Collecting personal data improves safety, but increases contractor liability

When Hensel Phelps chief innovation officer Thai Nguyen discusses the use of technology to improve jobsite safety with workers, he’s always careful to emphasize why it’s important and specifically what is being monitored.

“We really reassure them that the monitoring is only taking place at work—that when they punch out and go home, that’s their world, their privacy,” he says. “But when they’re on a jobsite, there’s a lot of value in that type of data being collected and understood.”

Thai Nguyen

Courtesy of Hensel Phelps

 

As more contractors adopt safety technology that collects and stores personal data, including CCTV monitoring, GPS location tracking and weight sensors on drivers’ seats, maintaining privacy and protecting sensitive information about workers—who are concerned that their personal data could be misused, sold to third-party vendors or stolen by hackers—has become a crucial responsibility. 

“The construction industry is a big target of the ransomware industry, primarily because it has been so lax in its practices around business data,” said David Ward, CEO of construction management software company Safe Site Check In, which digitally captures access and safety data on jobsites.

A big part of the problem, Ward said, is that construction companies “expect a lot of people to wear many hats, and rigor around data privacy is usually not at the top of their training.” For this reason, “having a vendor that takes privacy seriously is a better low-risk approach than just assuming that an admin who knows Google Apps can deal with it.”

David Ward

Courtesy of Safe Site Check In

 

Job site monitoring “saw a huge uptick during Covid,” according to Matt Abeles, Associated Builders and Contractors’ vice president of construction technology and innovation. 

But Ward said many of the vendors that cropped up to offer “free” safety screening were selling the data they collected to third parties for marketing and advertising purposes. To assure this doesn’t happen, Ward added, contractors must vet and pay for jobsite monitoring and safety software as a service. 

Governments haven’t yet stepped in to protect workers whose data is being collected—though some laws safeguarding consumers’ privacy also apply to employees. In the European Union, companies must comply with the General Data Protection Regulation; the United States leaves data privacy up to each state. Experts expect something similar to the California Consumer Privacy Act, which took effect in 2018 to give consumers control over the personal information that businesses collect about them, to be adopted nationwide in coming years.

Wearables and Data Security

Contractors are increasingly requiring workers to use wearable safety technology, which uses sensors such as GPS, accelerometers, electrodes, thermometers and proximity sensors to track everything from fatigue level to location. 

“Further, any biometric information—like fingerprints–is considered sensitive information and regarded with additional protections,” said Allen Abrahamsen, vice president of construction safety for Chubb Global Risk Advisors.

The data companies collect—which is undoubtedly valuable for improving safety and productivity—could easily be misused if it falls into the wrong hands.

“There may be consequences for failing to keep such a large volume of data secure,” the American Bar Association states in a paper titled Legal Implications of Wearables in the Construction Industry. “As such, the type and amount of data collected by wearables means companies that control said data may expose themselves to liability.”

A study of construction workers published in the International Journal of Occupational and Environmental Safety found that they’re more likely to accept companies sharing and utilizing data collected from them on jobsites if the companies show them how that will mitigate personal health risks or promote occupational safety. “Employees were more reluctant to share their data for supporting workflow,” the authors state.

Another study cited in the article found that workers expect wearables to be primarily aimed at improving safety and want to be clearly informed about how their data will be used. Most were concerned that their personal data could end up in the wrong hands, but they were also worried about employers obtaining private and sensitive data that could be used against them.

Trust-building is a key component in safety tech adoption, according to the study.

Contractors need to ensure safety technology vendors are securing — and not selling — their employees’ personal data and communicate with workers about how and why data is being collected. Hiring vendors that have privacy policies in place is key.

Heidi Lehmann

Courtesy of Kenzen

 

Heidi Lehmann, co-founder and CEO of Kenzen, which sells a biometric monitoring device worn on the upper arm to predict and prevent heat-related injury, illness and death on worksites, was highly cognizant of workers’ privacy concerns when the company rolled out its wearable—and several of the startup’s impact investors insisted Kenzen take every precaution to protect workers’ data. In response, Kenzen developed a privacy policy, published on its website, that Lehmann said “set a standard for worker privacy with data being collected on worksites.”

Workers are the only ones who ever see the details of their health data, Lehmann said, and companies can view only aggregate and trend data collected by the devices, which helps them understand which groups have higher rates of risk for heat-related incidents and determine whether shift times need to be adjusted.

“When we go to a worksite to get workers set up, one of the first things we do is give a presentation on the danger of heat and why their company has decided to invest in the Kenzen system,” Lehmann said. “We also outline our approach to privacy. That has been important.”

Leave a comment