Question #2

What kind of health data can we collect from the employees and our service users? What are our obligations in collecting and storing such data? 

Temperature checks are generally permissible. In order to require employees to undergo a full medical check, there would need to be a contractual ability to do this in the employment contract. 

In both cases, as this will amount to personal data for the purposes of the Personal Data (Privacy) Ordinance, you should inform the employee/service user in advance and the purposes for which this data will be used i.e. to determine whether there is any risk to health and safety, or to prevent the spread of infection. 

There is no strict requirement to obtain consent provided the employee/service user is notified of these purposes in advance, but we recommend you do so as this amounts to sensitive personal data. You should also check if the terms of the Personal Information Collection Statement issued to employees/service users is sufficiently wide to cover these purposes. 

PILnet
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful. For our full privacy policy, click here.