Welcome to #WeekendWisdom number 85. This week we’re going to talk about vaccination status data protection concerns.
What is so important about somebody’s vaccination status?
As the vaccination program continues to roll out across the country for the COVID-19 virus, people are getting vaccines on a wide scale.
Now I just want to make sure that everybody is aware that somebody’s vaccination status is actually medical information and as such is classified as a special category data and so it needs to be protected.
Who has Vaccination Status Data Protection Concerns?
The Data Protection Commission issued some guidance recently, which is available here. In that they reiterated that except in very limited circumstances, employers are not allowed to ask employees or capture or store information relating to their employees’ vaccination status.
Why is that the case?
That is because there is no current public health advice stating that there is a good purpose for doing so. This is the crucial thing, that it has to be public health advice that has to give a good reason otherwise there is no actually legal basis for capturing and storing somebody’s vaccination status.
Is there a wider concern here?
That guidance was applicable to employers and employees but as the country opens up and there is all this talk about people showing their vaccination status to get into pubs and restaurants and things like that. I think that there will continue to be this limitation. Unless public health authorities come out and say otherwise, pubs, restaurants, hotels, anywhere that people can gather, I don’t believe that capturing somebody’s vaccination status will be permitted.
So watch out for any updates from public health authorities only and not from the likes of the restaurants association, the vintners, hotels federation, etc.
So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.