As vaccine mandates gain popularity, more tech companies are now requiring their employees to provide proof of vaccination, rather than simply taking them at their word.
Google, Facebook, Microsoft, Lyft, Uber and Twitter all now require employees to submit proof that they're vaccinated before coming to the office.
That's a departure from a month ago, when out of the four companies that had told Protocol they were requiring vaccines (Adobe, VMware, Twilio and Asana), only one — Asana — was requiring proof.
There are two likely reasons for the change, according to Sheeva Ghassemi-Vanni, a partner in the employment practices and litigation groups at the Silicon Valley law firm Fenwick and West.
"The federal government came down with some [vaccine] mandates for its workers, as well as certain states," Ghassemi-Vanni said. "I think that coupled with the delta and delta-plus and lambda and whatever else may be out there on our horizon on variants … I think that created a perfect storm to empower employers to feel that they could not only require a vaccine, but get proof of that."
Beyond tech and government workers, vaccine mandates are taking hold throughout U.S. society.
CNN fired three employees who went to the office without being vaccinated, the news network said Thursday, and vaccines are now required of California health care workers and anyone entering a restaurant, gym or theater in New York City. There's been some talk of a similar mandate in San Francisco.
Who's not requiring proof?
Requiring proof is now the dominant approach to implementing vaccine mandates among large tech companies, and that has ripple effects in the rest of the industry.
"The big tech companies coming out and taking a stand — that certainly has influenced startup clients who often look to Big Tech for direction and want to follow suit," Ghassemi-Vanni said. "If you're going to require the vaccine, why not erase the doubt and get proof of the vaccine?"
Still, not every company implementing a vaccine mandate is requiring proof of vaccination.
Pure Storage is one company that still says it will allow employees to "self-certify" their vaccination status if they choose to work from the office. (Like many others, Pure is letting its employees work remotely through at least the end of the year, but will eventually require them to come to the office part-time.)
"We trust our employees for lots of different things, including truthfulness on their job application, that they're not stealing from the company, that their expense reports are accurate," Pure CEO Charlie Giancarlo told Protocol last month. "If they lie on any of those things, of course, that is a big concern and could lead to disciplinary action, and the same is true on this."
The hardware and software maker has its employees check a box that says "I am fully vaccinated" on Workday. The vaccination status screen doesn't ask for proof, but warns employees that Pure "may be able to request documentation or verification of my vaccination status."
Twilio, Adobe and VMware — the three companies that told Protocol last month they weren't requiring proof of vaccination — have not indicated any change to that policy.
How to require proof
Collecting a photo or scanned copy of the paper vaccine card that a worker received when they were vaccinated is the most popular and definitive form of proof. Companies do face the risk that a worker will forge a fake vaccine card, but that "will hopefully be the minority," Ghassemi-Vanni said.
In addition to vaccine cards, Twitter — which closed its offices last month and has not yet set a date for when they will reopen — said it would accept documentation of vaccination from a health care provider, or the digital vaccine records issued by state governments in California and New York.
"Most companies are either having employees submit their proof of vaccination to a designated vaccine email address," Ghassemi-Vanni said, or requesting the proof through a human resources management system.
Lyft is collecting its employees' proof of vaccination over Workday while the cloud collaboration software maker Airtable is using a Dropbox form.
Tying vaccination records to employees' badge access to the office building is a common way of enforcing vaccine mandates. Lyft and Pure are among the companies implementing this process.
Some companies may opt to have a gatekeeper at the office — an HR or security person, for example — who cross-references employee records to see who is listed as vaccinated and can therefore enter the office.
Uber is adding proof of vaccination to its existing list of safety requirements to get a daily "boarding pass" to enter its offices using ServiceNow software. As part of a daily check-in to access the office, Uber employees must agree to several safety-related statements.
"To me, the easiest would seem to be through the badge, although theoretically you could badge someone in, so there's always that risk," Ghassemi-Vanni said. "But I think most employers are trying to put in as many safeguards as they can while also trying to put a level of trust and autonomy into their employees."
Privacy concerns
Companies can opt to simply inspect the proof of vaccination rather than store a copy of it, but it's more common to store a copy, Ghassemi-Vanni said.
Storing a copy has obvious benefits, but carries privacy concerns.
Crucially, if companies store a copy of the proof, companies should limit internal access to the records and ensure that they're stored separately from personnel files.
"At the end of the day, this is medical information and it has to be treated and stored as such," Ghassemi-Vanni said. "It's relatively easy to manage and store, but I think what's really important is if you are going to require proof, to convey in that policy or communication to employees that this information will be treated confidentiality and will be stored appropriately."
