BlackBerry was recently asked for help from a large public health organization with an unusual request. This health organization wanted help in writing an app, which would track and upload their employee’s geolocation data on a periodic basis to a company server behind its firewall. The geolocation data would be maintained for a few months by the organization. At first this request sounded bizarre, perhaps even Orwellian. But then the health organization explained to us that the app would only be used with prior written employee consent and only when the employees (often doctors) enter dangerous regions on foreign soil to aid a local population to manage a contagion. The app would be promptly removed from the employee’s device upon his return to his home country via BES12. As it turns out, Western doctors face a high risk of kidnapping in certain foreign countries, and these doctors wanted a way to be tracked in a worst-case situation. Such an app, we were told, would help provide confidence to these doctors of their safety, and the doctors were more likely to make the trip.
From some of our other enterprise customers, we have recently had similar requests for the ability to track the location of an employee who might be entering a dangerous location. Given that we had already written the sample code for this app, we have decided to open source the code on Github here.
At BlackBerry we take security and privacy very seriously. When this app is deployed in the Work Space of BlackBerry Balance via BES12, all data transferred to the server is automatically encrypted. This is the only recommended way to deploy this app. The app does not store any data on the device itself, although there is a server component, which stores the geolocation of the device in a database within the company’s firewall. The server component automatically deletes geolocation data that is older than a preset duration.
Additionally, I wanted to make sure that the user of the app had no doubt that they were under geolocation surveillance. As such, the app is designed to keep alerting the user on a periodic basis that their geolocation data is being sent to the organization. This alert also provides instruction on how to stop sending the location to the server if that’s what the user desires.
Laws regarding tracking and storing an employee’s geolocation data vary drastically from region to region. If you choose to deploy this app, we strongly advise you to get prior written employee consent. Be sure to inform your employees of how long your company intends to keep this data. Additionally, you should also speak with your company’s legal department to validate that recording geolocation data is legal in your location, as well as the location where this app will be used to collect geolocation data, even if your employee has provided written consent. Keep in mind, as long as your employees trust that your company is protecting their privacy, they will continue to use the app and their phone. If their trust is eroded, they will no longer carry their mobile devices leading to loss in productivity. I hope if you choose to use this app within your enterprise, you will do so in a responsible manner to increase the safety of your employees while not compromising their privacy.