Key Considerations for Contact Tracing in the Workplace

Coronavirus (COVID-19) protocols are being implemented across the board ranging from temperature checks to wearing masks to collecting contact information before you can enter a venue. Whether you visit a nightclub or a grocery store, companies around the world are implementing these protocols and engaging technology. Personal information is being collected to comply with regional and local laws to ensure they can alert authorities if one of their visitors exhibits symptoms or contracts the virus.

Companies are rolling out contact tracing apps to monitor individuals that exhibit symptoms or contracted the virus. Companies are also implementing wellness apps to monitor where employees are working and to track health symptoms to generate return-to-work certifications, if and when those are required. Regulations are changing so human resources, privacy, and security teams need to adapt.

Features and functionality are wide ranging for these apps. Companies should consider the following:

  • Where will this information be stored?
  • Will this information be publicly available?
  • Which technology was the app built?
  • Does your cloud solution provider have access to your data at any time?
  • What types of anonymization are applied when analytics are run?
  • How long is your data stored?
  • Is the data encrypted in transit and at rest?
  • Is your location being tracked?
  • Did the company build the product with privacy in mind?
  • What do their policies say about your privacy?


Companies need to effectively communicate with employees to ensure that they understand the policies that are set around this type of data. While companies normally collect personal information; they don’t typically collect health information. And, while HIPAA laws might not apply to this type of information that is being collected, companies in the United States need to recognize that this is sensitive information – especially those with global employees. More importantly, policies need to be established and communicated by companies that will collect this type of information at the door of their establishment.