Employee Privacy in the Workplace: Can Blockchain Help?

Businesses, whether they are large or small, are usually in possession of massive amounts of data pertaining to consumers and employees. Consumer privacy is typically what’s prioritized, leaving employee privacy overlooked, in part due to the lack of strong laws upholding the privacy rights of employees.

In the course of employment, companies often collect a lot of often unnecessary data about their employees. Collecting home addresses, resumes, references, bank account details and background check data relating to legal records, credit backgrounds and previous employment has always been commonplace. But with remote work becoming mainstream, employers also have the opportunity to install surveillance software on employees’ personal devices under the guise of accountability, and go as far as to record them in their own homes.

For instance, last year, Apple came under fire for conducting intrusive employee surveillance and obtaining access to personal data. A report by the Washington Center for Equitable Growth indicated that workplace surveillance is becoming the new normal for U.S. workers.

“I agree that professional organizations today collect way too much employee data — much more than is required to vet a candidate for the job,” Shaan Ray, a tech entrepreneur and Web3 expert, told The Org. “Poor management and storage of employee data leads to leaks.”

Ray also pointed out that many third-party applications that store employee data actively sell this data to third-party vendors.

Employees are growing increasingly concerned about their privacy. A 2022 survey conducted by Forrester indicated that 72% of employees globally do not want their personal data used as part of workforce analytics projects without their consent.

“I think that the ‘work-from-home’ trend has driven companies to collect even more data about employees’ activities to measure and track performance,” Malek Ben Salem, a privacy and security expert, told The Org.

While the issue of maintaining employee privacy really depends on intent as much as it does on technology, for companies who genuinely care about privacy, blockchain solutions often pose an alternative to traditional systems.

Using the blockchain to keep employee data secure

Collecting (and allowing unfettered access) to employee data that isn’t strictly required is a huge part of companies’ security issues. While simply storing data securely doesn’t necessarily mean an organization respects employee privacy, the storage and maintenance of sensitive data is still crucial.

“When you have sensitive data like payroll numbers and background check information stored in a central database, it's what we refer to as a honeypot,” Dr. Stanton Heister, co-author of the peer-reviewed paper How Blockchain and AI Enable Personal Data Privacy and Support Cybersecurity, told The Org. “That’s a lot of rich data that people have a huge incentive to try and get at.”

While using strongly encrypted systems to store data is the first step, blockchain solutions can go a step further and allow limited or conditional access to data, even within an organization.

Using blockchain systems to store sensitive and personal employee data including social security numbers, results of drug tests and medical and other information is a much better way of keeping this data secure and free from unauthorized access. These solutions allow personal identifiable information (PII) to be accessed only when required and by those who have authorization. It also gives employees greater control over their own data, as they can withdraw access once they leave a company.

Ray pointed out that the use of blockchain in HR applications can protect users in several ways, including masking data using zero-knowledge proofs.

Zero-knowledge proofs are a key feature of blockchain systems, and allow a user to provide mathematical proof that a statement is true without providing the underlying supporting data.

Heister’s paper puts it this way: “A common example is a customer attempting to order an alcoholic beverage from a bartender who demands to know that the patron is 21 or older. Providing a driver’s license reveals the patron’s full birth date as well as height, eye color, and home address—information that could be misused or stolen.”

An HR application of this feature could be a background-check platform that would allow an employer to verify employment data without actually having access to a reference’s contact details. These platforms can also provide verification on criminal records and credit scores without divulging the sensitive details.

“Secondly an application can be permissioned — which means a user gives permission for their data to be used for a certain period of time and can revoke the information at any point,” Ray said.

“Blockchain technology also helps create transparency by codifying the terms of agreement between parties using smart contracts. Through these contracts, users on both sides agree to terms before beginning and as certain triggering events are fulfilled the contract executes itself, without the need for middlemen or arbitration,” he added.

Blockchain-based alternatives for HR functions

Blockchain-based HR applications add the most value when it comes to processes like recruitment, background checks, payroll, and data storage.

Recruitment, resume verification and background checks

Blockchain-based recruitment platforms such as HireMatch, and background-check software including Zinc and TransCrypts can be used by organizations to get access to verified resumes and background information, which cannot be falsified or tampered with.

Candidates can also use blockchain-based resumes that can be shared with employers temporarily, or with limited access, to protect private information. For instance, platforms like TransCrypts and Rezi allow job seekers greater control over the data in their resumes and whom they want to share it with.

Payroll and contractor payments

Organizations can use blockchain technology to write smart contracts to pay their employees and contractors. Smart contracts use code to define a set of parameters, and perform an action when a parameter is fulfilled. For instance, you could use a smart contract to track the number of hours a contractor works, and it would automatically pay out their fee at predetermined milestones like every 40 hours of work, or every time a project is completed. Platforms like RequestFinance are a great way to track invoices, expenses and salaries using blockchain technology.

No magic bullet

Although blockchain-based platforms go a long way towards maintaining privacy and keeping data secure, blockchain technology (or even encryption) isn’t a magic bullet or the key to privacy.

The intent and approach to collecting and storing data matters more than anything.

Malek stresses that blockchain-based platforms don’t always help with privacy, and that it depends on how the technology uses the blockchain.

“There is a higher risk of data breaches, because multiple copies of the data are stored in multiple nodes/locations,” she told The Org.

But for instance, if a technology uses the blockchain to distribute access to a dataset, by distributing the key required to access the data, then it might help with privacy. The data would not be accessible unless all parties holding pieces of the key work together to get or provide access to the data, she said.

“The devil lies in the details,” she added.