Premium Listed Companies

Riskmanager.ie - News - Temperature Screening and GDPR

Temperature Screening and GDPR

May 19, 2020

By Tony O'Brien
 

Thermal screening and temperature checks have taken over my email inbox and LinkedIn feed for the past few weeks. Every equipment provider and even manned guarding companies seem to have the ‘solution’ to your COVID-19 problem. What I don’t see a lot of talk about is the privacy impact of these so called solutions or even the legality of them.

Suppliers will supply and install them but will they tell of the risks involved with collecting, processing and storing the information produced, or about your employees rights. Some are even suggesting going further and having manned security companies with their suddenly developed ‘bespoke’ systems (which funnily enough all look the same apart from the logo on them) collect the data for you. So, a third party is going to collect all of your employees data? 

I’m not suggesting that temperature screening shouldn’t be done. In some cases it will be necessary. I am saying that if you are supplying a service it should the service your client needs not the one you have to sell. It certainly should not be a solution that will cause increased risk to the client later. That’s what I want to talk about here. 

Temperature screening

As a policy, temperature screening seems like a reasonable step for some workplaces as the economy opens back up again. I’ve already produced a video on the systems and procedures that should go along with this policy for security providers.

While it may represent a reasonable control measure to  reduce COVID-19 spread in some workplaces it also involves the collection and processing of a significant amount of employee data. Some of that data is sensitive.

It is also a new data processing project (i.e. you haven’t always had it in your workplace) and so it requires a data privacy impact assessment (DPIA) to be undertaken. Failure to do this could leave the employer open to a Data Protection Commission investigation or worse still a data breach leading to a loss of employees sensitive health data.

Temperature is health data

Taking a temperature  is gathering data about the health of a person. Health data is regarded as sensitive personal data under GDPR. There are additional safeguards and restrictions in place when it comes to the collection of sensitive personal data. There are strict limitations on why and how you can gather this data. There is an allowance for sensitive personal data to be gathered for public health reasons but this is generally cross border health related issues and not related to employment. The legal reasons allowed for gathering this data are actually quite restrictive.

Legal reasons

To process sensitive personal data legally you have a few options:

  1. By consent 
  2. Public interest clause
  3. Vital interest of a natural person

Consent is the first and easiest option. Getting consent shouldn't be too difficult if an employer is open and transparent with employees about the temperature screening as a single control measure in a full risk management system designed for their protection. All of the usual data protection associated tasks still exist such as telling the employee clearly why you are gathering the data, what you will use it (and wont use it) for, where it will be stored, who will have access etc.

The consent should be obtained in writing from the employee. This doesn't just apply to temperature screening though. It applies to asking employees to fill out health questionnaires prior to returning to work as well. The other two reasons may also be used to gather the data in more extreme circumstances. They can only be used in the event that other lawful reasons cannot be obtained and much higher protection measures would have to be applied to the data once it is gathered.

Data Privacy Impact Assessment

The section above covers the lawful gathering of health data. That is only one area of data protection law. There are several other areas of the legislation to consider before implementing any data gathering solution. This is where a data privacy impact assessment comes into the equation.

A DPIA is basically a review of the impact that your new process has on the privacy of the data subjects. It details that you have identified all of the potential risks, evaluated them and put in place suitable control measures to reasonably protect the data and the rights data subject. The remaining risk after the control measures has still to be justified as being balanced against other risks (such as public safety).

Compiling a DPIA is a legal requirement for any new data processing measure. Even though the Data Protection Commission doesn't require every company to send them in for approval, the document will be required if a complaint is made or a breach occurs. The level I’m seeing now of providers offering technical solutions with no DPIA and by the looks of things no idea how to do one is worrying. Developing a DPIA for a processing activity such as temperature screening can be complex depending on the system used and could cause a substantial legal issue in the future

Risks

  1. There are a number of potential risks as I see it with some of the systems I see being promoted at the moment:
  2. Manned guarding companies offering a system that they have built and will operate for their clients. Firstly, manned guarding companies generally have no idea about security system specification or commissioning. Secondly they are gathering and storing information on a clients employees on behalf of that client, This should be a huge area of concern for any client.
  3. These all singing and all dancing solutions are being sold as a complete problem solver. They are not and never will be. My fear is that the perceived safety of the screening makes employees and employers complacent about other measures such as hand hygiene and social distancing. My approach with clients is to assume that everybody is infected at all times. Regardless of what the temperature screen, health survey or any other measure tells you.
  4. Any of these systems that are claiming to be 100% accurate. Need I say more?
  5. Some systems are trying to take the friction points out of access control. They are creating systems which include a temperature reading, combined with facial recognition and reading an employees card to provide access to an area. Seems great but this is a huge amount of data to be gathering and processing and I struggle to see how it could be justified to gather all of this in one place.
  6. A single data breach in any one of these systems will lead to widespread non compliance among employees.

Summary

I am not saying don't use these systems. Im saying if you are going to use them then you need to recognise them for what they are. They are a single control measure of moderate effectiveness which carry a lot of risk. They should be used as part of an overall risk management approach to COVID-19 and not sold as ‘the solution’.

Like I said above, if you are considering as a business investing in one then ask the right questions and get the right documentation. Buy the system you need not the one the supplier wants to sell you. If you are a supplier then be part of the solution not the problem. Lastly if you are an employee know your rights and your responsibilities.

