Court proceedings haven’t yet been issued – what should I do?

Another obvious cost cutting measure is to reduce working hours, either temporarily or permanently. Again, it should be done fairly, either across the board or by selecting teams/individuals based on objective business reasons. Imposing without agreement would create significant risk, therefore would require fair selection and consultation.

The European Commission has reintroduced its “comfort letter” system for cooperation in relation to shortage of supply. This allows cooperating businesses to check what the Commission’s view of their proposals are before implementing them.

In the UK context the SMA has introduced an exemption for suppliers of healthcare services to the NHS. This allows:

• Sharing information about capacity
• Coordination of staff deployment
• Joint purchasing of goods, services and facilities
• Sharing or lending of facilities
• Division of activities, including agreeing whether to expand or reduce the volume or type of services provided by suppliers

In relation to whether the CMA will investigate cooperation, it has indicated:

• The CMA will use its discretion as to the prioritisation of its enforcement action to permit some agreements/collaboration which would otherwise potentially give rise to enforcement action (including potentially attracting fines of up to 10% of group worldwide turnover)
• The CMA will use its existing power to exempt certain agreements under the Competition Act 1998 where these are in the public interest

The government has also confirmed it will match donations to the National Emergencies Trust as part of the BBC’s Big Night In fundraiser on 23 April – pledging a minimum of £20 million.

In the unfortunate event that there will be a significant number of deaths, planning will fall to the local resilience forum; which includes all relevant local organisations and statutory bodies, who will have prior experience in working in excessive death scenarios.

It is for the coroners to ensure that they are familiar with the local resilience forum plans and discussions required. This will include issues regarding storage capacity and post-mortem examination capacity.

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.