Create a free Industrial Equipment News account to continue

What You Need to Know About COVID-19 Record-Keeping

The pandemic has changed the rules around what documents manufacturing companies need to create, track and retain.

John Isaza, Esq., FAI, VP of Information Governance, Access
Apr 5, 2021
Man Office Mask I Stock 1220346773
iStock

It’s a scenario that no plant manager wants to encounter, yet it has unfortunately become one we’ve had to prepare for: an employee on the production line tests positive for COVID-19 or informs you that they’ve had a known exposure.

Manufacturers have been at the forefront of implementing employee testing and biometric tracking to help contain the spread of the virus, but in addition to the numerous health and safety precautions already implemented, new labor codes related to the exposure require that several new kinds of records be generated, tracked and kept for specific periods of time.

For example, effective on January 1, 2021 in California, Labor Code § 6409.6, creates a “requirement for employers who have been notified about a potential exposure to COVID-19 to maintain records for three years of written notifications to employees who were at the same worksite as the individual within the infectious period.” The regulation details the types of written and electronic notices that must be provided to employees and subcontractors related to the exposure. It goes on to outline how long those records must be kept and maintained.

The pandemic has shown us how manufacturers are more essential—and yet in some ways, more vulnerable—than ever. Is your operation in compliance and prepared to handle the new record types being created due to the pandemic? Here are some key recommended steps you can take now:

Define new pandemic-related record types

Take the time to define and classify the many news types of records being generated around COVID-19 related events in your operation. Start by identifying the area of the business they’re related to, such as human resources, facilities/operations or accounting.

Next, list the record types that will be generated for each area. For example, human resources will generate new records related to employee case and contact tracing, employee biometric information such as recorded temperature readings, and disclosure of pandemic-related test results to health officials. Facilities records may include customer and visitor biometric information including temperature readings and contact information for contact tracing. And accounting records would include salary protection records.

Once you have a handle on all the types of new records being created, you can research your local labor codes to ensure that you follow proper procedures for record generation, distribution channels and retention.

Establish a retention schedule for pandemic-related records

The new California labor code clearly specifies, “An employer shall maintain records of the written [pandemic-related] notifications…for a period of at least three years.” This requirement now puts clear retention requirements around the types of records most organizations thought they could dispose of as soon as possible, primarily from fears of running afoul of U.S. and international privacy requirements. Although the bad news is that these types of records cannot simply be destroyed promptly, the good news is that legal requirements such as the California regulation justify the retention and in essence becomes the first line of defense to privacy claims, even if faced with a right to be forgotten request.

A clear and well-defined retention schedule is the first line of defense should legal issues or privacy compliance questions arise. While regulatory requirements are one key aspect governing your retention schedule, you should also consider a number of other factors to create a record retention model that serves your operation’s overall needs.

Some key questions to ask include: What are the privacy and data protection risks around these types of records? How will we track records for both our plant workforce as well as subcontractors, temporary workers, and other workforce additions we’ve had to make as a result of the pandemic? Is there a possible business value to the retention of records beyond legal retention requirements? What is the volume of records being generated? What are the legal liability risks associated with these records, and could retention beyond regulatory requirements provide additional protection for your company in the case of legal action? If the process is outsourced to a third party, what are the recordkeeping responsibilities of the organization versus those of the third party?

Examining these issues will naturally lead to the next step of having deeper conversations with your human resources, accounting and legal teams about risk exposure related to these types of records.

Evaluate and mitigate your risk related to pandemic-related records

As with any issue related to health and safety or employee matters in a manufacturing operation, COVID-19 events, processes and procedures naturally carry with them an increased amount of risk exposure around legal and privacy issues.

At the same time, the United States is currently experiencing an emphasis on privacy legislation and enforcement that’s likely to continue if not increase as the pandemic progresses. In addition, many pandemic-related records contain private and confidential information with clearly prescribed privacy and retention requirements.

The pandemic has also placed a new focus on the potential risks that COVID-19 presents to consumers, the food chain, supply chains and more that are unique to manufacturing environments—all of which create additional risk exposures.

Before you’re blindsided by a legal challenge, take the time to first understand your privacy and data protection risks. Consider the types of information that require protection, including biometric screening data; health information; and personal financial information. 

In addition, specifically for the manufacturing industry, consider standards and control models, such as those that exist for the food industry. For instance, the food industry utilizes the Hazard Analysis Critical Control Points (HACCP) model to ensure risk control. The recordkeeping related to the HACCP model has four major components:

  1. Identifying a hazard and the best science and knowledge available to mitigate the associated risk (Hazard Analysis)
  2. Determining how to mitigate the risk for a particular organization (HACCP plans, Critical Control Points); e.g., establish temperature threshold. How high does their temp need to be before they are not allowed to enter the building?
  3. Providing evidence that you have executed mitigation plan (controls, verification); e.g., the logs that demonstrate that you were taking temperatures and adhering to the mitigation plan
  4. Overall scheduled evaluation (annual, monthly etc. evaluation periods)

While on the subject of identifying hazards, so far none of the regulators have identified COVID exposure as a hazardous exposure subject to the longest retention requirements (e.g., termination of employee plus 4 years for medical files, as opposed to termination of employee plus 40 years for hazardous exposure records). That said, keeping track of the classification of COVID-related records is critical to ensuring the proper retention is applied to these records.

Next, create a risk mitigation strategy that includes identification of key risk areas, plans and procedures to follow to mitigate these risks and respond to issues or investigations, a control record to document risk mitigation steps taken, and a feedback loop to ensure all steps are followed and continuously improved.

A solid records and information management plan has always been a cornerstone of a strong manufacturing operation. The far-reaching impacts of the global pandemic make it even more important, now and into the foreseeable future. Taking the time to define and create plans for your pandemic-related records will be time well invested in the viability of your business, employee base, client relationships and your reputation.

