The Power of Less: Privacy Considerations Around Employment Medical Assessments
Many organisations require successful recruitment candidates to undergo medical tests to determine their fitness before being given an employment offer. As a prospective hire seeking opportunities with an organisation, the rigour of the various stages of assessment ends with a sigh of hope or relief upon receiving a request for medical assessment from the organisation.
While it is a common practice to require candidates to undergo these medical assessments, what defines the scope or extent of legally permissible assessments? How much data would constitute crossing the line? Can an organisation actually rely on consent of the candidate as a basis for this? Is it ideal for an organisation to get such robust medical information because they possibly can, in a bid to safeguard the vital interest of a potential employee when eventually employed? Similarly, given that some organisations outsource these assessments to external health organisations, how adequate is the contract with such third-parties to establish the role of the controller and processor for the medical data, define responsibilities for controller and processor, and protect the interests of data subjects?
In this edition, we will focus on these questions and the importance of adopting adequate data minimisation practices when handling employee and pre-employment medical assessment data. We will explore lessons from useful case studies, practical strategies for reducing data exposure, and the stance of data protection laws on effective data management.
_oa ja_.pdf/jcr:content/renditions/cq5dam.web.400.600.jpeg)