track.
With all of these rapid changes in “wearable technology,” companies, managers and employees need to be aware of how far behind technology regulations might be in keeping up with the ability of information to flow out of a company and into the wrong hands, or simply in a place where the company cannot keep track of the information. Here are just a few major issues that should cause both companies and employees concern:
Theft/Loss of Data and Trade Secrets.
In previous eras, an employee who wanted to remove data from a workplace would have to either send the material through work e-mail to a personal e-mail, or physically remove the data itself from the location. While both scenarios presented legitimate security challenges, the ability of IT departments to track email traffic as well as access to company files, in addition to the physical complications of removing large documents, mitigated such threats. With wearable technology, however, an employee can digitally document data more easily and instantly send it out of the company without ever creating any physical or digital trail that would alert IT departments that information has already been removed, especially when the device is small and perhaps transmitting outside of the data’s networks.
Compounding this issue is the fact that hackers can commandeer such devices, such that even if you are certain of the trustworthiness of all of the employees with access to sensitive information, a third party may be able to use the wearable technology to collect company information without the user or company knowing.
Adding to these concerns is the risk of simply losing such devices as they get smaller and more difficult to keep track of, along with all of the data contained on the device, which may include sensitive work-related information that you would not want left in a taxi, an airport bar, a restaurant booth, or public bathroom.
Investigatory and Discovery Requests
Employees, especially those who may not work in heavily regulated fields such as finance, may be very unpleasantly surprised to find that what they think of as their personal devices may be required to be handd over to company lawyers, opposing parties in litigation, or governmental prosecutors or agencies when a litigation or investigation touches on matters that the employee may have communicated about on the devices. If an employee uses his or her personal phone to communicate about work-related matters, then the contents of the phone may have to be turned over without the ability of the employee to remove personal information, and the same will likely go for other devices such as smart watches or glasses. In many cases, such devices contain sensitive personal information (i.e. health information collected by a smart watch) which the user would want to avoid being made public.
Implementing Wearable Technology Regulations
Outside of outright banning of wearable technologies in the workplace, which may discourage productivity and employee morale, companies have to remain flexible in their implementation of wearable technology regulations, as the technology is constantly evolving and new devices are introduced each month. Informing employees of the security risks that wearable technology present to both company and personal information may be helpful in gaining support, and the best approach may be to invite employees to work with the company in developing regulations that work for both the employee and the organization in protecting privacy while encouraging freedom and productivity.