A Privacy Impact Assessment Method for Organizations Implementing IoT for Occupational Health and Safety

Presenter Information

Stefan Stepanovic, University of LausanneFollow
Dana Naous, Faculty of Business and Economics (HEC), University of LausanneFollow
Tobias Mettler, University of LausanneFollow

Paper Number

2059

Paper Type

Completed

Description

Internet of Things (IoT) technologies are increasingly being integrated into occupational health and safety (OHS) practices; however, their adoption raises significant privacy concerns. The General Data Protection Regulation (GDPR) has established the requirement for organizations to conduct Privacy Impact Assessments (PIAs) prior to processing personal data, emphasizing the need for privacy safeguards in the workplace. Despite this, the GDPR provisions related to the IoT, particularly in the area of OHS, lack clarity and specificity. This research aims to bridge this gap by proposing a tailored method for conducting PIAs in the OHS context, with a particular focus on addressing the "how to" aspect of the assessment process. The proposed method integrates insights from domain experts, relevant literature sources, and GDPR regulations, ultimately leading to the development of an online PIA tool.

Comments

16-HealthCare

Recommended Citation

Stepanovic, Stefan; Naous, Dana; and Mettler, Tobias, "A Privacy Impact Assessment Method for Organizations Implementing IoT for Occupational Health and Safety" (2023). ICIS 2023 Proceedings. 14.
https://aisel.aisnet.org/icis2023/ishealthcare/ishealthcare/14