Due to the Covid-19 virus, necessary precautions have been taken by the organizations; within the scope of these precautions, the possibility of unauthorized access to personal data has emerged, including health data of employees or third parties. Organizations should be very careful to avoid possible violations which might directly impact the rights and freedoms of persons when taking relevant preventive measures. In this process, organizations can follow the methods in the precautions to be taken, which are elaborated as follows:
1. Remote Working
In order to ensure business continuity, an organization may go for the option of remote working in this period. In such case, if organizations do not already have sufficient technical infrastructure, certain difficulties may be faced. For example, within the scope of this measure taken to protect public health, the personal phone numbers of people who do not use the company phone for communication between people, other employees, business partners, customers, suppliers etc., can be shared with third parties. While this transfer/sharing of information has a legitimate aim, it is well known that it must be based on the explicit consent of individuals. In cases where people do not give explicit consent or withdraw their explicit consent, providing a company line to the person would be an appropriate solution.
Even though the most appropriate method during interim period is not to accept visitors, in cases where visitors are deemed necessary, questions regarding whether the visitors or the people with whom they have a close relationship show coronavirus symptoms or whether these people have recently traveled can be directed to the visitor and the method of preserving this information by the organization can be followed. It should not be preferred to obtain health data from individuals, in particular; since it is not within the authority of the organization in accordance with KVKK. Organizations that have decided to implement a precaution in such way should keep this data anonymously or obtain and store it by the workplace doctor (occupational physician) and by applying for the explicit consent of individuals. The data which are not kept anonymously must be stored by workplace doctor in a locked cabinet with no access allowed, and when the purpose to store the data is not applicable any longer, it must be destroyed by the appropriate method. Organizations that do not have a workplace doctors should carry out this activity through a single person they have authorized. Taking measures regarding coronavirus is duty of authorized bodies under all circumstances and e and the most applicable way.in this regards would be not to obtain such data by the organizations in the first place.
3. Collecting Information About Employees and Their Relatives
Recently, organizations have been requesting information on whether the employees and their relatives have shown any of the symptoms of coronavirus in practice, or whether they have recently traveled, in a similar manner to the prevention described for visitors. The purpose of this request is to follow the 14-day protection period of the relevant employee, along with the health of the other employees within the organization. In this context, the information whether the employees or their relatives show the symptoms should be kept anonymously by the organization, the purpose of this information should be to only follow the 14-day protection period. For this reason, only the date when the risk occurred and how the risk occurred should be reported to the organization by the employee, and the identity information of the data subjects or information that can identify them should not be transmitted.
In addition to this, besides obtaining information from the individuals, the practices of health screening the employees in some workplaces (measurement of fever, detection of symptoms) have been started. These practices should definitely be performed by a workplace doctor and the person showing the symptoms should contact the workplace doctor only and direct.
4. Situation of Employees Who Have Positive Coronavirus Test Results or Showing Related Symptoms
As mentioned above, the most important issue on the subject is that only the workplace doctor shall with the person who has positive test result or shows the symptoms and the doctor shall guide the employee. Organizations that do not have a workplace doctor should also perform these activities through a doctor or an authorized institution.
Even in the presence of a person who has a positive test at a workplace, the name of the person should not be announced in order to prevent the exclusionary actions of individuals, and general information should be provided to the people. The best thing to do here is to guide the person who has a positive test to alert those he/she has a close relationship with.
In addition, when it is realized that there is a positive case of virus among the employees, employees circle of close relationships ora third person who has the coronavirus, this situation must be reported promptly to authorized institutions according to Article 61 of Public Health Law in Turkey. Detailed information on this subject is provided below.
However, according to the statement made by the competent authorized bodies and institutions, patients who have positive test results are going to rest at home or in medical institutions / hospitals with medical reports. The conditions for obtaining and keeping the report or test result obtained from the authorized institution by the employer will be in the same scope as the sick reports. In other words, additional security measures should be taken to keep these reports and this activity should be carried out through the workplace doctor.
5. Employees Working in Public Places Who Are to Meet a Person Showing Symptoms
For example, if people working in public places, such as a courier, a customer representative or a driver, meet a person who shows symptoms during their work, it will be appropriate to inform the competent authorities and take the precautions announced by the competent authorities in order to make the environment suitable for finding, in which the person is exposed. This matter takes place clearly in Article 57 and 61 of Public Health Law in Turkey. As follows, contagious diseases are listed and obligation of notification to authorized institutions is regulated with Article 57. Among the people who have obligation the report to authorized institutions in Article 61 can be listed employees working in public places, health care personnel and the employees who encounter with such diseases due to nature of their work.
It should not be forgotten that it is the duty of the authorized institutions and organizations to take precautions against Covid-19 virus, but individuals also have a great duty. In this context, it is appropriate to take precautions to protect public health as an organization, but it should be ensured that individuals are not exposed to an exclusionary policy while taking precautions, and a balance should be set between their rights and freedoms and public health and safety.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.