Employers are not legally entitled to disclose that an employee is infected with HIV unless the employee consents. The only exception to this rule is if it could be claimed that it was in the public interest for others to know.

The Data Protection Act (1998)

The Data Protection Act 1998 (DPA) gives extra weight to confidentiality. The new Act is much stricter than the previous 1984 Act. There are two sections of the DPA that are specifically relevant in relation to HIV: the first section is Sensitive Personal Data; the second section is Rights in Relation to Health Records.

The DPA gives strict rules to ensure that information about an individual is only used for the specific purposes for which it is intended. This further strengthens the need for employers to maintain confidentiality. The devastating effect that breach of confidentiality can have in relation to HIV means that employees could well have cases against their employer if a breach occurs.

The right to privacy under the Human Rights Act could also be cited in a tribunal case to challenge any breaches of confidentiality.