A Washington Post article from 2019 describes an increasing trend in employee wellness programs, with employers collecting detailed health data like step count, hours of sleep, and more. The article describes employers calling individual employees to congratulate or admonish them on their daily health behaviors, and detailed incentive programs that gave employees cash if they hit personalized goals based on their specific health needs. Although wellness programs that encourage employee health should be applauded, the detailed level of data being collected raises some concerns about data use, security, and employee consent and education.
It’s easy to imagine how increased data on health and fitness could add value to an employee – information allows individuals to better manage their own behaviors and take the appropriate actions to improve their own risk factors. But what about how employers use the information, particularly when it isn’t anonymized, as in the case described in the article? Our health data, particularly when combined with other information that our employers have, could lead to insights that employees might be less comfortable with. What if our health data reveals dependencies on drugs or alcohol? What if location data shows that we might have a gambling problem or an extramarital affair? Furthermore, employers might purposefully or subconsciously take this information into account when making employment decisions – say, if layoffs are necessary and the company knows that some employees are at risk for requiring expensive treatment. Most employers have limited, if any, obligation to share the insights from the data they collect with their employees, and it would be difficult for an employee to prove discrimination based on the data that they consented to provide.
In general, worker surveillance technology is outpacing regulation, which should be cause for concern, particularly given the sensitivity of the information involved. What legal recourse is there for workers whose information is misused? Will employees who opt out of these programs be penalized for not handing over their health data? Providing access to our most intimate information – data that we often don’t understand ourselves – fundamentally realigns the power dynamic between employee and employer, particularly when there are limited options to reduce or punish employer abuse. Even for employers with the best of intentions, there is still significant risk. The article notes that many employers have not taken the appropriate cybersecurity precautions to protect the information that they are collecting. The exposure risks and the long-term implications for an employee whose data is accidentally revealed are enormous.
Finally, how much are employees even aware of what they’re signing up for when they pick up an employer-provided Fitbit or step tracker? Much of this data is collected passively, without explicit consent for the myriad of ways that it could be used. Although data-driven wellness programs are often heralded as putting power into the hands of employees, we should be clear-eyed about who they really benefit – employers put these programs in place because a healthier workforce reduces their insurance premiums. Although they may not required by law, companies that collect health data have an ethical obligation to put in place robust education, security, and consent mechanisms to protect the rights of the employees.