One of the primary symptoms of COVID-19 is a temperature of above 38°C (100.4°F) and the current Government guidance advises individuals with a high temperature to self-isolate as a precaution. The problem is that not all fevers are caused by Covid-19 and not all Covid-19 patients have a fever, so this is not a catch-all solution to preventing the spread of the virus in the workplace.
However, thermal testing is non-invasive, produces instant results and tests for one of the primary symptoms of Covid-19, and is therefore a reasonable method for helping to reduce the risk of an outbreak.
Before implementing temperature checking, employers need to:
- Ensure employees are notified of your intention to take their temperatures and make them aware of any implications if they refuse to submit to the temperature screening
- Encourage employees to inform you in advance if they object to a screening in case some of their fears can be alleviated
- Encourage employees to take their own temperatures before reporting to work if they are not feeling well and/or are experiencing any Covid-19-related symptoms (e.g. fever, coughing and shortness of breath)
- Use contactless thermometers and, where someone is required to take temperatures, ensure they are provided with face masks if they need to be within close proximity
- Consider the location of temperature screenings onsite in order to avoid congestion
Employers that do start to undertake temperature checks will need to ensure that they comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Key issues to note are:
- Data protection law does not prevent employers from testing employees and processing their health information for health and safety reasons in relation to employment. Employers need to be “responsible with [employee’s] personal data and ensure it is handled with care”
- Employers that implement testing should only do so for legitimate purposes and should store results safely and securely. Confidential information should only be shared on a need-to-know basis and should be deleted when no longer required
- Employers must be able to demonstrate their compliance with reasonable record-keeping requirements when processing sensitive data. Employers can use the accountability principle to show that their processing of test data is compliant. One method of demonstrating accountability is through a data protection impact assessment (DPIA), which helps employers identify and minimise any data protection risks
- Employers should notify employees of how testing data will be used
- Employees can be notified about “potential or confirmed Covid-19 cases amongst their colleagues,” however employers should refrain from naming individuals if possible
The ICO has published guidance for employers on the data protection implications of workplace testing. You can find the guidance here.