How much data can I gather?
You also need to consider other aspects of data protection.
Be proportionate – only gather and use Covid-19 data where you need to.
Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.
Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).
Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.
Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.
Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.
Related FAQs
In the unfortunate event that there will be a significant number of deaths, planning will fall to the local resilience forum; which includes all relevant local organisations and statutory bodies, who will have prior experience in working in excessive death scenarios.
It is for the coroners to ensure that they are familiar with the local resilience forum plans and discussions required. This will include issues regarding storage capacity and post-mortem examination capacity.
Yes. The updated government guidance has confirmed that office holders (including company directors), salaried members of Limited Liability Partnerships (LLPs) individuals working under umbrella companies (including agency workers) and individuals who are classified as ‘workers’ rather than employees can be furloughed but only to the extent that they are paid via PAYE. Therefore director’s fees can be claimed (subject to the cap) but dividends are excluded, as are bonuses and commission payments.
Those who are paid annual are now eligible to make a claim, subject to meeting the remaining requirements. This includes being notified to HMRC on an RTI submission on or before 19 March 2020 which relates to a payment of earnings in the 19/20 tax year.
The decision to furlough a director or office holder should be adopted as a formal decision of the company or LLP which should be minuted and notified in writing.
Company directors can only undertake work to fulfil a duty or other obligation arising from an Act of Parliament relating to the filing of company accounts or provision of other information relating to the administration of the director’s company while furloughed and they cannot carry out work that would generate revenue or perform services to or on behalf of their company. This also applies to salaried individuals who are directors of their own personal service company (PSC).
The coronavirus outbreak has seen State support being given to businesses on an unprecedented scale.
This issue is likely to be increasingly relevant as Governments seek to protect and stimulate their economies as they emerge from lockdown.
How have the rules been relaxed in the context of the crisis and what facets of the existing law can be used for the State to provide support to undertakings?
The CLC has also prepared a template letter that firms may adopt and issue to their workforce regarding travel to work. This can be accessed at download document.
The CLC’s current advice to those carrying out works on site is to carry out your own risk assessment on each site and determine whether or not it is safe to continue to work in accordance with the Public Health England instructions and the CLC Site Operating Procedures. If it is not possible to work in accordance with the above they should not work.
Potentially. The first question is why the person is not able to return, as their individual circumstances will be very relevant in terms of whether they can be safely dismissed.
Employers should ask themselves 2 questions in this situation:
- Have I done everything I am required to do in order to make the workplace safe for the individual to return; and
- Is what the employee saying reasonable?
If the answer to question 1. is no then a dismissal is unlikely to be fair. However, even if the answer to question 1. is yes, then there is still question 2. to address. If the employee has reasonable grounds as to why they are unable to return to work, e.g. due to health issues, childcare responsibilities etc then the dismissal is unlikely to be fair. It is only if you can answer yes to question 1. and no to question 2. that you can have some confidence in the potential safety of the dismissal.
Dismissals based on objections to returning to work on health and safety grounds will very often be risky and are highly fact specific, therefore please contact one of the employment team for further advice prior to dismissal.