In this article, we will discuss how Hayday uses the information provided by users. We pride ourselves on working off of a good ethical foundation, this is especially important when it comes to how we use our data.

Hayday's aim is to promote a safe return to work during this crisis. We believe we can help companies achieve that goal by providing a simple but robust wellness checking system. We also believe this goes hand in hand with an employer's responsibility to provide a safe working environment for its employees. The current pandemic has presented new challenges to achieving a safe workspace. Companies are looking for new solutions to make sure that everyone can attend their workspace safely.

You can see many similar viewpoints more eloquently expressed here.

Now, here are some of our most Frequently Asked Questions in regards to Data Privacy & Security.

Are employers allowed to collect wellness data from employees?

  • Yes, the Center for Disease Control (CDC) promotes conducting wellness checks, including symptom and/or temperature screening, as part of their recommendations for employers responding to Coronavirus.
  • The American Disabilities Act (ADA) further requires that wellness data is consistent with business necessity. More information from the CDC on wellness checks and general return-to-work strategies can be found on their website. More information on ADA guidance and other related laws related to Coronavirus can be found on the U.S. Equal Employment Opportunity Commission website.

How is data captured through Hayday stored and protected?

  • Our databases run as Multi-AZ on Amazon Web Services, and all data is encrypted at rest and in motion. We ensure business continuity with a variety of backup systems including real-time logging and nightly full-DB backups to different servers.

How can access to data on Hayday be managed at my company?

  • Access to Hayday and visibility of data is fully under your control, from initial user invitation via unique tokens to customizable user types/permissions to ensure appropriate access privileges across employees. Access to Hayday and associated data can also be adjusted or revoked at any time, as necessary.

Is Hayday compliant with CCPA?

  • Yes, Hayday maintains a data protection program to achieve CCPA compliance as a service provider. As part of this compliance, Hayday has a consumer request process to assist businesses in responding to consumer requests where appropriate.

What security measures does Hayday have in place to help protect personal information it collects and processes?

  • Hayday uses administrative, organizational, technical, and physical safeguards to protect the personal information it collects and processes. Among other things, Hayday maintains an incident response plan to assist in providing notice in accordance with U.S. state data breach notification laws where applicable. In addition, Hayday enforces enterprise-grade information security measures via AWS, utilizes internal identity management via IAM, and follows the “least privilege” principle when it comes to data access in general.

What questions are employers allowed to ask?

  • The CDC has a recommended list of questions to monitor employee questions, which are the standard questions included in Hayday check-in surveys. Additional questions that are important to your organization can be added as part of the Hayday setup process.

How can I use the wellness data collected from my employees?

  • In addition to the ADA and other federal guidance, individual state employment laws govern how employers can act on wellness data (e.g. if an employee shows signs of symptoms). We also help you provide notice to your employees about how the wellness data will be used. For more information, please see our Privacy Policy.

Does HIPAA compliance apply to Hayday?

  • Hayday clients that are not considered a “Covered Entity” by HIPPA regulations are exempt from HIPPA compliance.

N.B. : These FAQs are for general informational purposes only and are not intended to constitute legal advice. Please consult with counsel on any legal considerations pertaining to these questions and any others relating to wellness screening and data collection, access, privacy & security.

Did this answer your question?