As a good employer you’re probably tracking the health of your workforce. Here are some considerations for what you do with that data…:
[…] Companies need to balance individual privacy with the collection and disclosure of sensitive employee/worker health information for safety purposes.
- Collection and Disclosure Best Practices to Strike a Balance. Thoughtfully establish health data collection procedures designed to protect the health of your employees without allowing individuals who contract the virus to become pariahs or be stigmatized. How you handle the situation will affect not only employee perception of your responsibility and regard for their well-being, but also the marketplace’s trust in your brand and perception of social responsibility.
- Avoid sensitive collection practices (e.g., taking and recording temperature, inquiring about family and others in the home, tracking location outside of work).
- Develop strict guidelines as to the limited times the names of employees/workers who contract the virus can be disclosed (e.g., only to health and safety government agencies, service providers who are bound by a written agreement and to healthcare professionals and family with consent).
- Notices and Agreements. Review your employee/applicant privacy notice(s) to determine whether the notices provide for the required data collection, use and disclosure appropriate for the health and safety of the workplace and all employees. Where applicable, work with vendors (e.g., staffing agencies) to determine what their notices contain as well. If necessary and/or feasible, develop COVID-19-specific notices for employees that outline the special data collection, use and sharing that may occur during the pandemic. Consider separate data sharing agreements or provisions with third parties as well to cover these situations. Ensure data sharing agreements contain sufficient protections. A breach of medical information could come with higher risks and costs.
- Privacy and Security Guidance for Work-at-Home Arrangements. Ensure that employees follow reasonable security practices when working from home, as contained in a Federal Trade Commission (FTC) alert from March 18, 2020, including using complex passwords, keeping security software up-to-date, enabling encryption (WPA2 or WPA3) on their home router, password-protecting and locking laptops and mobile phones, securing physical files and disposing of company data securely, such as by shredding.
- Security. Ensure that you have put in place reasonable security measures to protect any additional information collected from employees, such as health-related data or location history. This would likely include a designated data storage location that contains robust access controls, encryption and other protections against unauthorized access and disclosure.