Top 9 Tips for Protecting Personal Privacy

1. Understand what PII data Eptura collects

Eptura collects specific data, classified as Personally Identifiable Information (PII) about utilization of our Client's Personnel use of their workplace. This information can include the individual’s name, email address, unique identifier(s), phone number(s), company position, business unit, cost center number, and individual’s location throughout the workplace at different times of the day. No other sensitive data is captured or processed.

2. Understand why Eptura collects this data

Eptura utilizes the data to:

1. To provide workplace management and optimization services, enabling our customers to drive millions of dollars in real-estate savings and cost avoidance through a better understanding of space utilization and productivity improvements.
2. Provide real-time wayfinding services to all personnel, helping them to find their colleagues and facilities that are currently available.
3. Support business continuity teams in managing disasters.
4. Ensure occupational health and safety requirements are met in agile environments e.g. enough first aid officers and fire wardens are on the floor. There's a strong business case for collecting this data for both the business and people utilizing the workplace. 

3. Understand the Current Environment

The information that Eptura collects is normally already available throughout an organization. Employee directories and much of it already public. Physical security systems (e.g. badge swipes) and computer networks already collect information on location of employees.
We have also seen an increase in individuals opting in to share this type of information via social networks in their personal lives. Email signatures and LinkedIn already contain much of the PII collected by Eptura.

4. Understand what the Concerns/Fears may be

The  most common concerns/fears we hear are:

1. Attendance/Performance Monitoring

Employee's fears that data will be used for monitoring their attendance and performance within the workplace. Eptura's Privacy Policy does not support the use of data for this purpose. Many organizations have implemented a monitoring policy to provide this information to employees. We encourage customers to notify their employees that utilization is being tracked for the purpose of, understanding real estate utilization, real-time wayfinding, and risk management. We also allow people to opt-out of tracking if this is a legitimate concern.

2. Personal Security Concerns

Certain employees (typically executives, some lawyers, and people under witness protection) have legitimate security concerns about other people being able to find them. The PII information Eptura processes is not publicly available and is only viewable by employees within the organization. Eptura supports an opt-out for these individuals if required.

5. Understand what PROTECTIONS Eptura has in Place

1. Eptura complies with all relevant Privacy regulations.
2. Privacy Policy

Eptura's Privacy Policy covers information about the information Eptura collects, how long we hold information, alignment with international standards, how we collect personal information, how an individual may request access to their information, our Client's obligations around personal information, why Eptura holds personal information, what we do with the information, how a person may remain anonymous, where personal information is held, how we protect personal information, disclosure of personal information under limited circumstances and how to report complaints with our handling of personal information.

3. Opt-Out

Eptura allows certain individuals to remain anonymous.

4. Data Security & Integrity

Eptura takes data security seriously, Eptura's Information Security Policy ISP.

5. Eptura is independently audited and certified to ISO27001

The most internationally recognized and used information security framework. The ISO27001 security framework is used to develop and host secure applications and protect our client’s data.

6. Data Sovereignty

Customers can mutually agree to store data to a local region where available.

7. Recourse for Non-Compliance

Eptura has a documented process for managing privacy complaints. Please contact Eptura using privacy@eptura.com.

6. Understand what Protections your Organization has in Place

Under international privacy standards, your organization will be classified as an information provider, known as the Data Controller, and as such be responsible for taking steps required by applicable data protection and/or privacy laws. These laws usually require that your organization notify each individual of the information that's being collected, the intended recipients of that information, the purpose for the data collection and an individual’s right to obtain access to that information. Eptura is the Data Processor and take its instruction from the Data Controller.

7. Understand the Regulatory Environment

Work with your Human Resources team to understand if there are any regulatory requirements in your country.

8. Eptura adheres to International Best Practices and Privacy Principles

As part of Eptura’s compliance, we follow the OECD Privacy Principles. Internationally the OECD Privacy Principles provide the most commonly used privacy framework, and tie closely to the European Union member nations' data protection legislation. The 8 principles include:

1. Collection limitation principle
2. Data quality principle
3. Purpose specification principle
4. Use limitation principle
5. Security safeguards principle
6. Openness principle
7. Individual participation principle
8. Accountability principle
9. Seek Legal Advice

International privacy legislation is diverse and continually evolves. In an abundance of caution, we recommend that our customers take steps to ensure compliance with the various privacy and surveillance laws in each of the jurisdictions in which they operate.