Tag Archive for: Data Protection

Home | Data Protection

The announcement earlier this month that the Princess of Wales was undergoing treatment for cancer reignited discussions about the delicate balance between an individual’s right to privacy and the public’s interest in their personal affairs. We look at similar implications for employees who are away from work unexpectedly and consider what employers should do to manage this.

Kate Middleton’s decision to share her diagnosis publicly was undoubtedly a courageous one and sparked an outpouring of support and empathy from around the world.  However there was also a sense that as speculation reached fever pitch she was left with little choice. Her experience serves as a reminder of the complexities surrounding privacy for those in the public eye.

When employees are off sick or are suspended during an investigation in the workplace, there can be similar considerations about how much information can and should be shared, which need to be handled delicately. Some level of communication will be usually be required, whether that is to clients, colleagues or other stakeholders. This can become more pressing when the rumour mill kicks in and it becomes apparent that there is unhelpful speculation surrounding an absence.

What steps should employers take?

Maintaining confidentiality and respecting the employee’s privacy rights while addressing the concerns of other employees can be challenging. Here are some options available to employers in such circumstances:

  • Communicate clearly with the affected employee: The employer should communicate with the affected employee directly. Ideally work with them to come up with a form of words that will be used. In some situations, such as suspension, often the less that is said the better and using the term ‘suspension’ should be avoided in most cases. In others, it will be a case of what the individual is comfortable sharing. Check back in with the employee after a period of time to check the messaging is still appropriate or if it needs updating.
  • Share that messaging as needed: Communicating the agreed messaging can help to dispel rumours and put a halt to speculation. Don’t dwell on the reason for absence but focus minds back to interim arrangements and getting back to business as usual. Think about how you will handle requests from employees to get in touch with the affected employee and have a response agreed.
  • Respect privacy: Employers should respect the privacy rights of the absent employee. While it may be tempting to disclose details about the situation to quell further speculation, doing so could create upset for the affected employee and give rise to further risks to the business.  
  • Address misinformation: If rumours are spreading that are false or damaging to the absent employee’s reputation, the employer should take steps to address and correct misinformation. This can be done through staff meetings, internal memos, or other forms of communication.
  • Enforce confidentiality policies: Employers should remind employees of the organisation’s confidentiality policies and the importance of respecting the privacy of their colleagues. This can help prevent further speculation or gossip about the absent employee’s situation. This is particularly crucial where employees are to be interviewed as part of an internal investigation and may therefore be privy to further sensitive information.
  • Maintain professionalism: Throughout the process, employers should strive to maintain professionalism and treat all employees with dignity and respect. This includes refraining from engaging in or tolerating gossip or speculation about the absent employee’s situation.
  • Obtain specialist support: If it is a particularly high profile or controversial absence that may attract media interest, involve your internal marketing and communications team if you have one or consider getting specialist support so press releases can be prepared as needed.

By taking these steps, employers can effectively manage rumours and speculation surrounding an employee’s absence, while upholding confidentiality and respecting privacy rights. Careful thought, clear communication and an adherence to policies and procedure are essential for maintaining a positive work environment.

If you would like support in managing a similar situation in your organisation, please contact Sarah Martin in our team on 07799 136 091.

Home | Data Protection

If you are responsible for GDPR matters in your workplace then you should take heed of recent guidance from the Information Commissioner’s Office (ICO) regarding the storage of COVID vaccination data.

The ICO, which is the UK’s information body set up to uphold information rights, has published guidance called ‘Data protection and Coronavirus-19 – relaxation of government measures‘. This is to help organisations and employers to comply with their data protection obligations following the Government’s relaxation of the rules relating to COVID-19.

Sharing Vaccination Data

Some employers may have checked people’s COVID-19 vaccination status historically. The ICO has outlined in this recent guidance some key things organisations need to consider around the use of this type of personal information.

Why Hold Vaccination information?

Employers may wish to seek voluntary proof of vaccination:

  • to track staff vaccination levels within the workforce and assess the risk of transmission
  • to ascertain an employee’s eligibility under any vaccination incentive scheme

If an employer has vaccination data it may help them with internal risk assessments and planning from an operational viewpoint.

What Is Your Purpose for Storing Information?

Now is the time to review your current practices in respect of collecting and storing this type of data. Employers now need to understand from a data protection viewpoint, what information they can request and record about their employees’ vaccination status.

An employer should consider carefully whether capturing this information can be justified, given the current position taken by the Government. Employees’ health information falls into the category of special personal data so employers must identify a lawful reason to request and process this data under data protection legislation.

The ICO guidance states that if employers collect vaccine information they must be clear what they are trying to achieve by doing so and demonstrate how it helps them achieve it. The use of data must be fair, relevant and necessary for a specific purpose.

There must also be a compelling reason for collecting this information and ‘just in case’ will not be good enough. The intention of using and processing this vaccination data must also be transparent from the employer and should not provide any risk to the employee or any detrimental impact to them.

How Long Should an Employer Retain Vaccination Data?

If you have vaccination data for your employees you should review it and ensure that it is still reasonable, fair and appropriate for you to retain this data going forward. You should safely dispose of this data if it is no longer relevant or required. If you need to store vaccination data you should do so for only as long as is necessary and review regularly.  

For specialist support on managing your employee vaccination data, please contact Helen Couchman in our team on 07799 901 669.