Thermal screening and temperature checks have taken over my email inbox and LinkedIn feed for the past few weeks. Every equipment provider and even manned guarding companies seem to have the ‘solution’ to your COVID-19 problem. What I don’t see a lot of talk about is the privacy impact of these so called solutions or even the legality of them.
Suppliers will supply and install them but will they tell of the risks involved with collecting, processing and storing the information produced, or about your employees rights. Some are even suggesting going further and having manned security companies with their suddenly developed ‘bespoke’ systems (which funnily enough all look the same apart from the logo on them) collect the data for you. So, a third party is going to collect all of your employees data?
I’m not suggesting that temperature screening shouldn’t be done. In some cases it will be necessary. I am saying that if you are supplying a service it should the service your client needs not the one you have to sell. It certainly should not be a solution that will cause increased risk to the client later. That’s what I want to talk about here.
Temperature screening
As a policy, temperature screening seems like a reasonable step for some workplaces as the economy opens back up again. I’ve already produced a video on the systems and procedures that should go along with this policy for security providers.
While it may represent a reasonable control measure to reduce COVID-19 spread in some workplaces it also involves the collection and processing of a significant amount of employee data. Some of that data is sensitive.
It is also a new data processing project (i.e. you haven’t always had it in your workplace) and so it requires a data privacy impact assessment (DPIA) to be undertaken. Failure to do this could leave the employer open to a Data Protection Commission investigation or worse still a data breach leading to a loss of employees sensitive health data.
Temperature is health data
Taking a temperature is gathering data about the health of a person. Health data is regarded as sensitive personal data under GDPR. There are additional safeguards and restrictions in place when it comes to the collection of sensitive personal data. There are strict limitations on why and how you can gather this data. There is an allowance for sensitive personal data to be gathered for public health reasons but this is generally cross border health related issues and not related to employment. The legal reasons allowed for gathering this data are actually quite restrictive.
Legal reasons
To process sensitive personal data legally you have a few options:
- By consent
- Public interest clause
- Vital interest of a natural person
Consent is the first and easiest option. Getting consent shouldn't be too difficult if an employer is open and transparent with employees about the temperature screening as a single control measure in a full risk management system designed for their protection. All of the usual data protection associated tasks still exist such as telling the employee clearly why you are gathering the data, what you will use it (and wont use it) for, where it will be stored, who will have access etc.
The consent should be obtained in writing from the employee. This doesn't just apply to temperature screening though. It applies to asking employees to fill out health questionnaires prior to returning to work as well. The other two reasons may also be used to gather the data in more extreme circumstances. They can only be used in the event that other lawful reasons cannot be obtained and much higher protection measures would have to be applied to the data once it is gathered.
Data Privacy Impact Assessment
The section above covers the lawful gathering of health data. That is only one area of data protection law. There are several other areas of the legislation to consider before implementing any data gathering solution. This is where a data privacy impact assessment comes into the equation.
A DPIA is basically a review of the impact that your new process has on the privacy of the data subjects. It details that you have identified all of the potential risks, evaluated them and put in place suitable control measures to reasonably protect the data and the rights data subject. The remaining risk after the control measures has still to be justified as being balanced against other risks (such as public safety).
Compiling a DPIA is a legal requirement for any new data processing measure. Even though the Data Protection Commission doesn't require every company to send them in for approval, the document will be required if a complaint is made or a breach occurs. The level I’m seeing now of providers offering technical solutions with no DPIA and by the looks of things no idea how to do one is worrying. Developing a DPIA for a processing activity such as temperature screening can be complex depending on the system used and could cause a substantial legal issue in the future
Risks
- There are a number of potential risks as I see it with some of the systems I see being promoted at the moment:
- Manned guarding companies offering a system that they have built and will operate for their clients. Firstly, manned guarding companies generally have no idea about security system specification or commissioning. Secondly they are gathering and storing information on a clients employees on behalf of that client, This should be a huge area of concern for any client.
- These all singing and all dancing solutions are being sold as a complete problem solver. They are not and never will be. My fear is that the perceived safety of the screening makes employees and employers complacent about other measures such as hand hygiene and social distancing. My approach with clients is to assume that everybody is infected at all times. Regardless of what the temperature screen, health survey or any other measure tells you.
- Any of these systems that are claiming to be 100% accurate. Need I say more?
- Some systems are trying to take the friction points out of access control. They are creating systems which include a temperature reading, combined with facial recognition and reading an employees card to provide access to an area. Seems great but this is a huge amount of data to be gathering and processing and I struggle to see how it could be justified to gather all of this in one place.
- A single data breach in any one of these systems will lead to widespread non compliance among employees.
Summary
I am not saying don't use these systems. Im saying if you are going to use them then you need to recognise them for what they are. They are a single control measure of moderate effectiveness which carry a lot of risk. They should be used as part of an overall risk management approach to COVID-19 and not sold as ‘the solution’.
Like I said above, if you are considering as a business investing in one then ask the right questions and get the right documentation. Buy the system you need not the one the supplier wants to sell you. If you are a supplier then be part of the solution not the problem. Lastly if you are an employee know your rights and your responsibilities.
