Ready for Work Pledge

These best practices are to help ensure that your COVID-19 ready for work program involving Fitbit user data is consistent with Fitbit’s dedication to protecting user privacy. Your program must also comply with all applicable laws and regulations and any agreements that you have with Fitbit.

You will only access and use the data you receive from Fitbit for the limited purpose of informing and implementing your decisions about maintaining a healthy workplace during the COVID-19 pandemic and for no other purpose.

You will provide participants with notice of what data is collected, for what purpose their data will be used as part of your program, if it will be shared outside the program, who will have access to it, whether you will have access to individual or aggregate data, and the period of time you will retain the data. You will also explain to participants the rights they have over their data.

Your use of the program must be compliant with all applicable laws, including the Americans with Disabilities Act, the Family and Medical Leave Act, the California Confidentiality of Medical Information Act, the California Consumer Privacy Act, the General Data Protection Regulation.

You will maintain data security by using technical, administrative, and physical controls that are appropriate to the sensitivity of the data, meet or exceed industry standards, and are reasonably designed to protect against unauthorized access, use, or disclosure of the data. At a minimum, the following should be deployed: data encryption, access controls, logging, auditing, confidentiality requirements, data use policies (including incident response and breach notification plans, as applicable), and training.