As employees return to work, organizations are faced with the challenge of toeing the line between privacy invasion and offering safety.
This is because today’s employers are tasked with collecting more employee data than ever before to protect the wellbeing of their employees while maintaining productivity.
So, how can they achieve that without being labelled “Big Brother?”
Companies must balance their need for information with employees’ right to privacy
The Office of the Privacy Commissioner of Canada’s guidelines on privacy at work indicates that an employer’s need for information should be balanced with an employee’s right to privacy.
For personal information, including pay and benefits records, personnel files, video or audiotapes and records of web browsing, electronic mail and keystrokes, the privacy commissioner has outlined what is needed to establish and maintain that balance:
The employer should say what personal information it collects from employees, why and what it does with it.
Collection, use or disclosure of personal information should be done with an employee’s knowledge and consent.
The employer should only collect necessary personal information for its stated purpose and collect it by fair and lawful means.
The employer should normally use or disclose personal information only for the purposes for which it is collected and keep it only as long as it’s needed for those purposes unless it has the employee’s consent to do something else with it or is legally required to use or disclose it for other purposes.
Employees’ personal information must be accurate, complete and up to date.
Employees should be able to access their personal information and challenge its accuracy and completeness.
In the wake of COVID-19 screening and proof of vaccination attestation, the same rules should apply to any information related to employees’ medical records.
This includes information pertaining to the employees’ COVID-19 symptoms, whether they’ve tested positive to the virus and the date of their COVID-19 vaccination.
Enterprises must collect employee data with absolute integrity
According to Gartner, enterprises should embrace the following five risk-based principles before collecting employee data in order to ensure that the data is gathered with integrity.
Process data with predefined purpose. This will prevent the collection and storing of data once it has fulfilled that purpose. By deleting the data once it’s no longer needed, companies can also make significant costs savings on storage fees.
Implement the least invasive measure possible to collect the data needed. Remove any measure that’s unbalanced to the risk or the purpose that can be achieved differently.
Collect only the minimum amount of data necessary. Ask your team what amount of data is enough and whether you can achieve the same purpose by collecting less personal data.
Don’t do anything in the dark. Be absolutely transparent with your staff about the data you collect, for what purpose and who has access to it.
Implement equal measures for all employees. This practice will prevent discrimination and protect autonomy.
Finding the balance between collecting personal data and protecting employees from the spread of COVID-19 is easier than it appears.
But organizations must be transparent with their staff about the way they’re collecting and processing their data in order to earn their trust in the long run. It’s the surest way for them to help stop the spread of new COVID-19 variants in the future and protect their bottom line.
Getting the right COVID-19 screening tools is one of the most important steps towards protecting your employees and visitors while helping stop the spread of COVID-19. Learn about EAIGLE’s Digital Vaccine Pass and a palette of our wellness screening solutions by visiting eaigle.com/digital-vaccine-pass.