Can Employers Monitor or Score Employee Sick Leave Through a System? Key Considerations for HR and Management

The question of whether an employer may monitor or even “score” employee sick leave using digital tools is increasingly relevant in today’s workplace. In Cyprus, this issue has been directly addressed by the Commissioner for Personal Data Protection in Decision No. 11.17.001.006.043 (25 October 2019). The case concerned the use of the “Bradford Factor,” a scoring system designed to calculate and highlight frequent short-term absences. The decision offers important guidance for employers and HR managers, particularly regarding compliance with the General Data Protection Regulation (GDPR) and national labour law.

The Bradford Factor Case

In the case under review, the employer processed extensive personal data of employees, including names, type of illness, medical certificates, duration of absence, and dates of sick leave. These data were entered into a system that generated a score when sick leave reached a “trigger point.” Once this occurred, the HR department took specific actions such as contacting employees, arranging interviews, and even questioning the legitimacy of medical absences.

The Commissioner concluded that such scoring constituted intrusive processing of sensitive health data and lacked a lawful basis under the GDPR. The decision emphasized that the assessment of legitimate sick leave effectively placed the employer in the role of a doctor, thereby punishing employees for lawful absences. Substantial administrative fines were imposed.

Key Legal Principles
Employers and HR managers should take note of three critical legal principles emerging from this case:

1. Sensitive Data Processing
   Health data fall under “special categories” of personal data under Article 9 GDPR. Their processing is strictly prohibited unless a specific exception applies. Merely invoking the employer’s “legitimate interest” is not sufficient. Such processing must be combined with one of the exceptions of Article 9(2) GDPR, such as compliance with employment law obligations.

2. Proportionality and Necessity
   Even where a legal ground exists, employers must demonstrate that the processing is proportionate and strictly necessary. Less intrusive means of monitoring attendance (e.g., basic absence records without profiling or scoring) should always be considered first.

3. Balancing of Interests
   The Commissioner highlighted that the legitimate interests of the employer do not outweigh the fundamental rights and freedoms of employees. Workers reasonably expect that their lawful sick leave will not be subject to profiling or scoring systems.

Practical Guidance for Employers and HR

• Record Keeping vs. Profiling: Employers may keep records of employee absences for payroll and operational purposes. However, converting these absences into scores or using algorithms to evaluate them constitutes profiling, which raises significant legal risks.

• Transparency and Consultation: Any system that processes employee data must be communicated transparently to staff. Ideally, consultation with employee representatives should precede implementation.

• Data Minimisation: Only data strictly necessary for legitimate purposes should be collected. Recording the specific illness is rarely justified and may contravene data protection principles.

• Alternative Approaches: Instead of scoring systems, HR managers can implement supportive attendance policies, wellbeing initiatives, and return-to-work interviews that respect privacy while addressing genuine attendance issues.

Conclusion
The decision of the Commissioner makes clear that the use of systems like the Bradford Factor in Cyprus constitutes unlawful processing of sensitive health data. Employers and HR managers must therefore approach employee absence management with caution. Monitoring should be limited to what is necessary, proportionate, and legally justifiable. Respect for employee privacy is not only a matter of compliance but also essential for fostering trust and maintaining a healthy workplace culture.