People

Companies' next moral crisis: How to track employees without invading their privacy

Nearly one-quarter of CFOs surveyed by accounting giant PwC said contact tracing was part of their office reopening strategy.

A photo illustration shows logos for coronavirus tracking apps

Before reopening offices, many companies will need to decide how to do contact tracing with employees.

Photo: Olivier Douliery/AFP via Getty Images

As tech companies grapple with how to reopen offices in the next phase of the COVID-19 outbreak, mobile contact-tracing systems seem like a perfect way for Silicon Valley to channel its data prowess to protect employees.

At least in theory.

In reality, the prospect of tracking workers' movements in case they contract the coronavirus — then potentially expose co-workers or customers — is raising difficult questions about effectiveness and privacy, according to industry leaders. It's another powder keg of risk and liability that businesses must navigate amid an unprecedented public health crisis as governments begin to lift shutdown measures.

Firms looking to invest in contact tracing will have to decide whether to create their own systems or mandate that employees opt into broader public contact-tracing efforts before they return to work. They'll need to decide how systems would integrate with their particular business routines, while balancing their responsibility to an individual employee's privacy against their responsibility to others.

Nearly one-quarter of chief financial officers surveyed by accounting giant PwC in late April said contact tracing was part of their office reopening strategy. But what form such efforts will take is an open question.

"Companies are going to find out that they're going to have to do contact tracing in one form or another. The question is going to be, what is the most efficient and private way of performing this task?" said Jay Cline, principal and U.S. privacy leader for PwC. "Employee privacy is the sleeping giant of the COVID-19 crisis. In order to meet the public health objectives, companies have to meet privacy objectives at the same time."

While Google and Apple are at the forefront of efforts to digitize contact tracing using Bluetooth technology, other groups are building their own systems, from researchers at MIT to central governments in South Korea, the U.K. and France. Opportunistic tech vendors are pitching localized offerings, like Nodle's app in Berkeley, and wearable device manufacturers are pitching in-office tracking capabilities. At the same time, companies are enlisting consultants and attorneys to evaluate whether it's worth investing in their own internal contact tracing systems.

The objective is to balance potential liability for spawning a COVID-19 cluster — as has happened at workplaces including meat-processing plants — with concerns about privacy and data security. Among the potential pitfalls are false positive reports, false negatives, over-collection of sensitive health data, and the loss of that data to hackers.

"It's still a huge question mark," said Matthew Damm, an employment law attorney at Fenwick & West. With few state-approved contact-tracing apps and no federal guidance on the issue, he's urging companies to pursue the "least invasive" methods possible.

The trouble with tracing

HP, which employs 55,000 people worldwide, has already reopened offices in China and elsewhere by emphasizing precautions for employees including wearing masks, getting tested for COVID-19, and submitting to touchless body-temperature checks, said Chief Human Resources Officer Tracy Keogh. Tech-enabled contact tracing, however, has so far taken a backseat.

"We're not doing any tracking of people," Keogh said. "Some of these tools are pretty invasive."

State and federal regulators, such as the Equal Employment Opportunity Commission, have issued emergency orders to ease some standards for employee privacy, including allowing temperature checks, which raise an assortment of other issues.

The alternative to digital contact tracing — interviewing people who come down with the disease, then notifying others who may have been exposed — is time-tested but time-consuming. PwC's Cline said that early data suggests it takes companies 11 hours of human resources work per infected employee to do manual contact tracing.

At UCLA, public health professor David Eisenman said apps could be a faster and more cost-effective supplement to public health departments reduced by years of budget cuts. "We do not as a country continue to fund public health," Eisenman said. "It's not a resilient system, whereas an app is scalable."

But at the University of California San Francisco, in Silicon Valley's backyard, researchers are building public contact-tracing systems that rely on manpower rather on than apps. The tech that Google, Apple and others are building could be useful not on its own but "in addition" to manual equivalents, assistant professor of medicine Mike Reid said during a public health update last week. Officials are focused on hiring and training thousands of people to call, text and provide social services information to those who may have been exposed.

"This is not a technology that we're using in San Francisco," Reid said. "There's really going to be no replacement for a large army of public health professionals that do this work."

Companies could choose to trust that any employees exposed to the virus will be notified through such public systems. However, different systems have different standards for what constitutes a "contact." Reid said people are only notified of a potential exposure to COVID-19 if they spend 10 minutes in "close contact," or less than 6 feet away from an infected person.

The data game

Last week, when Apple and Google released the first version of its new contact-tracing API, Samy Kamkar was among the developers to download and test the nascent system, which relies on anonymized Bluetooth proximity data. The co-founder and chief security officer of Los Angeles building tech company OpenPath was impressed by the privacy safeguards: User IDs frequently change, data is stored on local devices rather than a centralized database, and geolocation data is not collected.

But if tech workers opt into broader public contact-tracing systems, companies could find themselves at the mercy of self-reported data. "My biggest question right now is what prevents me from pretending I am infected if I'm not?" Kamkar said.

