DTEX Systems, recently announced its inaugural State of Workforce Privacy & Risk Report, which revealed a significant workforce privacy gap. The 2021 report, conducted by the Ponemon Institute with sponsorship from DTEX, surveyed a global pool of 1,249 IT and IT security practitioners on their organizations’ approach to securing sensitive information and reducing workforce risks.
According to the findings, 63% of respondents say it is important or very important to protect employees’ privacy in the workforce, but only 34% of organizations are effective or very effective in doing so.
We sat down with DTEX Systems Chief Customer Officer, Rajan Koo to discuss the report and what organizations can to do to ensure workforce privacy.
What was the genesis of this report?
Ensuring an organization is protected while not infringing on employee’s privacy in the workplace is a challenge that all businesses face. This has only been exacerbated with the transition to hybrid work as leaders increasingly desire more insight into workforce engagement outside of the office. It’s against this backdrop that DTEX decided to partner with the Ponemon Institute to research and issue the first-ever State of Workforce Privacy & Risk Report.
How has workforce privacy shifted over recent years? How has COVID-19 accelerated that change?
While it’s heartening that workforce privacy regulations such as GDPR and CCPA have gradually transformed attitudes to the more European-centric view that an employee has a fundamental right to privacy, the advent of the data lake and the big data AI revolution has been a powerful opposing force. COVID-19, remote work and the knee-jerk adoption of intrusive surveillance technologies have exacerbated the gap in privacy aspirations and real-world practice.
What surprised you most about the report's findings?
The biggest surprise is just how big this gap has become. Organizations that continue to believe in the privacy vs security dichotomy seem destined to fail the proportionality test and continue to run the risk of alienating and demotivating an already over-worked workforce.
What can organizations do to ensure workforce privacy while also keeping security intact?
Where do we even start! The most important principle to keep in mind here is proportionality. The monitoring of an individual must be proportional to the risk faced by the individual. You may be wondering ‘how is that possible?’ ‘isn’t this a chicken and egg problem?’ Well, it doesn’t have to be! By only capturing the data necessary for contextualization, applying techniques to remove personally identifiable information wherever possible (i.e. pseudonymization), and leveraging behavioral analytics, it is actually possible to proactively identify security threats while leaving workforce privacy intact. This is called “Privacy by Design” and we advocate that it should be a fundamental requirement for all security technologies, not just our own.