Paper Type
Short
Paper Number
PACIS2026-1071
Description
Organizations increasingly deploy IoT-based workplace monitoring to support data-driven office planning in hybrid work environments. While sensor-based occupancy analytics promise efficiency gains, they also raise significant privacy concerns related to surveillance, re-identification, and employee trust. Prior research has largely focused on the impacts of monitoring, offering limited prescriptive guidance on privacy-preserving system design. Addressing this gap, this study follows a single case study of an IoT desk occupancy monitoring system implemented in a shared-desk office environment. Drawing on the Industrial Internet Reference Architecture and the IIC Trustworthiness Framework, the authors derive three architectural design principles and two governance measures that translate Privacy-by-Design concepts into actionable socio-technical design choices. The architectural principles emphasize data minimization, architectural decoupling, and spatial aggregation, while the governance measures address transparency and continuous risk assessment. The study contributes transferable design knowledge for developing privacy-preserving workplace monitoring systems that balance organizational analytics needs with employee privacy expectations.
Recommended Citation
Renken, Sebastian and La Combe, Anja, "Design Principles for Privacy Preserving IoT Workplace Monitoring" (2026). PACIS 2026 Proceedings. 1.
https://aisel.aisnet.org/pacis2026/iot_smartcity/iot_smartcity/1
Design Principles for Privacy Preserving IoT Workplace Monitoring
Organizations increasingly deploy IoT-based workplace monitoring to support data-driven office planning in hybrid work environments. While sensor-based occupancy analytics promise efficiency gains, they also raise significant privacy concerns related to surveillance, re-identification, and employee trust. Prior research has largely focused on the impacts of monitoring, offering limited prescriptive guidance on privacy-preserving system design. Addressing this gap, this study follows a single case study of an IoT desk occupancy monitoring system implemented in a shared-desk office environment. Drawing on the Industrial Internet Reference Architecture and the IIC Trustworthiness Framework, the authors derive three architectural design principles and two governance measures that translate Privacy-by-Design concepts into actionable socio-technical design choices. The architectural principles emphasize data minimization, architectural decoupling, and spatial aggregation, while the governance measures address transparency and continuous risk assessment. The study contributes transferable design knowledge for developing privacy-preserving workplace monitoring systems that balance organizational analytics needs with employee privacy expectations.
Comments
10-IoT