When I look through corporate handbooks I often find prohibitions on the use of cameras or recording devices while on a company’s premises. It’s not something that gets brought up in new hire orientation nor something that gets brought up very often at all. Let’s face it, there is a certain amount of convenience to taking out your smartphone and snapping a picture of the notes on the whiteboard or recording a meeting to create the minutes later.
While you can get technology that can perform these functions surreptitiously, main stream commercial technology would require you to be fairly overt when taking a picture or making a recording. Since people will know you are capturing something they can object (or report you to corporate security if they want to be nasty). Wearable technology will change this.
Chris Barrett, the founder of PRserve, has been wearing Google Glass in public places and posting videos he has captured with them on his YouTube channel. On July 4th he posted a video showing an arrest on a New Jersey boardwalk that gained a lot of attention.
What interested me about this video was that no one seemed to notice that he was making a video recording, You can make a case that Chris may not have stood out in that festive environment, but a second video posted by Chris took him to an environment that is very conscious of technology being used by their customers, a casino. In fact, according to an article in cnet.com, Chris went to three casinos and no one asked him about what he was wearing until the roulette dealer at the end of the video below brought it up.
So what does this mean for a privacy professional? We all recognize that the introduction of new technology outpaces the introduction of related new statutes and policies. Here is an opportunity for privacy professionals to get ahead of technological evolution by working within our organizations to define policies and practices related to wearable technology as well as raise awareness.
There are some organizations that have already begun this process. I suggest there are a few things that must be kept in mind when you do:
- First, your organization is not always in control of the environment where their staff works. Staff members go to conferences, work on airplanes, stay in hotels, work in restaurants, and visit your customers, vendors, and partners. These environments may not care about the use of wearable technology by their customers or staff. Providing guidance on how your team should protect information outside of your facilities should be a significant part of your policies, training, and awareness programs.
- Next, keep in mind that today’s products represent the initial foray into commercially available wearable technology. As wearable technology evolves it will become more capable, less detectable, and more accessible to the general public.
- Finally, wearable technology will be hacked and there will be viruses introduced. What may this put at risk? Think about a camera being turned on in your HR, R&D, Finance, or IT department without detection and let your imagination run wild.
So what are some steps you may want to take? Ultimately you will want to define a corporate stance on the use of wearable technology that meets business needs and fits into your privacy framework. In support of this you may want to
- Meet with your organization’s business leaders to determine if there are plans for use of wearable technology within their operations. They may have plans, but may not have considered the privacy aspects to the introduction of the technology.
- Review your organization’s policies for the use of cameras or recording devices by employees and others working on your behalf. The policies in existence may already cover concerns about wearable technology or they may require some modification.
- Review your organization’s Bring Your Own Device policy to see if wearable technology is acceptable under that program’s terms.