More challenges could arise if people are asked to submit to more than one contact-tracing app — perhaps one at work and one or more outside of it. More splintering, Samkar said, would mean more uncertainty. "I don't think people will want to use competing systems," he said, "because you're losing a ton of data, a ton of information."


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


At PwC, Cline and his team are advising companies wading into contact tracing to think carefully about how long data will be retained, who has access to information and how systems are encrypted. He noted that contact tracing is also closely related to the ability to quickly test for COVID-19, or eventually, antibodies from the virus.

"Companies can sit out contact tracing perhaps until more tests are widely available," Cline said. "That's one of the key components for app-based contact tracing to work the best — for a whole workforce to have been tested, or have tests readily available."

At Fenwick & West, Damm said contact tracing is just one of many ways COVID-19 has upended business as usual. "The idea of an employer taking an employee's temperature would have sounded absurd three months ago," he said. "It's certainly not a world that we're used to living in."

Image: Yuanxin

Yuanxin Technology doesn't hide its ambition. In the first line of its prospectus, the company says its mission is to be the "first choice for patients' healthcare and medication needs in China." But the road to winning the crowded China health tech race is a long one for this Tencent- and Sequoia-backed startup, even with a recent valuation of $4 billion, according to Chinese publication Lieyunwang. Here's everything you need to know about Yuanxin Technology's forthcoming IPO on the Hong Kong Stock Exchange.

What does Yuanxin do?

There are many ways startups can crack open the health care market in China, and Yuanxin has focused on one: prescription drugs. According to its prospectus, sales of prescription drugs outside hospitals account for only 23% of the total healthcare market in China, whereas that number is 70.2% in the United States.

Yuanxin started with physical stores. Since 2015, it has opened 217 pharmacies immediately outside Chinese hospitals. "A pharmacy has to be on the main road where a patient exits the hospital. It needs to be highly accessible," Yuanxin founder He Tao told Chinese media in August. Then, patients are encouraged to refill their prescriptions on Yuanxin's online platforms and to follow up with telehealth services instead of returning to a hospital.

From there, Yuanxin has built a large product portfolio that offers online doctor visits, pharmacies and private insurance plans. It also works with enterprise clients, designing office automation and prescription management systems for hospitals and selling digital ads for big pharma.

Yuanxin's Financials

Yuanxin's annual revenues have been steadily growing from $127 million in 2018 to $365 million in 2019 and $561 million in 2020. In each of those three years, over 97% of revenue came from "out-of-hospital comprehensive patient services," which include the company's physical pharmacies and telehealth services. More specifically, approximately 83% of its retail sales derived from prescription drugs.

But the company hasn't made a profit. Yuanxin's annual losses grew from $17 million in 2018 to $26 million in 2019 and $48 million in 2020. The losses are moderate considering the ever-growing revenues, but cast doubt on whether the company can become profitable any time soon. Apart from the cost of drug supplies, the biggest spend is marketing and sales.

What's next for Yuanxin

There are still abundant opportunities in the prescription drug market. In 2020, China's National Medical Products Administration started to explore lifting the ban on selling prescription drugs online. Although it's unclear when the change will take place, it looks like more purely-online platforms will be able to write prescriptions in the future. With its established market presence, Yuanxin is likely one of the players that can benefit greatly from such a policy change.

The enterprise and health insurance businesses of Yuanxin are still fairly small (accounting for less than 3% of annual revenue), but this is where the company sees an opportunity for future growth. Yuanxin is particularly hoping to power its growth with data and artificial intelligence. It boasts a database of 14 million prescriptions accumulated over years, and the company says the data can be used in many ways: designing private insurance plans, training doctors and offering chronic disease management services. The company says it currently employs 509 people on its R&D team, including 437 software engineers and 22 data engineers and scientists.

What Could Go Wrong?

The COVID-19 pandemic has helped sell the story of digital health care, but Yuanxin isn't the only company benefiting from this opportunity. 2020 has seen a slew of Chinese health tech companies rise. They either completed their IPO process before Yuanxin (like JD, Alibaba and Ping An's healthcare subsidiaries) or are close to it (WeDoctor and DXY). In this crowded sector, Yuanxin faces competition from both companies with Big Tech parent companies behind them and startups that have their own specialized advantages.

Like each of its competitors, Yuanxin needs to be careful with how it processes patient data — some of the most sensitive personal data online. Recent Chinese legislation around personal data has made it clear that it will be increasingly difficult to monetize user data. In the prospectus, Yuanxin elaborately explained how it anonymizes data and prevents data from being leaked or hacked, but it also admitted that it cannot foresee what future policies will be introduced.

Who Gets Rich

  • Yuanxin's founder and CEO He Tao and SVP He Weizhuang own 29.82% of the company's shares through a jointly controlled company. (It's unclear whether He Tao and He Weizhuang are related.)
  • Tencent owns 19.55% of the shares.
  • Sequoia owns 16.21% of the shares.
  • Other major investors include Qiming, Starquest Capital and Kunling, which respectively own 7.12%, 6.51% and 5.32% of the shares.

