Big Data is powerful, but employers should beware knowing too much
6th October, 2016
We are all becoming increasingly accustomed to sharing our personal data online.
Whether through social media profiles, search engine use or online retail purchases, we entrust online businesses with some of our most sensitive information including credit and debit card information, medical history, home address and more.
But stories are beginning to surface, largely from the US, which show just how powerful Big Data has become – carrying with them a warning for UK businesses.
The treatment of and regulation surrounding Big Data practices differs depending on where the companies collecting the data are registered. American companies have historically led the way in the field, with Facebook, Amazon and Google being among the largest data holders in the world.
While these organisations primarily use the data they collect for advertising, other companies collect Big Data on employee behaviour based on their use of company computers, networks and smartphones.
In the US, private firms such as Castlight Health Inc and Healthcore Inc have collected medical information that can make assumptions about the health of employees within a workforce. Although names of individual employees are generally not released alongside such data, the disclosures could include the number of female staff at an organisation that may be trying to conceive.
Similarly firms can make assumptions based on web searches, perhaps carried out within an employee’s lunch hour, which may, for example highlight personal circumstances otherwise not disclosed but that act as an indicator for a person’s future plans, especially searches which indicate them taking an interest in e.g. maternity wear or nursery furniture.
Through the Data Protection Act (1998) and EU legislation, companies based in the UK face more regulation than those in the US, with businesses expected to be ‘transparent’ and ‘fair’ with data that they collect.
Despite this, current regulations surrounding Big Data are struggling to keep up with developments in data use and mining – although further legislation to impose additional constraints on personal data processing are due to be introduced in the coming months.
The General Data Protection Regulation (GDPR) adopted by the EU Parliament and Council earlier this year is set to come into effect in 2018. The new regulations will strengthen existing legislation across all EU states.
Following the Brexit vote, it remains to be seen whether the UK will adopt the GDPR. However, the legislation is due to be implemented by all member states by May 2018 (and we will still be members at this point). In any event the UK will want to continue conducting business with EU members, and so will need to continue to demonstrate that they have adequate data protections in place.
Among the changes proposed in the GDPR is the requirement for Big Data collectors – regardless of where they are based – to obtain explicit consent from EU citizens before collecting and processing their information, with large fines being imposed on organisations that fail to do so.
The new legislation will also provide individuals with new rights, giving them the ability to object to profiling that significantly affects them, and to request that existing profiles be ‘forgotten’.
With this in mind, it is wise for businesses to take a ‘safety first’ approach. The trend is to increase restrictions on collection and use of data so you need to ensure your business has a clearly defined policy on how it uses data, whether from customers or employees.
Not doing so increases your risk of falling foul of current legislation and new measures and the result could be a costly employment tribunal.
You might also be interested in...
15th May, 2018
Experienced HR leader joins Aaron & Partners LLP Law firm with offices in Chester and Shrewsbury appoints Kate Robertson to drive HR strategy for more than 120 staff and to support the company’s growth Chester law firm Aaron & Partners LLP has strengthened its senior leadership team with the appointment of an experienced human resources manager. Kate Robertson... Read More »
24th April, 2018
Jan Chillery, Insolvency Partner at Aaron & Partners LLP, shares her experience and the reasons why we should be cautious before paying so-called “bailiffs” over the phone or online without vetting them first. My neighbour has told me that recently he had a CCJ (County Court Judgment) against him. A day or so later, he received a phone call... Read More »
11th April, 2018
Jan Chillery, Insolvency Partner comments on the recent case of Mr A M Coletta v Bath Hill Court – Bournemouth Property Management Ltd UKEAT 0200 17 RN To read the Transcript of Proceedings in full please click here “This case highlights an important aspect of the Statute of Limitations which affects a wider field than employment claims. An... Read More »