John Isaza, Esq., FAI is internationally recognized in the legal fields of privacy compliance, as well as records and information management (RIM). He is one of the country’s foremost experts on RIM issues, electronic discovery, privacy, and legal holds. He has developed information governance and records retention programs for some of the most highly regulated Global 1,000 companies, including related regulatory research opinions. John is also co-author of the Playbook for Responding to Pandemic-Related Records: A Methodology for Analysis & Ingestion of New Record Types

Read Next
The logo of the Honda Motor Co. is seen in Yokohama, near Tokyo, Dec. 15, 2021.
Safety
U.S. Honda Probe Moves Closer to Recall
April 18, 2024
Latest in Safety
Security Breach Podcast
Sponsored
Security Breach Podcast
April 3, 2024
The logo of the Honda Motor Co. is seen in Yokohama, near Tokyo, Dec. 15, 2021.
U.S. Honda Probe Moves Closer to Recall
April 18, 2024
An Alaska Airlines aircraft sits in the airline's hangar at Seattle-Tacoma International Airport Wednesday, Jan. 10, 2024, in SeaTac, Wash.
Alaska Airlines Briefly Grounds Flights Due to Technical Issue
April 18, 2024
Ep149
Major Auto Supplier Faces Fine After Fatal Crushing Accident
April 17, 2024
Related Stories
I Stock 1214212730
Operations
The Next Pandemic Is Already Happening
The logo of the Honda Motor Co. is seen in Yokohama, near Tokyo, Dec. 15, 2021.
Safety
U.S. Honda Probe Moves Closer to Recall
An Alaska Airlines aircraft sits in the airline's hangar at Seattle-Tacoma International Airport Wednesday, Jan. 10, 2024, in SeaTac, Wash.
Safety
Alaska Airlines Briefly Grounds Flights Due to Technical Issue
Security Breach Podcast
Sponsor Content
Security Breach Podcast
More in Safety
Security Breach Podcast
Sponsored
Security Breach Podcast
A new video series from Manufacturing.net - Security Breach, looks to offer the insight and tools needed to ready your company's defenses. Stay up-to-date on today's vital cybersecurity topics by subscribing here.
April 3, 2024
The logo of the Honda Motor Co. is seen in Yokohama, near Tokyo, Dec. 15, 2021.
Safety
U.S. Honda Probe Moves Closer to Recall
Emergency braking can activate for no reason.
April 18, 2024
An Alaska Airlines aircraft sits in the airline's hangar at Seattle-Tacoma International Airport Wednesday, Jan. 10, 2024, in SeaTac, Wash.
Safety
Alaska Airlines Briefly Grounds Flights Due to Technical Issue
The airline had an issue while "performing an upgrade to the system that calculates our weight and balance."
April 18, 2024
Ep149
Video
Major Auto Supplier Faces Fine After Fatal Crushing Accident
The 26-year-old employee had been on the job for about a year.
April 17, 2024
A Ford Bronco is displayed at a Gus Machado Ford dealership on Jan. 23, 2023, in Hialeah, Fla.
Safety
Ford Recalls Over 456,000 Bronco Sport and Maverick Cars Due to Loss of Drive Power Risk
The body and power train control modules may fail to detect changes in battery charge.
April 17, 2024
The Glen Canyon Dam is seen, Aug. 21, 2019, in Page, Ariz.
Safety
Plumbing Problem at Dam Brings New Threat to Colorado River System
Federal officials recently reported damage to four tubes known as "river outlet works."
April 17, 2024
People are seen aboard the container ship Dali, Monday, April 15, 2024, in Baltimore.
Safety
Ship That Caused Bridge Collapse Had Electrical Issues While Still Docked
Alarms went off, indicating an inconsistent power supply.
April 16, 2024
President Joe Biden speaks as he meets with Iraq's Prime Minister Shia al-Sudani in the Oval Office of the White House, Monday, April 15, 2024, in Washington.
Safety
Biden Administration Partners with 50 Countries to Stifle Future Pandemics
The U.S. has devoting billions of dollars to the effort.
April 16, 2024
A soybean field is sprayed in Iowa, July 11, 2013. The maker of a popular weedkiller is turning to lawmakers in key states to try to squelch legal claims that it failed to warn about cancer risks.
Safety
Bayer Lobbies for Shield from Pesticide Lawsuits
About 167,000 legal claims against Bayer assert Roundup causes cancer.
April 16, 2024
The Kashiwazaki-Kariwa plant in Kashiwazaki, Niigata prefecture, northern Japan, on April 2021.
Operations
Operator of Japan's Fukushima Plant Prepares to Restart Another Plant
The plant has been offline since 2012.
April 15, 2024
Pipelines
Safety
Expanding Pipeline System Faces Critical Safety Concerns
The technology is there, but funding and implementation remain challenging.
April 15, 2024
I Stock 1498561784
Operations
Colorado Latest State to Try Turning Off Electrical Grid to Prevent Wildfires
It's a complex, technical operation pioneered in California.
April 12, 2024
A Ford Bronco is displayed at a Gus Machado Ford dealership on Jan. 23, 2023, in Hialeah, Fla.
Safety
Ford Is Under Investigation for Bronco Sport Gas Leaks
U.S. says its remedy doesn't fix the problem.
April 12, 2024
Ep145
Video
Toxic Ingredients Found in Weight Loss Supplements
And some major sellers have declined to issue a recall.
April 11, 2024
Ap24101746922221
Safety
Ford Involved in Deadly Crash May Have Been Running on Automated System
A Mustang Mach E sport utility vehicle hit two stationary passenger cars.
April 11, 2024