It’s no secret that implementing appropriate workspace management solutions can substantially benefit organizations.
Streamlined communication, reduced overcrowding, employee morale, flexible scheduling, reduced cost and easier automation are only a few examples.
But besides delivering fact-based insights that companies can use to build better workspace environments, workspace management solutions must also ensure that organizations successfully navigate the complexity of privacy compliance.
Since workspace management solutions rely on employee tracking and people counting to generate real-time occupancy information, they need to contain mechanisms that safeguard individual privacy and ensure personal data is handled appropriately.
Specifically, companies must implement measures in accordance with guidelines and legislation that governments have put into effect to give consumers better control over their personal data, including sensitive data.
How do companies gain with privacy compliance?
Data security policies and practices can help companies strengthen their reputation among prospects and clients while managing risk by preventing serious incidents that can affect customers and employees.
Robust privacy policies and practices can also go a long way in helping companies avoid lawsuits and regulatory investigations that involve data security.
But when organizations go beyond basic government-mandated regulatory compliance by offering more robust data protection, they can foster stronger employee relationships built on trust, attract top performers and differentiate from competitors.
Another reason that organizations are compelled to devise a strong compliance strategy is the rise of data breaches – the number of publicly-reported data compromises in 2021 has gone up by 17 percent year on year, while the average cost of a data breach amounted to $3.86 million in 2020.
EU leads the way on privacy compliance and imposes obligations on organizations around the world
The EU’s General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Although it was drafted and passed by the EU, GDPR has major repercussions on organizations regardless of their location so long as they target individuals in the bloc. The GDPR has levied harsh fines against privacy violations and security standards, with penalties reaching tens of millions of euros.
The US doesn’t have a law covering the privacy of all types of data. Organizations are legally permitted to share personal data – including sensitive information – with third parties such as data brokers. Furthermore, those third parties can then resell that data or share it with others without notifying consumers.
Canada demands that organizations obtain an individual’s consent when collecting, using, or disclosing their personal information. Under the Personal Information Protection and Electronic Documents Act (PIPEDA), people have the right to access their personal data held by an organization and challenge its accuracy. Personal information can be used only for the purposes for which it was collected, and if an organization wants to use it for another purpose, it must seek consent again.
Personal information and sensitive personal information explained
Under Canadian law, the following is considered private information: age, name, ID number, income, ethnic origin or blood type, opinions, evaluations, comments, social status or disciplinary actions. It also includes employee files, credit records, loan records and medical records.
According to the Office of the Privacy Commissioner of Canada (OPC) and the European Commission, sensitive personal data requires a higher degree of protection than personal data.
This includes health and financial data, ethnic and racial origins, political opinions, genetic and biometric data, an individual’s sex life or sexual orientation, and religious/philosophical beliefs.
How to handle personal information while complying with global laws
The GDPR doesn’t set standards on how personal data should be managed, but the three most secure ways for organizations to retain relevant data while adhering to privacy compliance is to:
- Anonymize the data by erasing or encrypting identifiers (names, social security numbers or addresses) that link a person to a data set.
- Obtain permission from users before using their personal data.
- Store the data in volatile memory, where it remains there until useful information is extracted from that data and is permanently deleted after.
The best of these three options is to store it in volatile memory because, unlike in non-volatile memory, the data doesn’t remain stored after the power has been switched off.
This ensures that no one – not even the vendors providing workspace management tools have access to personal and sensitive information that could compromise individual privacy.
In other words, once the system has harvested necessary data from sensors – occupancy per square footage, restrooms, common areas, cubicles etc. – any data within the volatile memory disappears from record.
In conclusion: Workspace management solutions need effective privacy compliance mechanisms
In addition to generating important occupancy insights with employee tracking and people counting tools, workspace management solutions must also incorporate mechanisms that protect people’s personal information and ensure privacy compliance.
The most effective way for workspace management solutions to achieve this is to store data in volatile memory where, unlike in non-volatile memory, the data is deleted once fact-based insights have been extracted.
Mechanisms such as these help businesses not only bolster their security posture against data incidents, but strengthen their reputation that powers growth, drives loyalty and improves the customer experience.
EAIGLE’s AI-enabled workspace management solutions deliver precise occupancy insights, while complying with global privacy legislation. Visit eaigle.com to learn more.