Covid-19: Dos and Don’ts for Contact Tracing by Employers
Submitted by: Teresa SettasFROM 1 JUNE 2020, the whole of South Africa has moved to disaster alert level 3. As a result, most businesses that were prohibited from operating under alert levels 5 and 4 can re-open.
In developing and implementing their return to work strategies, employers must comply with certain legal obligations towards their employees. This includes undertaking contact tracing and submitting to government the data of (1) employees who have tested positive for Covid-19, and (2) any other persons whom they may have exposed to the virus. Sector-specific health protocols also exist and must be complied with, when applicable.
In complying, employers must be careful not to infringe unlawfully on their employees’ constitutionally-entrenched right to privacy and should ensure that their procedures comply with relevant data protection and surveillance laws.
BELOW IS A GUIDE THAT ILLUSTRATES THE ISSUES WHICH EMPLOYERS OUGHT TO BEAR IN MIND when undertaking any contact tracing, particularly relating to collecting and processing personal data.
DO | DON'T |
---|---|
ENSURE MINIMAL COLLECTION KEEP EMPLOYEES INFORMED STORE INFORMATION AS SECURELY AS POSSIBLE ONLY KEEP DATA FOR AS LONG AS NECESSARY RESTRICT ACCESS TO DATA DE-IDENTIFY DATA CONDUCT FREQUENT REVIEWS OF DATA PROCESSING ACTIVITIES |
COLLECT UNNECESSARY DATA UNFAIRLY DISCRIMINATE NEGLECT TO REVIEW PROCESSES REPURPOSE DATA MONETISE THE DATA ENGAGE IN UNLAWFUL SURVEILLANCE SHARE DATA WITH THIRD PARTIES UNNECESSARILY |
There are also particular factors to note for implementing digital contact tracing (i.e. using contact tracing apps).
We have set out some of these factors in the guide below WHEN USING TRACING APPS
- POTENTIAL ABUSE AND BREACHES
Apps should indicate who is responsible for managing the data and provide expedited avenues for users to enforce their rights in the event that their rights to data protection or privacy are violated. - SECURITY
Try to use an App with stringent security measures aimed at preventing data leaks or third party access to data. - TARGETED ADVERTISEMENTS
No targeted advertisements should be allowed on the App. - COMPLIANCE
The App must demonstrate compliance with applicable data protection and privacy laws. - OPTING-IN
Try to implement an App that employs an opt-in mechanism and that allows users to withdraw consent to data collection that is not necessary for public health purposes. - APPS MUST HAVE USER TERMS
The App must walk users through what data is collected, how it will be stored, with whom it will be shared and also request consent of users. - RE-PURPOSING
The data collected via the App should not be re-purposed. - APPS MUST HAVE AN END POINT
The App should be removed from phones and the data deleted as soon as it is no longer necessary for Covid-19 contact tracing.
WE RECOMMEND BUSINESSES ENSURE THEY ARE AWARE OF THE LEGAL ISSUES...
that touch on contact tracing and the further disclosure of contact tracing information and implement systems and procedures to address these legal issues. This will enable businesses to carry out their obligations on contact tracing without fear of their actions being called into question.
FOR FURTHER INFORMATION PLEASE CONTACT
Nozipho Mngomezulu
E-MAIL: This email address is being protected from spambots. You need JavaScript enabled to view it.
CALL: 011 530 5855
Peter Grealy
E-MAIL: This email address is being protected from spambots. You need JavaScript enabled to view it.
CALL: 011 530 5218