Big data can help with a lot of things: Netflix suggestions, saving money at the grocery store, monitoring your sleep cycle. Should it be considered in the workplace too?

Headlines last week started swirling about how many companies, including prominent names like Wal-Mart or J.P. Morgan Chase, were using big data firms to mine data about the health of their employees. Everything from monitoring which workers are at risk for spinal surgery to monitoring which employees have stopped filing their birth control, these firms closely monitor aggregated data and pass along tips. And for now, they’re painting within the lines. But that doesn’t mean it’s popular—or permanent.

It’s yet another example of just how much data consumers can leave in their wake that they don’t even know about. Healthcare analytics firms can mine workers’ medical claims, pharmacy claims, credit scores, and search queries to get a read on exactly how an employee is doing, and what they might do for the future.

Photo Credit: CyberHades cc
Photo Credit: CyberHades cc

“I bet I could better predict your risk of a heart attack by where you shop and where you eat than by your genome,” said Harry Greenspun, director of Deloitte LLP’s Center for Health Solutions, a research arm of the consulting firm’s health-care practice, in the Dow Jones Business News.

And it’s all legal: Currently there’s no legislation out there to keep employees’ data out of the hands of companies like this. It’s all on the employer to navigate any legal fault lines (like HIPAA, which prevents accessing a worker’s medical information but not data mining), which is what has many worried.

Data is only collected on employees who have explicitly opted in, and although these firms will share data with the employer, they’ll do so without any personal data. Employers may know that there’s 200 workers considering surgery according to the firm’s data collection, but they won’t be able to drill down who those 200 are.

Well, hypothetically. As Fortune explains, it’s not exactly shrouded in shadow:

In this case, however, the stakes are much higher because the parties involved are in an employer-employee relationship, points out James Hodge, a professor of public health law and ethics at the Arizona State University Sandra Day O’Connor College of Law.

“If [an employer] originally thought that 15% of the women in its employee base may become pregnant, but data shows it’s closer to 30%, that could lead an employer to say we cannot hire as many female employees this year because we can’t afford them being out for family leave,” Hodge explains. And while this example is purely hypothetical, it shows the kinds of discriminatory arguments that this data could be used to make—regardless of whether an employer has access to individual employee names or not.

Hodge argues that the data gathered by the company could still be used to penalize employees who did not opt in. “You only need a random sampling and you can then extrapolate meaningful and actionable data” based on a significant sample, he says. In other words, Walmart doesn’t need every one of its 1.4 million U.S. employees to opt in to Castlight—it can make do with a few thousand.

Meanwhile the statistics behind employment discrimination remain daunting, with the number of pregnancy discrimination charges are increasing. And while the EEOC has tried to stem the tide of employers using wellness programs and wearables to monitor employees’ health they’ve had some setbacks as of late.

Which some would say isn’t so bad. After all, so long as the program isn’t mandatory there is good that can come from these programs. The same app that collects the data on whether you’ve stopped filling your birth control could give them nudges to find an OB/GYN to help with prenatal care. When Wal-Mart was informed that 30 percent of their employees who got second opinions opted not to get back surgery, the corporation made concentrated efforts to communicate with those same employees about alternative options.

But as technology gets more inventive, and is able to help people live longer, healthier lives, you can trust that some—including the EEOC—makes sure that information doesn’t fall into the wrong hands.