Faced with the pandemic of the COVID-19 virus, many companies will inevitably have cases of employees and/or clients affected by the virus. Some of these cases may be detected with appropriate measures to react effectively and prevent further harm.
These preventive measures necessarily involve obtaining and managing personal information from potential affected persons. For this, it is important to consider the following:
a. The data necessary for purposes of timely detection of the virus is legally considered Sensitive Data. Therefore, its handling must be done with care. Legally, this data may be used only for one-off purposes such as medical diagnosis and/or health care management.
b. To avoid risks, the persons handling this data must be subject to professional secrecy or have an equivalent obligation (such as a confidentiality agreement).
c. For the sensitivity of this information, it should be used solely and exclusively for health prevention purposes. That is, it is not possible to store this data or use it for any other purpose.
d. It is very important to have the express, unequivocal, and informed consent of the people in order to obtain such information. When requesting consent, the purpose and future use of such information must be clarified.
e. Equally important is to adopt company policies for the management of this information.
f. If it is necessary communicate to clients, suppliers and/or employees about a contagion, it should be made in such a way that it is not possible to identify the person concerned.
If the appropriate precautions are not taken, or if correct procedures are not in place for the handling of this information, the company may commit an offense and may be imposed a fine. In addition, it may be liable for any damages caused to the person whose data was handled incorrectly.