Returning To The Office? Data Protection Conundrum Ahead!
Health data needs to be well secured
Heading back into the office brings with it a whole new set of circumstances, screenings, and employer requirements. But, what are the data protection implications of these essential screening processes? ProPrivacy unravels the finer points, so your business stays on track with its data protection requirements.
Life in the times of COVID-19
Living through a global pandemic is anything but comfortable. Adjusting our workplaces to a different rhythm and operational mandate makes for interesting times too. As teams return to the office and take up their realigned spots at spaced out desks, there’s much to consider when it comes to operational requirements. As an employer, you are required to:
- Implement a phased return to work: As employees return to work, differentiation is required. For many people, especially those who have comorbidities, continuing to work from home is recommended. Moreover, when it comes to shift work, and office setups, it may provide your teams with more flexibility to continue working in remote ways.
- Conduct daily health screenings: Ensuring your staff remain healthy and safe is vitally important. Conducting daily health screenings may be required in terms of public health guidelines. Daily health screenings may include temperature testing and other screening procedures. It’s critically important to not ignore public health advisories and changes in requirements.
- Provide socially distanced workspaces: Enabling your teams to return to a safe environment, spaced out desks, workspaces, and refreshment areas are required.
- Ensure your teams are well equipped: From sanitiser to space, signage, resources, masks or other materials, it’s imperative your teams have everything they need to stay safe and prevent the spread of COVID-19.
- Set up contact tracing mechanisms: Contact tracing databases and chains are a fundamental part of COVID-19 management strategies.
But what about data protection?
All these mechanisms and machinations to help stem the spread of COVID-19 make good sense from a public health perspective. There is, however, a looming concern around data protection. As Philipa has unravelled for us before, processing health data during the times of a disease outbreak can be tricky. But, if the pandemic highlights anything important at all, this is one element of modern living that is truly brought to the fore: that data protection has never been more important.
Processing health data
As always, ProPrivacy is here to help, and answer the big questions your business may have around data protection. As outlined in this guide from Philipa, it remains critically important to ensure your business stays on the right side of the regulation when it comes to both data protection and ensuring employee safety. There exists an exceptional responsibility for high care and confidentiality, so yes, that sign-in list at reception, with everyone’s information available for all to see, won’t do.
Return to office paperwork
As part of your pre-screening and screening mechanisms, you may consider implementing return to work forms or use an external service (such as a mobile application) to manage this process. Naturally, in terms of data protection, your return to office paperwork should:
- Include only the bare minimum of personal data required to satisfy the direct purpose of the form.
- Be processed, stored, or erased, efficiently and with a direct, easily understood purpose attached to these processes.
- Ensure your teams are well advised to keep their line managers up to date with their health, medical circumstances, and important health matters.
A quick zap on the forehead with a thermometer may seem an innocuous task, but we have to ask: where do you store that health data, and why do you need to record it? Well, we know the answer to the latter. As it turns out, temperature screening may not be a requirement for your return to work programmes. This screening methodology is only required when you are advised to do so by a public health service. If you do feel the need to roll out temperature screening, keep in mind that:
- You’ll need to be very clear in your communications around the implementation of temperature screening for your offices.
- You’ll need to be assured that your systems and operational capacities can manage the data protection requirements for collecting, processing, and storing personal health data.
- A Data Protection Impact Assessment would be recommended for your business before you begin implementing a temperature screening programme.
Data protection impact assessments
Data Protection Impact Assessments are an important, and often mandatory, component of your organisation’s data compliance requirements. A one-size-fits-all approach, however, won’t work, as these often don’t cover the all-important elements your business needs to ensure compliance on. Let ProPrivacy’s team of experts help you ensure data protection and data compliance, no matter what circumstances your office needs to manage.
Philipa is the lead consultant and auditor at ProPrivacy. With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide. Philipa’s passion is manageable data compliance for SMEs.
Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.
Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.