IoT Security Blog

Articles and Posts on IoT Security, Embedded Systems, and the Internet of Things

Privacy, Electronic Monitoring and Human Resources

Contributed by Joanne C. Kelleher

The 12/1/09 electronic version of Contactless News has an interesting article that overlaps my previous role in Human Resources with my current technology focus: Privacy analysis necessary for access control systems

The article suggests that corporations need to keep abreast of any state legislation that may impact the use of different ID technologies, conduct a privacy impact analysis, and take steps to protect information that is stored in their ID management database.

As a former HR Director, I know that being aware of state legislation about the use of ID technologies such as RFID is not enough. For example, if employers are using a Social Security Number as an employer identification number, then a whole other set of legislation may apply as more than thirty states have enacted laws restricting certain uses and disclosure of SSNs.

Here in Connecticut, employers must also comply with Public Act No. 98-142, An Act Requiring Notice To Employees Of Electronic Monitoring By Employers, see http://www.cga.ct.gov/ps98/Act/pa/1998PA-00142-R00HB-05398-PA.htm. The Act states that “Electronic monitoring means the collection of information on an employer’s premises concerning employees’ activities or communications by any means other than direct observation, including the use of a computer, telephone, wire, radio, camera, electromagnetic, photoelectronic or photo-optical systems.”  Although this was enacted in 1998 and doesn’t specifically mention RFID, I would argue that ID technologies would be included.  CT employers must provide notice to their employees about the types of monitoring that may occur in the workplace.

If you are in charge of your firm’s physical access control or other ID technologies, then I encourage you to talk to your human resources or legal departments to identify which legislation applies in your state and learn how it may impact your implementation. If you are an employee, then become aware of how you are being monitored at work.

As a side note, the article opened with an example of how a physical access control system can be used for good New Haven, CT police used the audit logs of the physical access control system in a Yale research lab as evidence in the recent Annie Le murder case. SecureRF has an office in the same building as the Yale University administration at Science Park in New Haven and I can see how this technology is used to protect access to the parking garage, building and Yale offices.