The ICO has released guidance to assist employers in understanding the permissible sharing of personal data during mental health crises in the workplace.
The guidance emphasizes that data protection should not hinder necessary information sharing during mental health emergencies. Prioritizing the well-being of the individuals involved is paramount.
In line with this, employers are recognized as potentially needing to share relevant and proportionate information with emergency services and healthcare professionals to prevent harm to the affected employee or others.
Furthermore, the guidance clarifies that employers won’t face repercussions for sharing an employee’s personal information with their next of kin or emergency contact. However, it highlights the importance of exercising discretion in determining the appropriate level of information sharing for each unique situation.
To proactively address such scenarios, the ICO recommends employers to:
- Identify the appropriate lawful basis for processing and sharing personal data during mental health emergencies.
- Establish a policy outlining the specifics of personal data sharing during mental health emergencies, including the types of information involved, recipients, and security measures. This policy should be communicated to all employees, accompanied by training on handling personal data in such situations.
- Maintain up-to-date records of employees’ next of kin and emergency contacts, considering separate contacts for general emergencies versus mental health crises to uphold confidentiality.
