How much data can I gather?
You also need to consider other aspects of data protection.
Be proportionate – only gather and use Covid-19 data where you need to.
Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.
Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).
Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.
Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.
Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.
Related FAQs
This will depend on the particular facts and the employee’s circumstances but an employee should co-operate with the employer so far as is necessary to enable compliance with any statutory duty or requirement relating to health and safety.
In addition, conduct outside of work can result in an employee’s dismissal if the conduct pertains to the employment relationship. If an employee breaches the lockdown rules and it affects their ability to work, such as it being no longer safe for them to attend work, or the reputation of the employer, these may be grounds for disciplinary action and subsequent dismissal.
In part in response to the Covid-19 pandemic, legislation was passed by the government earlier this year which sought to assist companies to trade through the current economic climate. Included within the measures is a degree of protection from compulsory winding up.
The Corporate Insolvency and Governance Act 2020 (The Act), was laid before parliament on 20 May, and became law on 26 June. It is important creditors are aware of what changes have been implemented and the potential and impact which it may have upon debt recovery action you may be considering or have already commenced.
The main part of the Act affecting creditors is the temporary restriction on presentation of winding up petitions and the factors that the Court has to take into account when deciding whether to wind up a company.
On Thursday 24 September 2020 the government passed a further statutory instrument which extended the operation of these restrictions. As a result, the measures which were due to expire on Wednesday 30 September 2020 have now been extended until 31 December 2020.
A key point to note is that the Act has retrospective effect so any pending petitions presented after 27 April will be affected, along with any winding up orders made after that date.
The Act has introduced the following restrictions:
- A petition cannot be presented by a creditor during the period of 27 April 2020 and 31 December 2020 unless the creditor has reasonable grounds to believe that (a) coronavirus has not had a financial effect on the debtor, or (b) the debtor would have been unable to pay its debts even if coronavirus had not had a financial effect on the debtor;
- A petition cannot be presented after 27 April 2020 if it is based on a unsatisfied statutory demand served between 1 March 2020 until 31 December 2020;
- When deciding whether to make a winding up order the Court will need to be satisfied that the grounds giving rise to the petition would have arisen even if Covid-19 did not have a financial effect on the debtor;
- All winding up orders made between the 27 April and 31 December will automatically be void (that is, of no legal effect) unless the Court would have made the winding up order if the new law was in force at the time the order was made.
The Thriving at Work Report and the recent NICE Workplace Mental Health Guidelines provide a good baseline for what all organisations should be doing on workplace mental health – this includes some guidance on training. There does need to be a plan in place and we recommend taking a holistic view of the integration of mental health first aiders into a business – ie it should be one component in a strategy that also comprises training for line managers, awareness training and education for all staff, peer support, and a documented framework for support and signposting. It is also worth ensuring you have senior manager sponsorship, strong links with Occupational Health if available and also raising awareness via any works councils or employee forums helps ensure there is buy in at all levels.
This is likely to be a common situation and employers and employees are going to have to take a pragmatic approach. You could enter into a temporary flexible working arrangement perhaps agreeing to vary working hours/days or reducing targets or agree to use some annual leave.
Employees could ask to take a period of unpaid leave, asserting their right to time off to care for a dependant but the lack of pay is likely to be unappealing.
Alternatively employees who are unable to work because they have caring responsibilities as a result of COVID-19, which includes childcare responsibilities, can be furloughed.
Ordinarily, no but during the pandemic, yes.
You can start employing a Tier 2 or 5 worker who is in the UK before their visa application has been decided if the following conditions have been met.
- You have assigned the worker a Certificate of Sponsorship
- They have made an in time visa application (i.e. they made their new visa application before their current leave expired) and they have provided you with evidence of this
- The job you employ them in is the same as the one stated on their Certificate of Sponsorship.
Sponsors should be aware that they should carry out right to work checks before the individual starts undertaking work for them and if their visa application is eventually rejected, they must stop employing them.
Although sponsors will not be able to record migrant activity on the SMS about these workers, the Home Office has confirmed that any necessary reports should still be made on the sponsor’s internal systems.
If the worker is outside the UK, they may be able to start work for you remotely subject to the relevant employment, tax and immigration requirements in that country.