As businesses embark on reopening plans, the question of how to test employees and customers for COVID-19 could present difficulty especially in the area of privacy law.
“We have to ask what is a reasonable measure to keep everybody safe in the workplace,” Alex Alben, a lecturer in Law at UCLA who has taught Privacy, Data & Technology, told the Northern California Record. “If this data is only used for limited use, then the argument can be made that these are reasonable measures.”
Testing is one aspect of a new workplace normal, and employers must implement testing programs that balance with the privacy rights of employees.
“The danger is this data can live a long time and can be used for purposes not originally intended, so privacy advocates are very concerned that employers only use the data for the specified purpose,” said Alben, who served as Washington state's first chief privacy officer from 2015-19. “Employers need to be very careful with any kind of data that relates to the health status of an employee.”
COVID testing is governed by federal laws like HIPPA (Health Insurance Portability and Accountability Act), which has many requirements about who can see the data and how it can be shared, Alben said.
In the current health emergency, many large corporations are keeping employees in remote work mode, but other businesses like hotels, restaurants, and retail stores aren’t able to function that way.
“In an industry where the employee has contact with lots of members of the public, the company wants to give assurance to the public that it’s safe to interact with their business,” Alben said.
A late July National Federation of Independent Business (NFIB) survey of small business owners found 70% were concerned about contracting COVID-19 while at work.
Research is underway to produce a paper-based rapid diagnostic test that would allow for testing on a daily basis, Wayne Winegarden, Ph.D., senior fellow in business and economics at the Pacific Research Institute, told the Record by email.
“A reasonably sensitive test administered daily would be effective at diagnosing cases more rapidly than current protocols,” Winegarden said. “People could also test daily at home, making it even easier and cheaper to diagnose (and isolate) people who have contracted the virus. If this type of technology were deployed in the fall (as is hoped), it would make a tremendous difference that could help spur the economic recovery while also helping control the pandemic.”
In addition to federal law, the California Consumer Privacy Act (CCPA), which took effect Jan. 1, also needs to be considered when screening customers and guests who come through the door, Alben said.
“If a retailer is logging the identification of people coming into the store and getting temperatures, then that would be governed by the CCPA,” Alben said. “Collecting data about customers now has to be filtered through an additional process by understanding what rights consumers have under the CCPA.”
The key is keeping all health data confidential.
“Companies are getting legal advice about a ‘reasonable’ level of testing and notification, but there are going to be cases brought where an employer tried to protect a worker’s privacy and failed to notify others who may have been affected, so we’re really in unexplored territory right now,” Alben said.