← Notices & Policies

COVID-19 Employee Privacy Policy

Wondering if you need a separate COVID-19 Employee Privacy Policy to manage and protect all COVID-19-collected personal information?

DPSA CAN HELP.

Under privacy and health regulations, your organization must have a COVID-19 Data Collection Notice at each screening site to inform employees and visitors of what information you are collecting.

To accompany the COVID-19 Data Collection Notice, DPSA recommends developing  a COVID-19 Employee Privacy Policy that is narrowly focused on that unique dataset. Why?

• The COVID-19 Employee Privacy Policy can be formally acknowledged by each person with access to the dataset to underscore the extreme sensitivity of the in-scope personal information
• It’s easier to keep a distinct COVID-19 Employee Privacy Policy updated as local, state, and federal policies on COVID-19 response obligations evolve
• The COVID-19 Employee Privacy Policy can be retired once it is no longer necessary

DPSA can help you draft a COVID-19 Employee Privacy Policy and ensure it will only be applicable to a controlled team (e.g. limited members of HR, IT, senior leadership, etc.), and will govern the use and disclosure of the data, as well as access controls, enhanced security requirements, and retention periods.