Note from Tony
If there are any buyers, suppliers, security contractors or employees out there who would like a chat about the risk management protocols for return to work or a data privacy impact assessment please feel free to give me a call or an email. Always happy to chat.
Tel: 085 2821737 | Email: info@securityoperative.ie
JdbxFieda
where to buy viagra 100mg viagra at walmart acheter viagra http://llviabest.com/ - purchase viagra online ’
Jan 24th, 2021
LbgFieda
buy viagra/denver,co best viagra sale sites viagra generic http://genqpviag.com/ - when will viagra patent run out? ’
Jan 25th, 2021
Kuikfoult
free generic viagra viagra canada nitric oxide and viagra together
Feb 5th, 2021
LbsxFieda
costco pharmacy pricing drugstore1st viagra allergy
Feb 6th, 2021
AqcfLoolfence
generic cialis online which is better viagra cialis or levitra online cialis australia
Feb 7th, 2021
AqcfLoolfence
generic cialis online which is better viagra cialis or levitra online cialis australia
Feb 7th, 2021
NncsCrads
pay pal viagra king pharmacy viagra dapoxetine next day shipping
Feb 7th, 2021
Kbcxhert
online pharmacy india canadian pharmacy cialis 20mg pharmacy online store
Feb 7th, 2021
AhkdFieda
canada pharmacies online prescriptions meds online drugstore online shopping
Feb 7th, 2021
Jbnbuseli
canadian drugs pharmacies online canadian pharmacies online international pharmacies that ship to the usa
Feb 8th, 2021
FvfcCrads
online viagra australia paypal the truth about super viagra price of viagra at walmart
Feb 10th, 2021
Kbbffoult
buy viagraa online with paypal http://kloviagrli.com/ viagra jersey city
Feb 12th, 2021
FqbbFieda
cash loans in knoxville tn payday loans that don't use teletrack do payday loans damage your credit score
Feb 12th, 2021
JbbnFieda
efek samping pil cialis cialis 20mg uses welche cialis generika
Feb 15th, 2021
Jbnvuseli
payday loan consolidation companies in california 100 day fast cash loan cash loans doncaster
Feb 15th, 2021
NbnhCrads
viagra 200mg price in india http://vigedon.com/ buy real viagra from canada
Feb 15th, 2021
AhbzFieda
what do you need for a payday loan at money mart cash train loans contact payday loans boardman ohio
Feb 16th, 2021
FbsgCrads
cialis best price cialis 10mg ireland cheap cialis online overnight shipping
Feb 18th, 2021
Kndnhert
viagra and cocaine can i buy viagra at walgreens buy female viagra
Mar 1st, 2021
Kndnhert
viagra and cocaine can i buy viagra at walgreens buy female viagra
Mar 1st, 2021
Kndnhert
viagra and cocaine can i buy viagra at walgreens buy female viagra
Mar 1st, 2021
NbmoCrads
how much does cialis cost at walmart http://buycialisxz.com/ coupon for free cialis
Mar 2nd, 2021
FbshFieda
https://thesisacloud.com/ - phd no thesis doctoral thesis database good thesis statements thesis writing help uk
Mar 24th, 2021
FbshFieda
https://thesisacloud.com/ - phd no thesis doctoral thesis database good thesis statements thesis writing help uk
Mar 24th, 2021
LmoppFieda
http://essaywriteris.com/ - buy cheap essay write my essay website write my essay paper best online essay writers
Mar 25th, 2021
FbshFieda
https://thesisacloud.com/ - thesis proposal writing thesis statistics psychology thesis topics thesis for phd
Mar 26th, 2021
Brfghert
https://ljcialishe.com/ - best time to take cialis 20mg https://cialisvja.com/ - cialis commercial https://viagraonlinejc.com/ - will a walk-in clinic prescribe viagra https://viagratx.com/ - better than viagra https://buycialisxz.com/ - cialis price cvs
Mar 29th, 2021
Grvuseli
https://kloviagrli.com/ - generic viagra name https://vigedon.com/ - 100mg viagra https://llecialisjaw.com/ - canadian pharmacy cialis 20mg https://jwcialislrt.com/ - cialis discount card https://jecialisbn.com/ - cialis picture
Mar 30th, 2021
Grvuseli
https://kloviagrli.com/ - generic viagra name https://vigedon.com/ - 100mg viagra https://llecialisjaw.com/ - canadian pharmacy cialis 20mg https://jwcialislrt.com/ - cialis discount card https://jecialisbn.com/ - cialis picture
Mar 30th, 2021
FbshFieda
https://thesisacloud.com/ - phd thesis database writing with a thesis help in writing thesis writing a good thesis
Apr 1st, 2021
AbgcFieda
https://thesiswritingtob.com/ - thesis formatting thesis review choosing a thesis topic thesis binding
Apr 3rd, 2021
FbshFieda
https://thesisacloud.com/ - thesisacloud.com thesis online thesisacloud.com help with thesis statements
Apr 8th, 2021