How COVID-19 Contact Tracing in Singapore Applies at Workplace
Contact tracing systems have been implemented by almost all Covid-19-hit countries as the primary mode of dealing with this dragging pandemic. Through the aid of advanced technology the primary carriers including their immediate contacts are traced and exposure sites are quickly identified. This has been proven effective in containing the spread of the virus.
However, from the enforcement of COVID-19 contact tracing in Singapore arises the need to address how data collected by organizations should be handled and regulated. This pertains to private personal data of customers and employees alike. In this article, we would be focusing on the guidelines set forth by the Personal Data Protection Commission (PDPC) when it comes to contact tracing at Workplace.
Use of TraceTogether-only SafeEntry
Also known as TT-only SE for short, this check-in mode has been viewed by authorities to be “important digital tools“ that helps contact tracers in quickly pinpointing close contacts of Covid-19 cases.
This contact tracing system has been made mandatory since June 1 at all higher-risk venues– such as malls, workplaces, places of worship and schools – or where people are likely to be in close proximity for prolonged periods – such as restaurants and gyms.
The combination of the two digital tools has enabled health workers to reduce the average time to do contact tracing from 4 days to less than 1.5 days. TraceTogether data identifies a crude list of close contacts while SafeEntry data gives a list of the establishments visited by an exposed person. Both are equally crucial in establishing cluster links for a more accurate zoning of exposure sites.
Data collection at workplace
Pursuant to PDPC’s general advisories on collection of personal data for Covid-19 contact tracing purposes, organizations are allowed to collect personal data of visitors to premises in light of the pandemic. It necessary includes the collection, use, and disclosure of NRIC even without the consent of an individual as it is a necessary means to respond to a national emergency.
At workplace, employees’ personal data shall form part of the collected information through contact tracing systems, and must therefore be protected from unauthorized access or disclosure. The data collected from the TT-only SE system will be only stored in the Government’s servers. Verily, an organization may not use such for other purposes without consent or legal authority.
Auditing/checking of information
Generally, the TraceTogether app features are intended for the app users own reference or for the Government’s efforts in COVID-19 contact tracing in Singapore. However, employers are still allowed to view SafeEntry Check-in Pass on the App for the purpose of ascertaining whether the staff as checked in to SafeEntry upon going to work.
This is without prejudice to the rule that prior consent of the employee must be sought first, should the employer seeks to audit other information on the App. The reason for seeking the additional information must be clearly communicated to the staff insofar as no form of intrusive mode of obtaining such data is to be undertaken.
Other safe management measures at workplace
Of course, organizations are allowed, if not encouraged, to deploy other safe management measures in their office. Besides the TraceTogether token or App, various form of temperature screening systems, crowd counting/management measures and safe distancing technologies are some of those suggested since these measures can be undertaken without collecting personal data.
More specifically, temperature scanners that check your employee’s temperature without recording readings, or crowd management solutions that only detect or measure distances between human figures in your premises without collecting facial images, would not warrant the application of PDPA’s Data Protection Provisions.
COVID-19 Contact Tracing in Singapore just like any other countries has been the most effective way of containing the spread of the virus. While public safety is the primary consideration, it is still important to know the regulations that applies to your organization to avoid any subsequent sanctions. By practicing Covid-19 safety measures at workplace, your organization can do its part in ending this pandemic.
Outsourced DPO – It is mandatory to appoint a Data Protection Officer. Engage us today.
PDPA Training (SkillsFuture Eligible) – Empower data protection knowledge for your employees.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.
Privacy Ninja provides GUARANTEED quality and results for the following services:
DPO-As-A-Service (Outsourced DPO Subscription)PDPA Compliance Training
PDPA Compliance Audit
Digital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy
PDPA Data Protection Software
Vulnerability Assessment & Penetration Testing (VAPT)
Smart Contract Audit