What People Are Saying

  • "The demands of patients, hospitals, insurance companies, pharmacies and pharmaceutical companies are all different. How to meet each individual demand and find a core profit model is the key to Yuanxin Technology's future growth." — Xu Yuchen, insurance industry analyst and member of China Association of Actuaries, in Chinese publication Lanjinger.
  • "The window of opportunity caused by the pandemic, as well as the high valuations of those companies that have gone public, brings hope to other medical services companies…[But] the window of opportunity is closing and the potential of Internet healthcare is yet to be explored with new ideas. Therefore, traditional, asset-heavy healthcare companies need to take this opportunity and go public as soon as possible." —Wang Hang, founder and CEO of online healthcare platform Haodf, in state media China.com.

Zeyi Yang
Zeyi Yang is a reporter with Protocol | China. Previously, he worked as a reporting fellow for the digital magazine Rest of World, covering the intersection of technology and culture in China and neighboring countries. He has also contributed to the South China Morning Post, Nikkei Asia, Columbia Journalism Review, among other publications. In his spare time, Zeyi co-founded a Mandarin podcast that tells LGBTQ stories in China. He has been playing Pokemon for 14 years and has a weird favorite pick.

The way we work has fundamentally changed. COVID-19 upended business dealings and office work processes, putting into hyperdrive a move towards digital collaboration platforms that allow teams to streamline processes and communicate from anywhere. According to the International Data Corporation, the revenue for worldwide collaboration applications increased 32.9 percent from 2019 to 2020, reaching $22.6 billion; it's expected to become a $50.7 billion industry by 2025.

"While consumers and early adopter businesses had widely embraced collaborative applications prior to the pandemic, the market saw five years' worth of new users in the first six months of 2020," said Wayne Kurtzman, research director of social and collaboration at IDC. "This has cemented collaboration, at least to some extent, for every business, large and small."

Keep Reading Show less
Kate Silver

Kate Silver is an award-winning reporter and editor with 15-plus years of journalism experience. Based in Chicago, she specializes in feature and business reporting. Kate's reporting has appeared in the Washington Post, The Chicago Tribune, The Atlantic's CityLab, Atlas Obscura, The Telegraph and many other outlets.

Protocol | Workplace

How to make remote work work

Hofy made an early bet that COVID-19 would have a long-term impact on workplaces. The company recently raised $15.2 million for its remote workforce equipment management solution.

Hofy recently raised $15.2 million for its remote workforce equipment management service.

Photo: Jannis Brandt/Unsplash

It's your new employee's first day of remote work, but their laptop hasn't shown up yet. Not a good look.

This very 2021 persistent problem is part of why Hofy, a remote workplace management tool, recently raised $15.2 million to help companies deploy laptops, chairs, desks and other physical equipment to their remote employees. The idea for Hofy, which is launching out of stealth today, emerged in the early days of the COVID-19 pandemic — before lockdowns went into effect in the U.S. and the U.K. Hofy's co-founders, Sami Bouremoum and Michael Ginzo, had a feeling that COVID-19 would have a long-term effect on society.

Keep Reading Show less
Megan Rose Dickey

Megan Rose Dickey is a senior reporter at Protocol covering labor and diversity in tech. Prior to joining Protocol, she was a senior reporter at TechCrunch and a reporter at Business Insider.

Protocol | Policy

Tech giants want to hire Afghan refugees. The system’s in the way.

Amazon, Facebook and Uber have all committed to hiring and training Afghan evacuees. But executing on that promise is another story.

"They're authorized to work, but their authorization has an expiration date."

Photo: Andrew Caballero-Reynolds/AFP via Getty Images

Late last month, Amazon, Facebook and Uber joined dozens of other companies in publicly committing to hire and train some of the 95,000 Afghan refugees who are expected to be resettled in the United States over the next year, about half of whom are already here.

But nearly two months since U.S. evacuations from Kabul ended and one month since the companies' public commitments, efforts to follow through with those promised jobs remain stalled. That, experts say, is partly to do with the fact that the vast majority of Afghan arrivals are still being held at military bases, partly to do with their legal classification and partly to do with a refugee resettlement system that was systematically dismantled by the Trump administration.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Protocol | Fintech

How European fintech startup N26 is preparing for U.S. regulations

"There's a lot more scrutiny being placed on fintech. We are definitely mindful of it."

In an interview with Protocol, Stephanie Balint, N26's U.S. general manager, discussed the company's approach to regulations in the U.S.

Photo: N26

N26's monster $900 million funding round announced Monday underlined the German startup's momentum in the digital banking market.

Stephanie Balint, N26's U.S. general manager, said the funding will be used for expansion and also to improve "our core offering to make this the most reliable bank that our customers can trust," she told Protocol.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

Latest Stories