Why IT directors need to exercise a duty of care to support employees in an emergency
Businesses have procedures in place to protect employees travelling overseas to remote or possibly dangerous countries, but recent terror attacks in the UK have brought the health and safety issues companies face abroad to the home front. IT directors now have a growing responsibility to ensure the safety and security of their workforce in the event of an emergency, regardless of their location.
The challenge for IT teams is finding technology that offers an effective means of communicating and checking-in with staff, without being intrusive or contravening privacy and data protection laws. The technology must be flexible to the environment and work patterns of employees, and be scalable to a business of any size, from 10 to 10,000 employees.
The information/safety trade-off
If employees work in ‘danger by default’ areas (areas where an emergency situation is more likely to occur), such as an oil rig or hostile conflict zone, they are likely to support the idea of sharing information about their location so that they can get the necessary support if a problem arises.
Tracking – the idea of automatically and continuously sharing a person’s location in real time to a monitoring team – emerged as one of the first solutions that enabled businesses to ensure the safety of their workforces when based in, or moving between these ‘danger by default’ environments.
However, tracking technology has had a mixed reception, with employees tending to resist corporate imposed schemes when they operate in ‘safety by default’ areas – where the prospect of an emergency is far more unlikely. People working in these types of locations have become accustomed to the use of manual ‘check-ins’ – a user-driven and often opportunistic location update system which acts as an open declaration of personal safety. A notable benefit of check-ins over traditional tracking is that they allow users to conform with internal safety policies or wider regulations (such as ‘lone worker’ regulations) while also preserving their location privacy at other times if needed.
Both systems carry information about the location of an individual, but also establish that they are still connected to the safety system in some form. These interactions are often timestamped, meaning four items of information are bundled together; the ‘connection’, the ‘who’, the ‘when’ and the ‘where’.
However, bundling potentially sensitive information has privacy implications when the technology is taken out of the ‘danger by default’ environment it was designed for and put into a ‘safety by default’ scenario.
The need for a nuanced approach
As emergencies such as terror attacks and natural disaster become more common in ordinarily safe environments, the need for IT Directors to introduce technology to prepare their staff is paramount. The objective of an emergency communication system is to prepare employees for an emergency event, and then safely guide them through the next steps when one occurs. If employees do not trust the safety tool a business implements because of concerns over their privacy, adoption rates will be low, and consequently so will preparedness.
Tracking and check-ins, while effective in certain circumstances, are inappropriate communication methods for large organisations who operate in ‘safety by default’ areas, but still have a duty of care to their staff fully in mind.
A nuanced and purposeful approach, striking a balance between privacy and duty of care is key. A system that utilises ‘proximity broadcasts’ via unobtrusive mobile applications, that addresses privacy concerns through time and geographically limited notifications to employees is uniquely suited to safety-conscious organisations. Also, ‘proximity broadcasts’ crucially put an individual’s privacy first.
The tools are already in place
The ideal system to alert staff to any potential emergency, should make use of a smartphone’s general-purpose capabilities – encouraging privacy by design. Any system designed with this sentiment would include two-way multi-modal communications and notifications, guided user interactions, background network automations, location proximity, and when needed, precise location updates.
Major UK brands are rolling out new privacy-first tracking technology across their workforces to provide a duty of care that until now has been impossible to guarantee. Benign in nature, their systems aren’t designed to monitor the productivity of employees, but instead locate them in the event of a terror attack, emergency or natural disaster, to inform them of the danger they may be facing.
In the case of an emergency, a business is able to draw a zone around the incident’s location on a map by using a system’s web application to find any members of staff who are in close proximity to the emergency. Staff members that have the mobile application on their smartphones will be automatically identified and warned about the situation immediately. The mobile application only reveals an employee’s location if they are inside or near a geography of concern, ensuring a balance between duty of care and privacy.
Trust is a large part of working morale. Employees want to feel their organisation takes its duty of care towards them seriously and is proactively seeking to improve how it communicates during crisis situations.
As with any location-aware software, privacy law is crucially important. Today’s software and apps allow HR and IT departments to track employees’ locations during an emergency, but still comply with General Data Protection Regulation (GDPR) and the Data Protection Bill, as well as with Section 2c of the 1974 Health and Safety at Work Act, by verifying lone worker safety and fulfilling a duty of care to their teams.
People are quite happy to share their location with apps they use in their personal lives to order food or taxis; but won’t share their location with their employer if they think their privacy is not being respected. Apps and operating systems that can find a middle ground between privacy and tracking are a vital modern investment for ‘safety by default’ corporates who take duty of care seriously.
- » Phishing awareness training not translating to fewer clicks, research argues
- » Organisations struggling with seamless customer experiences, MuleSoft argues
- » BlackBerry and Samsung continue collaboration to help businesses with digital transformation
- » Get communication right between the CISO and the board to improve enterprise security
- » Four steps to boost service management self-service portal uptake