Subscribe
Search
Close this search box.

Treading the fine line between Gov guidance and privacy law, as staff return

  • Ben Rapp, Founder and Principal - Securys
The UK government may have given the impression that processing the Covid vaccination status and test results of staff is approved in a formal sense, but it isn’t. We are seeing vaccine mandates across the pond by Microsoft, United Airlines, Google, Walmart and others. However, UK and European law is quite different and in general does not permit organisational measures of this kind.

Employers risk breaking the law as they respond to UK government guidance about policing staff vaccination. We will see vaccine mandates across the pond from September by Microsoft, United Airlines, Google, Walmart and others. However, UK and European law is quite different and in general does not permit measures of this kind.

The UK government may have given the impression that processing the Covid vaccination status and test results of staff is approved in a formal sense, but it isn’t. Encouraging staff to get vaccinated is fine, but checking whether they have been isn’t acceptable under data protection law. Regular testing remains acceptable but must comply with strict privacy and security rules.

September will see many teams heading back to the office. With this in mind, companies have to navigate the guidance, along with the mix of staff who are and aren’t vaccinated – some of whom aren’t vaccinated by choice.

Employers seeking to collect the vaccination status of staff, or to impose screening checks, should follow these simple rules to stay on the right side of the law.

1/ Where possible do not collect, process or record information

By verbally requesting a vaccination status, visually checking a Covid test or looking at but not scanning the NHS app, companies can avoid the implications of data protection law. But they might be in breach of the Equality Act if they exclude non-vaccinated staff.

Be careful not to record information inadvertently, by creating a list of people who don’t need daily testing because they’re vaccinated, or a list of those who can’t come into the office because they aren’t.

Those would be considered records of vaccination status, which is protected medical data.

2/ You need employee consent to collect a vaccination status

Employee consent is difficult to obtain safely. Legal precedent suggests employees may feel coerced – so companies have to be very careful to demonstrate that refusing consent has no adverse effects on the employee.

3/ Evidence of a negative test is appropriate – but short-lived

The regulator, the Information Commissioner’s Office presently supports the view that under Health and Safety regulation, providing a safe working environment, it is appropriate to ask for negative Covid tests. But companies must be careful not to exempt the vaccinated from testing.

Employers may make the tests compulsory and record the results. A negative test only has value for a short time, 72 hours seems to be the consensus. So, there is no need to retain the result for any longer than that and employers should delete the data at that point.

Those testing daily don’t need to record data at all, since anyone with a positive result will not be admitted and everyone will be re-tested the next day.

4/ If someone tests positive, it can be recorded

If someone calls in sick with a positive test, this too may be recorded as part of their employment file.

We encourage employers to minimise what they record. It’s important that the employee who tested positive is not identified to others.

If two or more employees test positive, this must be reported to Public Health England or the appropriate public health authority.

5/ Recorded medical data is subject to a higher standard of protection

Medical data is considered more sensitive than other personal data. Companies must ensure medical data is properly protected: this includes minimising access to it and applying additional levels of security such as encryption or pseudonymisation.

The NHS app is designed with a QR code encouraging the viewer to scan it for verification. However, even if you record nothing, just the act of verification counts as data processing and means that data protection law comes into play.

Employers should be very careful about the basis for requesting medical information. Vaccination is not a 100 per cent barrier to transmission. So, asking for a vaccination status cannot be justified on the basis of ensuring a safe workplace.

It is doubtful that there is a legal basis for preventing unvaccinated staff from coming to work.

There are certainly difficulties in processing the related data lawfully, as the European Data Protection Supervisor has recently made clear. Although the EDPS is no longer directly binding on the UK, our law is identical.

    Receive more HR related news and content with our Free Newsletter

    Read more

    Challenges and benefits of creating neuroinclusive workplaces

    How to avoid employee disengagement in the age of AI

    Myths surrounding AI in the recruitment industry busted

    Latest News

    Read More

    Fourth Industrial Revolution navigation: A Guide to Thriving in the Digital Economy – ARTICLE OF THE WEEK – Issue 234 – April 2024

    24 April 2024

    Read More

    Technology

    23 April 2024

    How HR can help protect businesses and employees against cyber threats

    In today s digital landscape HR professionals play a pivotal role in mitigating cyber risk within organizations...

    Read More

    Health, Safety & Wellbeing, The Workplace

    22 April 2024

    Understanding high-functioning anxiety in the workplace

    Unveil the complexities of high functioning anxiety in the workplace a condition often overlooked due to its subtle presentation...

    Newsletter

    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    More over 55s are accessing their pensions or cashing out completely.

    Early retirement emerges as top financial goal for employees

    Reimagining Employee Incentives: Key Strategies for Motivation and Retention

    Half of employees unaware of what their pension is invested in

    Why are UK firms struggling to recruit AI experts?

    Latest HR Jobs

    HR Advisor

    The Bedford College GroupSalary £26 000 pa from depending on experience

    EDI Co-ordinator

    London School of Hygiene amp Tropical Medicine 8211 DirectorateSalary £33 111 to £37 298 per annum inclusive

    Head of HR – Endeavour Learning Trust – Chorley

    The purpose of the role will be to provide a comprehensive HR service for approximately 600 staff within the Trust 50 off Endeavour Children s

    Interim Head of HR and Organisation Design – Sullivan Brown Resourcing Partners – Newcastle upon Tyne

    Working closely with the leadership team the interim Head of HR and OD will help lead the organisation through a period of change and lead

    PUBLISHER

    Peter Banks

    Founder & CEO

    EDITOR

    Jason Spiller

    DIGITAL MARKETING

    Beenu Weerawardena

    Hady Elsayed

    SUBSCRIPTIONS

    Sonja Grimes

    ADVERTISING

    Chris Cope

    ADVERTISING SALES

    Publication and Online

    01454 292063   advertise@thehrdirector.com

    RECRUITMENT

    01454 292 069     recruit@thehrdirector.com

    CUSTOMER SERVICE

    01454 292 060
    info@thehrdirector.com

    SUBSCRIBER SERVICE

    +441454292060
    subs@thehrdirector.com

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read Online For Free

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read Online For Free