Can employees reduce their pension contributions?

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

The Act should make it easier for residents to obtain relevant information. It includes an obligation for the Principal Accountable Person to prepare a strategy for promoting the participation of residents, including the information to be provided to them and consultations about relevant decisions. The strategy must be provided to residents, and there will be provision for residents to be able to request information and copies of documents from the Principal Accountable Person. The type of information and the form in which it is to be provided will be set out in secondary legislation in due course, but the explanatory notes anticipate that it will include:

• Full current and historical fire risk assessments•Planned maintenance and repair schedules
• The outcome of building safety inspection checks
• Information on how assets in the building are managed
• Details of preventative measures
• Details of fire protection measures and the fire strategy for the building
• Information on the maintenance of fire safety systems
• Structural assessments
• Planned and historical changes to the building

All policies will impose a stringent obligation, often with time limits, for you to notify insurers of circumstances that may give rise to a potential claim under the policy and non-compliance may well negate your cover. If therefore you have potential cover under your policy you must make a precautionary notification to Insurers as soon as possible.

Details of your MHFAs should be posted somewhere that everyone can access easily – a specific area on an intranet or whatever alternative exists. Regular comms involving the MHFAs, webinar sessions, Q&A sessions and mental wellbeing drop in sessions are all ideas that may work well.

It is almost impossible to completely guard against the risks associated with contractor insolvency, but there are some steps which can assist in mitigating and managing the risks involved.   To be in the best possible position, it is worth considering the following at the outset of any project:

• Check the contractor’s financial position – particularly the specific company which will enter into the building contract, as the employer’s rights will be against this company rather than the business as a whole
• Take legal advice to ensure that the building contract is properly drafted with appropriate provisions to deal with an insolvency event
• Consider requiring a performance bond and/or parent company guarantee (each serve slightly different purposes)
• Obtain collateral warranties from the consultants and sub-contractors involved, so that there are contractual rights against other parties if the contractor is no longer able to meet claims
• Consider requiring retention bonds, advance payment bonds or vesting certificates if necessary
• Project bank accounts and escrow accounts can also provide some further assurances for the parties involved