The upward trend in mandatory vaccination orders in response to the Delta variant has caused rigorous debate, but in terms of employers and employees rights, there are a few important things to know.
When it comes to privacy rules surrounding a person’s vaccination status, there are shades of grey. A person’s right to privacy for one – which might be outweighed by other recognised interests, such as ensuring a person’s safety.
An employer can, lawfully, ask about an employee’s vaccination status if they have a legitimate reason for doing so and can demonstrate why they need it. For instance, if there is a legitimate health and safety risk or if the work being carried out is subject to a mandatory vaccination order. WorkSafe has guidelines on its website about how to carry out a health and safety risk assessment.
Employers do not necessarily need to know why a person is not vaccinated, and employees can lawfully refuse to provide this information. Employees can lawfully refuse to advise an employer of their vaccination status, although it would be wise to consider the potential consequences for doing so. In such circumstances, the employer is allowed to assume the employee is unvaccinated. The employer then has an obligation to put this tentative conclusion to the employee and allow them to comment before relying upon this assumption or taking any action.
Employers should take care how they ask for an employee’s vaccination status. The circumstances in which the information is collected must be fair, and not unreasonably intrude on an individual’s personal affairs or privacy. Employers must also consider who else in their organisation needs to know about a person’s vaccination status. As an overarching guide, it’s unlikely many people will need to know.
An individual’s vaccination status is sensitive information, and as with all personal information that is collected, the appropriate care must be taken. These days, privacy is a carefully guarded commodity, and there can be serious consequences for businesses and other organisations if a privacy breach occurs.