top of page

Temperature Screening and Data Protection

As employees continue to return to the workplace, a number of employers are considering carrying out temperature screening in order to manage the risk of COVID-19.

One of the primary symptoms of COVID-19 is a temperature of above 38°C (100.4°F). A temperature screening can be considered a reasonable means for mitigating the risk of an outbreak within the workplace; however we would like to make you aware of some of the issues you should consider.

Current government guidance advises individuals with a high temperature to self-isolate as a precaution; however, not all fevers are caused by COVID-19 and not all COVID-19 patients have a fever. Nevertheless, an employer’s decision to implement temperature screenings may be an important and reasonable method for potentially identifying infected employees and mitigating the risk of an outbreak within the workplace.

Employers should review the following when considering whether to conduct temperature screening in the workplace:

  1. Notify employees of the employer’s intention to take their temperatures and the purpose for conducting the screenings.

  2. Notify employees of any workplace implications if they refuse to submit to the temperature screening. Employees should be encouraged to inform their employers in advance if they object to a screening in case some of their fears may be alleviated.

  3. Encourage employees to take their own temperatures before reporting to work if they are not feeling well and/or are experiencing any COVID-19-related symptoms (e.g., fever, coughing, and shortness of breath).

  4. Remind employees that having a high temperature is not a confirmation of having COVID-19 and further screening may be required by a doctor.

  5. Implement a plan should an employee have a high temperature, including designating a person with whom the employee can discuss the next steps.

  6. Use contactless thermometers at the screening site.

Employers should also be aware of the data protection laws. According to the United Kingdom’s Information Commissioner’s Office (ICO), because employers will be “processing information that relates to an identified or identifiable individual,” they must “comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.”

The ICO has published guidance for employers on the data protection implications of workplace testing. Key points to note are:

  1. Data protection law does not prevent employers from testing employees and processing their health information for health and safety reasons in relation to employment. Employers need to be “responsible with [employee’s] personal data and ensure it is handled with care.”

  2. The guidance advises that employers that implement testing policies should only do so for legitimate purposes and should store results safely and securely. According to the guidance, confidential information should only be shared on a need-to-know basis and deleted when no longer required.

  3. According to the guidance, employers must be able to demonstrate their compliance with reasonable record keeping requirements when processing sensitive data. Employers can use the accountability principle to show that their processing of test data is compliant.

  4. One method of demonstrating accountability is through a data protection impact assessment (DPIA), which helps employers identify and minimise any data protection risks.

  5. The guidance states employers should notify employees of how testing data will be used.

  6. According to the guidance, employees can be notified about “potential or confirmed COVID-19 cases amongst their colleagues,” however employers should refrain from naming individuals if possible.

The Helens, Complex HR

bottom of page