Global Data Privacy Laws and Employee Wellness Programs
If you offer employee wellness programs (especially to a global workforce), how do you ensure you are compliant with the global data privacy laws? We share how you can.
Global data privacy is an increasingly common concern among employers who offer employee wellness. Major considerations facing wellness coordinators include: where to store data, how to know it’s totally secure, and whether the storage is compliant with ever-changing global data protection laws.
Since most of us don’t have time to stay up to date on all of these complications, fear of being out of compliance prevents wellness programs from reaching their potential. But with proper understanding of employee privacy laws (including global laws if your company is multi-national), employee wellness programs can flourish despite complicated policies.
Top 3 Privacy Considerations
In this article we’ll discuss the top three challenges related to laws and employee wellness programs, and the solutions that wellness coordinators can use to overcome them.
1. Compliance with Data Protection Laws
Any seasoned employee wellness manager knows that the ideal way to manage private data, including employee wellness data, is to do so from a single, secure database in one location. Single-location storage makes for seamless tracking and measuring of information regarding health assessments, biometrics, and activity data. Plus, it’s a lot simpler than having multiple locations for different types of data. But unfortunately, this isn’t always an option.
Due to varying global data protection laws around the world, sometimes single-location storage isn’t possible. The complications caused by varying rules can intimidate wellness coordinators and even discourage them from offering data-driven programs, like health tracking over years.
Anita Fineberg, a Toronto, ON-based lawyer specializing in health information policy, says global data protection laws are changing at a rapid rate and have created much uncertainty with respect to “cross-boarder” data transfers that would allow for that “single, unified view” of employee wellness data.
One example of changing data laws has to do with global companies and the varying laws they may need to accommodate. Currently all data protection for European countries is governed by the Data Protection Directive. In 2018, these laws will be updated with the General Data Protection Regulation (GDPR). These updates include stricter rules and more vigorous requirements for data privacy. The new regulations will create a robust framework with a wide scope of application (including all of Europe), so it’s possible that the GDPR will become the new standard for global data privacy and data protection compliance. Clearly, a wellness coordinator with European locations will need to know all about these updates.
However, the changes don’t stop there. Additional complications are already arising, even before the changes are officially in place. The exit of Great Britain from the E.U. is one example: it’s unclear whether the changes affect Britain or not. And European companies with locations both in and out of Great Britain may need varying approaches to data privacy and storage to comply with local regulations in all of their locations. And this doesn’t even begin to cover issues with natural disaster and weather that could destroy data held in a non-secure location (more on that below).
Global Data Protection Laws and compliance can become very complicated, very fast.
2. Compliance with Global Data Privacy Laws
Fortunately there is a solution.
Because of specific counter-legislation, Canada has made itself a logical place for data storage and maintenance. “Canada currently represents an ideal location for global data storage,” continues Fineberg. “Our federal privacy law, the Personal Information Protection and Electronic Documents Act, has received approval from the E.U.”
Companies with locations in Canada and Europe would be wise to store their data in a location that can facilitate both sets of data protection laws, and Canada is currently the only non-EU location that does this. Storing data in Canada may be the key to seamless data integration and security.
Helpful Resource: read this blog about The Best Ways to Prevent Privacy and Security Vulnerabilities.
3. Beyond Global Laws - the Canada Option
As mentioned above, global data protection laws are not the only consideration that health and wellness providers need to be aware of. Another consideration when deciding where to store private data is the type of geographic location in which the data will be housed. Natural disasters and inclement weather pose serious risks to the quality of protection and accessibility your data receives. Wind, water, fire, and other natural elements can destroy data centers just as they destroy other commodities and operations. The ideal data storage center, then, would not only be able to house all data in a single location, while remaining compliant with global privacy laws, but also be able to do so with minimal potential for destruction from natural disaster.
This is one of the reasons that CoreHealth Technologies offers employee wellness data storage in Kelowna, BC, Canada. The data is stored in a small city with world-class infrastructure. As a result, we have been able to consolidate and manage employee wellness data, in a single location, for global companies with locations around North America and Europe to run successful employee wellness plans.
CoreHealth’s gigacenter is located in a stable mountain zone, away from earthquake, hurricane, tornado, and severe weather. It has one of the lowest risks in the world for natural disasters and is far away from earthquake fault lines.
The combination of our location in a safe zone in Canada, with data privacy laws that are compliant with the EU’s new stricter regulations, make us an ideal partner for companies with multi-national wellness programs looking to make the step to a greater, more impactful programming.
Read HR.com Article
This blog references highlights from the article The Impact of Privacy Laws on Corporate Wellness published in HR.com on August 31, 2017.
About CoreHealth Technologies
CoreHealth Technologies Inc. is the leading corporate wellness platform trusted by wellness providers for more than 1000 organizations, ranging from medium-sized businesses to Fortune 500 enterprises. At CoreHealth, we believe that developing the best employee wellness programs is all about giving wellness companies the right code, design and access to the latest innovations. With the most customization, integrations and reliability of any software in its class, CoreHealth’s powerful platform lets users focus on growing great companies. For more information, explore the CoreHealth website.
Written by Cindy Danielson
Cindy Danielson is CoreHealth's Marketing Maverick and team leader with a passion for connecting people and technology. In addition to marketing, she has experience as a Benefits Brokers, HR Professional and Project Manager.