As we enter a new phase of living and working with coronavirus, and in light of the Government’s relaxation of restrictions, the Information Commissioner’s Office (ICO) has issued fresh guidance to employers in complying with their data protection obligations, including in relation to vaccination information.
The guidance provides a brief overview of the relevant issues following the relaxation of COVID-19 rules in the UK.
Some of the ICO’s main recommendations for employers include:
- Practices put in place during the pandemic: these practices should be reviewed, in conjunction with the latest guidance, to ensure that the personal data collected is still necessary (reasonable, fair and proportionate) in the changed circumstances;
- Retention of personal data collected during the pandemic: it is necessary to ensure that personal data collected during the pandemic is processed and securely stored and disposed of when no longer required;
- Vaccination information: if you are continuing to collect vaccination information – and you must have a compelling basis for doing this – be clear about what you are trying to achieve and how requesting vaccination information is helping you achieve this aim. Use of this data must be fair, relevant and necessary for a specific purpose;
- Positive COVID-19 cases in the workforce: Although data protection law does not restrain employers from keeping staff informed about potential or confirmed COVID-19 cases amongst colleagues, it is sensible to ensure that information provided is limited to no more than is necessary and that individual colleagues are not named.
Practical Steps for Employers
Debates about individual freedoms and rights to privacy have been a daily presence on our news and social media channels and have been the subject of complaints and litigation across the world. In addition, employees are increasingly aware of their data rights and of how to use the Data Subject Access Request procedure and the jurisdiction of the ICO. These can be costly, and disruptive, exercises for employers in both financial and reputational terms.
It is sensible from a risk and litigation perspective for employers to check government guidance and review how they use personal data in light of changed COVID-19 rules.
Data protection is only one of a number of aspects to be considered in relation to vaccination information. Employers should also take into account the contractual rights of workers; equality and human rights (including the right to privacy); and health and safety legislation.
If you would like to seek further information about any of the issues raised in this article, please contact our Employment or Legal Technology teams at Cleaver Fulton Rankin.
This article has been produced for general information purposes and further advice should be sought from a professional advisor.
How can we help you?
Call us on the Belfast number below or send us a message and one of our team will be in touch.
028 9024 3141Send us a Message