How much data can I gather?
You also need to consider other aspects of data protection.
Be proportionate – only gather and use Covid-19 data where you need to.
Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.
Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).
Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.
Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.
Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.
Related FAQs
Where an employer is proposing to dismiss:
- 100 or more employees at one establishment within a 90-day period, consultation must begin at least 45 days before the first dismissal takes effect
- Between 20 and 99 employees within a 90-day period, consultation must begin at least 30 days before the first dismissal takes effect
- If you are proposing to dismiss less than 20 employees then there are no minimum time limits but you must adhere to a fair process which will involve individual consultation and providing the employee with a right of an appeal
On 18 April 2020, it was announced that an exception to the current stay in possession proceedings and ban on all evictions has been made to allow possession orders to be made against trespassers.
This means land owners can take action to remove unauthorised persons occupying their land. Trespassers include: squatters; travellers; failed successors of secure tenancies; and licensees whose licences have been terminated.
Further, the automatic stay to possession proceedings currently imposed no longer applies to applications for interim possession orders meaning any persons found to be “squatting” on land without permission may again be subject to an order requiring them to leave your premises within 24 hours of service of that order.
The Government has introduced legislation to expand the list of those who can register deaths to include Funeral Directors who are dealing with the funeral arrangements and who has been authorised by a relative of the deceased to register the death. Also, the medical cause of death certificate can be emailed to the Registrar’s office and arrangements made to have a telephone appointment to provide the Registrar with information to register the death. The requirement to attend the Registrar in person to sign the Register has been relaxed so that this is not necessary. It will however still be necessary to register the death within 5 days.
The application has to be made before the date on which the accounts should have been filed, so this process can’t be used if you are already late. If you don’t make the application before your filing deadline, then a fine will automatically be generated if your accounts are filed late. Whilst you could appeal against such a fine on the grounds that the delay was caused by coronavirus issues, this is likely to be a much more time consuming and uncertain process that applying in advance.
It does not appear that the process applies to Confirmation Statements or other returns.
All organisations have underperformers. Capability is a potentially fair reason to dismiss and is separate to any redundancy procedures.
Generally, capability falls into either absences through illness or underperformance in the role. Those who are absent through sickness can be furloughed, but when furlough comes to an end they will need to go back onto sickness. If you are looking to tackle absence then you need to tackle long term and short term absence in a different way.
Long term absence: You need to establish whether the employee is able to return to work (with or without reasonable adjustments) in the medium term. This requires medical opinion and be careful of disability issues. Reasonable adjustments are likely to be important.
Short term absence: You will need to demonstrate that you have fair absence triggers in place and there is normally be a 3 stage procedure: warning and final warning followed by dismissal on notice. Each stage needs a fair procedure, with written information, a fair hearing and the opportunity to appeal. Be careful of disability issues.
As for underperformance: To tackle this, you will need to have clear SMART objectives in place and evidence of the employee failing to meet these. There would then normally be a 3 stage procedure: warning and final warning followed by dismissal on notice. Each stage needs a fair procedure, with written information, a fair hearing and the opportunity to appeal.