Note from Tony

If there are any buyers, suppliers, security contractors or employees out there who would like a chat about the risk management protocols for return to work or a data privacy impact assessment please feel free to give me a call or an email. Always happy to chat.

Tel: 085 2821737 | Email: info@securityoperative.ie

  1. JdbxFieda

    where to buy viagra 100mg viagra at walmart acheter viagra http://llviabest.com/ - purchase viagra online ’

    Jan 24th, 2021

  2. LbgFieda

    buy viagra/denver,co best viagra sale sites viagra generic http://genqpviag.com/ - when will viagra patent run out? ’

    Jan 25th, 2021

  3. Kuikfoult

    free generic viagra viagra canada nitric oxide and viagra together

    Feb 5th, 2021

  4. LbsxFieda

    costco pharmacy pricing drugstore1st viagra allergy

    Feb 6th, 2021

  5. AqcfLoolfence

    generic cialis online which is better viagra cialis or levitra online cialis australia

    Feb 7th, 2021

  6. AqcfLoolfence

    generic cialis online which is better viagra cialis or levitra online cialis australia

    Feb 7th, 2021

  7. NncsCrads

    pay pal viagra king pharmacy viagra dapoxetine next day shipping

    Feb 7th, 2021

  8. Kbcxhert

    online pharmacy india canadian pharmacy cialis 20mg pharmacy online store

    Feb 7th, 2021

  9. AhkdFieda

    canada pharmacies online prescriptions meds online drugstore online shopping

    Feb 7th, 2021

  10. Jbnbuseli

    canadian drugs pharmacies online canadian pharmacies online international pharmacies that ship to the usa

    Feb 8th, 2021

  11. FvfcCrads

    online viagra australia paypal the truth about super viagra price of viagra at walmart

    Feb 10th, 2021

  12. Kbbffoult

    buy viagraa online with paypal http://kloviagrli.com/ viagra jersey city

    Feb 12th, 2021

  13. FqbbFieda

    cash loans in knoxville tn payday loans that don't use teletrack do payday loans damage your credit score

    Feb 12th, 2021

  14. JbbnFieda

    efek samping pil cialis cialis 20mg uses welche cialis generika

    Feb 15th, 2021

  15. Jbnvuseli

    payday loan consolidation companies in california 100 day fast cash loan cash loans doncaster

    Feb 15th, 2021

  16. NbnhCrads

    viagra 200mg price in india http://vigedon.com/ buy real viagra from canada

    Feb 15th, 2021

  17. AhbzFieda

    what do you need for a payday loan at money mart cash train loans contact payday loans boardman ohio

    Feb 16th, 2021

  18. FbsgCrads

    cialis best price cialis 10mg ireland cheap cialis online overnight shipping

    Feb 18th, 2021

  19. Kndnhert

    viagra and cocaine can i buy viagra at walgreens buy female viagra

    Mar 1st, 2021

  20. Kndnhert

    viagra and cocaine can i buy viagra at walgreens buy female viagra

    Mar 1st, 2021

  21. Kndnhert

    viagra and cocaine can i buy viagra at walgreens buy female viagra

    Mar 1st, 2021

  22. NbmoCrads

    how much does cialis cost at walmart http://buycialisxz.com/ coupon for free cialis

    Mar 2nd, 2021

  23. FbshFieda

    https://thesisacloud.com/ - phd no thesis doctoral thesis database good thesis statements thesis writing help uk

    Mar 24th, 2021

  24. FbshFieda

    https://thesisacloud.com/ - phd no thesis doctoral thesis database good thesis statements thesis writing help uk

    Mar 24th, 2021

  25. LmoppFieda

    http://essaywriteris.com/ - buy cheap essay write my essay website write my essay paper best online essay writers

    Mar 25th, 2021

  26. FbshFieda

    https://thesisacloud.com/ - thesis proposal writing thesis statistics psychology thesis topics thesis for phd

    Mar 26th, 2021

  27. Brfghert

    https://ljcialishe.com/ - best time to take cialis 20mg https://cialisvja.com/ - cialis commercial https://viagraonlinejc.com/ - will a walk-in clinic prescribe viagra https://viagratx.com/ - better than viagra https://buycialisxz.com/ - cialis price cvs

    Mar 29th, 2021

  28. Grvuseli

    https://kloviagrli.com/ - generic viagra name https://vigedon.com/ - 100mg viagra https://llecialisjaw.com/ - canadian pharmacy cialis 20mg https://jwcialislrt.com/ - cialis discount card https://jecialisbn.com/ - cialis picture

    Mar 30th, 2021

  29. Grvuseli

    https://kloviagrli.com/ - generic viagra name https://vigedon.com/ - 100mg viagra https://llecialisjaw.com/ - canadian pharmacy cialis 20mg https://jwcialislrt.com/ - cialis discount card https://jecialisbn.com/ - cialis picture

    Mar 30th, 2021

  30. FbshFieda

    https://thesisacloud.com/ - phd thesis database writing with a thesis help in writing thesis writing a good thesis

    Apr 1st, 2021

  31. AbgcFieda

    https://thesiswritingtob.com/ - thesis formatting thesis review choosing a thesis topic thesis binding

    Apr 3rd, 2021

  32. FbshFieda

    https://thesisacloud.com/ - thesisacloud.com thesis online thesisacloud.com help with thesis statements

    Apr 8th, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *

UA-51134898-1

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.