In order to protect staff, customers and visitors from exposure to COVID-19, many businesses and organisations are installing temperature checking systems to monitor individuals when on-site. It is important, however, to ensure that business owners fulfil their (new) public health management assistance in a manner which respects privacy, data protection and personal sensitivities. Maintaining a balance between the rights of the individual and the wider protection of the community, including employees and customers, is essential.
Follow our guidelines and introduce simple measures to keep your temperature checks and COVID-19 response privacy compliant.
Data protection issues
As discussed in a previous blog post, temperature data alone is not personal data, but when combined with images from CCTV cameras, names or attendance registers, it becomes “special category” data under data protection legislation. Therefore, you need to assess the legal duties and responsibilities that arise from handling a combination of temperature data and any personal data.
Organisations should:
- Ensure fairness, transparency, proportionality and appropriate security of the data as set out under data protection legislation
- Consider whether the temperature monitoring system design represents the least intrusive means to collect and manage personal health data
- Identify which lawful basis, out of the six available, is appropriate for handling data related to screenings (consent is not recommended for health and safety measures or within an employment context).
A COVID-19 response plan
After taking into consideration all the relevant data protection and privacy issues, you should start drafting your detailed plan on how to implement screening measures and respond to elevated temperature data readings on your premises.
- Create a policy to sensitively respond to elevated temperature data as screening devices are not always accurate and high temperature can be indicative of a health condition other than COVID-19. Document your policy and ensure you are not creating unintended or disproportionate impacts for certain individuals.
- Update policies and notices if you collect any additional data and specify the use and length of data storage. Do not use contact details gathered under a COVID-19 policy for any other purpose, especially not marketing.
- Decide on policy review or expiration dates for all COVID-19 response measures to prevent these from staying in place after they become redundant. Update staff on any policy changes so that they are trained to help implement new measures.
- Consult with employees and customers to get insight into any concerns.
Clear communication
It is not enough to have a detailed plan and policy on temperature screenings, you also need to make sure that this information is communicated to all individuals present on your premises.
- Be transparent, communicate clearly with customers and staff alike while these interim measures are in place.
- Acknowledge that the system is not perfect and a raised temperature, even if accurately measured, does not necessarily mean COVID-19. However, it is one of the of the measures in place to limit the public health risk during the pandemic.
- Acknowledge the inconvenience your policy may cause and provide both brief information notices as illustrated below as well as more detailed data protection information and contact details.
To reduce the spread of COVID-19, we will be conducting temperature screenings to help keep our customers and staff safe.
Thank you for your ongoing cooperation and understanding at this time.
With these protections in place, your business will contribute to our joint effort to prevent the spread of COVID-19 while minimising the potential impacts on individuals.
Trilateral’s Data Governance and Cyber-Risk Team offers a range of data governance services that can help you manage the introduction of COVID-19 response measures in your organisation. Trilateral can help audit existing practices, perform gap analyses, and offer compliance support. Our support services will help your business to protect individuals’ fundamental rights, building trust among your website users and ultimately, your customers. Please feel free to contact our advisors, who would be more than happy to help.
Want to know more? Listen to Rachel Finn’s discussion on COVID-19 and Temperature Screening on RTÉ Radio 1’s “The Business” Programme.
