Forcing annual leave

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

To respond to the crisis businesses might need to exchange information to a greater extent than they would usually. They might need to discuss capacity and to coordinate supply chains (both upstream and downstream). They might need to purchase or sell jointly to ensure vital supplies are maintained. In general agreements or collaboration which:

• Avoid a shortage, or ensure security, of supply
• Ensure a fair distribution of scarce products
• Continue essential services
• Provide new services such as food delivery to vulnerable consumers

The practicalities and processes regarding disrepair claims will undoubtedly be affected. Housing providers will have to adopt a risk-based approach and consider government guidance to handle claims going forward. Key points to consider are:

• Compliance with the Pre-Action Protocol for Housing Conditions Claims (particularly disclosure)
• The practicalities of inspection
• Non-urgent repairs

In most circumstances the answer will be no. It would be an infringement of their human rights. It could also be a criminal assault.

However where there is a high risk to employees of exposure to COVID-19, such as care homes and healthcare environments, you might be able to make it a requirement of their role to have the vaccine.

First, consider whether you need to have a blanket requirement covering all employees or whether only certain groups who work in the most high risk areas require the vaccine.

You will need to do a thorough risk assessment balancing the amount that the risk of exposure would be reduced against the interference with the employee’s human rights. Consideration will need to be given as to whether insisting on the vaccine is proportionate to the risk and whether other less invasive steps could be taken instead, such as maintaining social distancing, wearing a mask, washing hands.

Any requirement for employees to be vaccinated should be communicated clearly to employees and trade unions together with a clear explanation for why it is necessary.

The Chief Coroner adopts the approach taken by the Lord Chief Justice in that no physical hearing should take place unless it is urgent and essential business, and it is safe for all involved. If a hearing is to take place, social distancing must be maintained. All hearings that can take place remotely should do so, if it is not possible for social distancing requirements to be met. The expectation is that some hearings will go ahead, most notably Rule 23 hearings. Coroners are reminded that they must however conduct any remote hearings from a court. Decisions as to the most appropriate approach will be left to the senior coroner in that jurisdiction.

As we have already seen, some inquests will be adjourned, most notably those with multiple witnesses and/or a jury.

The guidance stresses the need, when dealing with medical professionals, for coroners to recognise their primary clinical commitments, particularly in these high-pressured times. This could mean avoiding or deferring requests for lengthy reports/ statements and accommodating clinical commitments if clinicians are called as witnesses.

The guidance encourages proactive reviews of outstanding responses to Prevention of Future Death reports and extending timescales for Trusts to respond.