The Information Commissioner’s Office has issued new guidance in light of the relaxation of government measures reminding organisations to review their approach to collecting any information to ensure that ‘it is still reasonable, fair and proportionate to the current circumstances, taking the latest government guidance into account’. You should securely dispose of any additional information that you collected and retained during the pandemic if you no longer need it.
The guidance reminds employers of the need to identify a lawful basis to check and record vaccination status and the need to undertake a data protection impact assessment. The guidance expressly alludes to the potential practice of checking vaccination data ‘just in case’ or where they can achieve their goal without collecting these data, it is unlikely to be justified.
The guidance confirms that data protection law does not prevent employers from keeping staff informed about potential or confirmed Covid-19 cases among their colleagues. However, employers should avoid naming individuals wherever possible and should not provide more information than is necessary.
There is currently no legislation requiring employees within the UK to have the Covid-19 vaccine. However, a recent Acas survey found that approximately 22% of employers intend to require their new staff to have the Covid-19 vaccination, and 21% would require their existing staff to be vaccinated too.
Acas’s guidance on the matter remains the same, stating that it is better to support staff to get the vaccine rather than requiring them to be vaccinated.
