Does the UC Industry Need More Privacy Regulation?Does the UC Industry Need More Privacy Regulation?

One consequence of COVID-19 has been a massive adoption of IP-based communication and collaboration tools for most workers, which will have implications in the new year and well beyond 2021. But with these tools widespread use, there is a potential ethical quandary for vendors, enterprises, and users alike. The critical question is who owns conversations when they are recorded?

Return to Office Brings Ethical Concerns Forward

Communication and collaboration tools will clearly be a crucial aspect of many enterprises’ return to office strategy. And recent employee and company surveys show that the office we return to and how we work in 2021 will look much different. A recent Fortune survey indicated 27% of knowledge workers don’t want to ever return to the office, 39% do want to go to the office daily, and 34% prefer hybrid. If we assume the new normal is 25% always in the office, 25% never in the office, and 50% hybrid, the result is a 50% reduction in in-office days.

If this does pan out, this not only means major real-estate changes but, it also brings huge ethical challenges to the fore. With at least 50% of employees working out of the office, it’s probable that 70-80% of employee interactions will move to this new paradigm. When you work out of the office, every interaction moves to higher values, like video for integration into the organization.

With cloud, IP-based communications, and the computers that run them, all aspects of a meeting or a call are captured. For example, most meeting applications (Cisco Webex, Microsoft Teams, Zoom, etc.) record the start time for each new speaker in a meeting. At the end of each meeting, how long each participant talked is recorded, along with other significant information. For example, there is now a correlation of order of speech. With some speech recognition, agreements and processes can be analyzed. Beyond this macro data about the conversation, actual recording of all conversations is very easy and inexpensive in IP based communications solutions.

Organizations can optimize their operations by using this incredible information, but it can create a major challenge for employers and employees. The key question is: Do companies have a right to the actual interactions that took place on a medium that they provided? And what rights do employees have to privacy during their at-work conversations, if any?

Who Can Solve the Privacy Conundrum?

This new data set can be powerful for companies. For instance, a company can use AI/ML to analyze all the conversations from sales professionals and generate a set of predictors of sales success. These could be used to filter applications and analyze existing personnel. Similarly, using information about how specific employees interact and how that impacts performance would allow companies to optimize their hiring and employee management models.

During a WebexOne analyst session, I asked Cisco about this, as Cisco Webex Graph makes this data readily available. Today, the focus is on users and teams, but clearly, the same data could have human resources impacts as well. Cisco’s position today, while commendable, is problematic. Cisco has taken the position that it is the individual user’s right to opt-in/out of this process, and the user controls their own data and can opt-out if they want. While this sounds good, it really doesn’t mean anything. The reality is that, in the U.S., any employer can make “opting in” to the communications data analysis as a term of employment. In other words, if you don’t allow this data to be used, you can’t be an employee.

As a part of an employment contract, many companies currently monitor their employees using cameras, phone monitoring, etc. Everyone who takes a job in a contact center knows their calls are recorded, as do employees in the financial industry — it’s a requirement of employment.

I believe this is going to become a major issue for vendors, companies, and users. As the overall UC community and users come to terms with the depths of information and analysis that is possible, many people will react negatively. While that reaction may focus on the employers and their use, I believe there will also be pushback on vendors and their products. For example, Zoom stopped offering admin access to some meeting analytics after users voiced their concerns.

Since it seems unlikely that vendors will resolve this conundrum on their own, and to bring balance between corporate interests and employee privacy, outside regulatory intervention may be required. If a company decides that they need to collect this data for competitiveness in the market, a UC vendor can’t refuse to let them have the data or someone else will win the business. If an employee opt-in is required, then the employer can mandate that. As this is no longer privacy for a specific market (financial services), but will very quickly apply across many roles, having clear regulatory guidelines that define the privacy protections for employee speech and usage patterns may be necessary. As the IP-based communications and collaboration tools rollout to firstline workers, these issues will expand to the entire workforce.

Based on this emerging challenge, I think the FCC and Congress should consider employee privacy, while working and using company provided tools, including communication systems as a national position. At a national level, the respective needs of business access to detailed information and recordings need to be balanced with reasonable expectations by employees for personal privacy while they are working. Absent specific regulations, each vendor will be left on their own to decide how they address both this issue and the emerging market demands for the capability.