Main Menu
Addressing the Privacy Challenges with Workplace COVID-19 Screening
Posted in Privacy

As we have outlined in Part 1 and Part 2 of our blog series, ‘Returning the Workplace to Safe Operation’, employers have a duty to reduce the risk of COVID-19 in the workplace as much as reasonably practical. Consequently, employers may determine it is appropriate to conduct certain active screening, such as questionnaires, temperature screening, and testing. Further, as noted in our Managing Employees’ Return to the Workplace blog, employers may also have to collect personal and health information related to employees’ conditions and limitations as they pertain to COVID-19 hazards and issues.

Employers must remain mindful of their employees’ privacy rights. In the event an employer is considering a screening program or is otherwise collecting information from their workforce in relation to COVID-19 mitigations, the following tips will help employers with their privacy compliance.

1. Is additional screening is appropriate for your workplace and if so, what?

Before collecting any personal information, employers ought to be able to establish that it is demonstrably necessary to meet a specific need, and is being conducted in a reasonable manner. The duty to ensure workplace health and safety does not mean active screening of employees is justified. In some cases, screening may be appropriate, however, not all screening methods will meet the need in every case.

The risk factors in the workplace environment, such as contact intensity, volume and duration, as well as mitigation measures which can reduce risk, will be integral to determining whether additional screening may be reasonable. For example, in low-contact workplaces, such as well spaced and closed-door office environments, it may not be reasonable to actively screen employees. Employers can rely on the WorkSafe guidelines and ask employees to self-screen for symptoms and other risk factors in accordance with workplace policies and procedures.

In other workplaces which have a higher degree of unavoidable physical interaction with others, some active screening may be appropriate. For example, high-contact workplaces, like processing plants, barbershops, childcare facilities, or physiotherapy clinics, may support active screening methods. Employers should also consider any industry specific guidance on screening and controls provided by WorkSafeBC.

[For more information regarding policies for keeping illness out of the workplace, see Part 1 of our ‘Returning the Workplace to Safe Operation’ blog series.]

So what about Temperature Screening and COVID-19 Testing?

There is a significant risk that temperature screening and COVID-19 testing (e.g. nasopharyngeal sample), will be an unreasonable collection of personal information in most situations. Both are relatively invasive (nasopharyngeal sampling being more invasive) and at this point, the technology is not highly reliable.

Some may argue that due to the known prospects of having asymptomatic carriers of the virus, COVID-19 testing remains the most effective screening method. Privacy is normative, and so the reasonableness of testing will depend on the circumstances. In British Columbia today, considering the low rate of community spread, testing asymptomatic employees will rarely be appropriate.

On June 17, 2020, B.C.’s Provincial Health Officer, Dr. Bonnie Henry, published an open letter to businesses seeking to conduct private testing of asymptomatic employees. While Dr. Henry has not issued an order prohibiting workplace COVID-19 testing of asymptomatic employees, she states that it is “against the guidance of public health”. Her recommendation is that “only people with symptoms or people otherwise identified by a health professional should be tested for COVID-19” and that “routine testing of asymptomatic people is not recommended in B.C.” (emphasis added). She explains that testing can result in false positives and false negatives, particularly in asymptomatic people, and that the current state of scientific evidence does not support the use of serology for infection control decision-making. For businesses who decide to conduct private testing of asymptomatic employees, Dr. Henry notes that it is important to remember that this testing should not replace other measures to prevent transmission (e.g. monitoring employees for symptoms and ensuring that they stay home when feeling ill and physical distancing). Should testing occur, businesses are also required to take steps to follow public health requirements.

2. Notify employees that you will be collecting their personal information

Employers generally do not require consent to collect employee personal information where it is reasonable for the purposes of establishing, managing or terminating the employment relationship. At a minimum, prior to collecting employee personal information, employers must notify the employees and inform them of the purposes of collecting the personal information.

Employers should provide employees with advanced notice as to how they will be screened and explain how these procedures will increase workplace safety (for example, to determine if an employee can return to work after an infection). Workplace policies and procedures regarding screening should be sent to all employees and be posted in the workplace. If employers are using temperature scans, they should put clear signage at workplace entry points explaining how the information is collected, used, and disclosed.

In the case of more invasive screening, such as COVID-19 testing, it may be appropriate to seek consent rather than provide notice. While privacy laws do not require consent if the collection and use of the employee personal information is reasonable, the BCCDC stated in a June 23, 2020 publication entitled, COVID-19 Ethics Analysis: Intervening When Patients or Residents Pose a Risk of COVID-19 Transmission to Others, that “involuntary testing is not generally considered to be ethically justifiable”, and notes that there is not currently any provision under British Columbia law that would allow for routine, involuntary testing.

3. Protect employees’ privacy during and after a screening

In order to make screening less invasive, employers must put in place protocols to protect employee privacy during and after the screening process. Employees will be more forthright about their exposure risk if they can speak openly without being seen or overheard by co-workers. Employers can create screening rooms or place shields around entrances so that employees are not inadvertently exposed to each other’s health information. If employees fail a screening test, they should be able to discretely return home without alerting the rest of the workforce.

In all cases employers should only collect the minimum amount of employee personal information necessary to keep their workplace safe. For example, questionnaires can be conducted verbally, and without a record of the “negative” responses. For testing, using an accredited third party testing provider can help to limit the flow of information to employers.

4. Safeguard employees’ personal information

As health information is considered sensitive, employers must take particular care of employee screening information by making reasonable security arrangements to prevent unauthorized access, collection, use, copying, modification or disposal, or similar risks.

In many circumstances, employers may not need to retain the screening information after it has been collected. For example, information from temperature scans that do not indicate a fever need not be retained and should be securely destroyed as soon as possible.

If there are reasons to retain screening information, such as failed screens or refusals to screen, employers must put in place appropriate administrative, physical and technical protections. Employers must retain personal information used to make a decision that directly affects an employee (for example, denying access to the workplace) for at least a year so the employee has a reasonable opportunity to access it. In all cases, the information should be destroyed once its purpose has been served and there are no longer any legal or business purposes to retain it.

For further discussion about screening for COVID-19, check out our blog post regarding customers screening.

If you would like more information about how to keep your workforce safe as you reopen for business, please contact a member of Lawson Lundell’s Labour, Employment & Human Rights Group.

Share
  • Ryan  Berger
    Partner

    Ryan Berger is a leading privacy and employment lawyer, with a primary focus on providing strategic advice to businesses and employers.

    Ryan leads the firm’s Privacy Group and routinely advises public and private sector ...

  • Jocelyn  McAdam
    Associate

    Jocelyn McAdam is an associate in Lawson Lundell’s Labour, Employment and Human Rights Group and Privacy and Data Management Group in Vancouver.

    Jocelyn advises clients on a range of labour and employment issues, including ...

About Us

Lawson Lundell's Privacy and Data Management Blog provides updates on the most recent issues emerging in the legal and business communities. We cover a range of issues, legal developments, and new technology as they impact privacy and data management. We will focus on how organizations can protect, manage and innovate with information considering the various risks, regulatory and governance requirements.

Editors

Authors

Topics

Recent Posts

Archives

Blogs

Back to Page