IEEE Leads Effort to Improve Protection of Your Employee Data

The problem: Consumer data protection laws don’t cover employee records

2 min read
Office security concept shown with a lock and key on a desk with a keyboard.
Photo: iStockphoto

THE INSTITUTE Most privacy laws that give consumers control over how their personal data is being used don’t cover employees. It’s up to the employer to protect the personal information they’ve collected about their workers, some of which is sensitive. That can create problems, not just because an employer might mishandle the information but also because it could be sold by third-party vendors that administer workplace programs.

As more technology that uses personal data is adopted in the workplace—such as biometric authentication tools to verify worker identities and GPS apps that track their whereabouts—there are even more reasons to protect the records.

Employees are becoming concerned that their data is used in an ethical, transparent way.

The IEEE Standards Association in 2017 initiated the IEEE P7005 Standard for Transparent Employer Data Governance. The project is sponsored by the IEEE Computer Society.

The IEEE P7005 working group is currently defining specific methods for employers to certify how they collect, access, use, share, store, and destroy employee data. The group also is working on recommendations for how to provide a safe, trustworthy environment for employees to share their information.

The working group’s 30 members include representatives from large multinational companies, trade unions, and human resource departments, as well as self-employed workers.

The standard considers existing data privacy laws, including the European Union’s General Data Protection Regulation, says IEEE Member Ulf Bengtsson, chair of the working group. The GDPR, which took effect in 2018, aims to protect individual privacy and empower people to have greater control over their online presence and personal information, including how their data is shared and used.

Bengtsson says a draft of the standard is undergoing a legal review and will be released later this year. In the meantime, he says, there are certain basic rights and best practices that employers can keep in mind when considering how to handle employee data.

• Employers should not collect and store data unless they have a specific purpose for it. “The employer, of course, has autonomy over the data on its employees,” Bengtsson says. “But that information should only be used for a particular reason.”

• Collection of data should always be with the consent of the employee, who is the one who actually owns the information.

• Data should not be kept longer than is necessary for the purpose for which it’s intended.

• When an employee leaves the company, the business should destroy its copy of the worker’s information.

• Employee information should not be shared with a third party without the employee’s consent. Bengtsson says the standard will call for third-party vendors to comply with privacy protections recommended in the standard.

IEEE P7005 is part of a growing portfolio of more than 30 technical and impact standards that promote innovation, foster interoperability, and recognize human values. The standards are part of the AI systems portfolio of work in the IEEE SA, including the IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems, an IEEE SA Industry Connections activity that produced the Ethically Aligned Design document published last March.

The Conversation (0)

Get unlimited IEEE Spectrum access

Become an IEEE member and get exclusive access to more stories and resources, including our vast article archive and full PDF downloads
Get access to unlimited IEEE Spectrum content
Network with other technology professionals
Establish a professional profile
Create a group to share and collaborate on projects
Discover IEEE events and activities
Join and participate in discussions

A Smart Artificial Pancreas Could Conquer Diabetes

This wearable device senses blood glucose and administers insulin accordingly

11 min read
A woman sitting on a bed raises her shirt to show a white circular patch on her skin, with wires coming out and attached to a rectangular device, which has a screen showing graphical Control-IQ data.

The Tandem insulin pump, no bigger than a mobile phone, infuses insulin under the skin at the command of Control-IQ software, which has received blood-glucose data from a Dexcom G6 sensor.

Matt Harbicht/Tandem Diabetes Care/Getty Images

In some ways, this is a family story. Peter Kovatchev was a naval engineer who raised his son, Boris, as a problem solver, and who built model ships with his granddaughter, Anna. He also suffered from a form of diabetes in which the pancreas cannot make enough insulin. To control the concentration of glucose in his blood, he had to inject insulin several times a day, using a syringe that he kept in a small metal box in our family's refrigerator. But although he tried to administer the right amount of insulin at the right times, his blood-glucose control was quite poor. He passed away from diabetes-related complications in 2002.

Boris now conducts research on bioengineered substitutes for the pancreas; Anna is a writer and a designer.

Keep Reading ↓ Show less