Skip to content
Menu

Home FAQs How much data can I gather?

How much data can I gather?

You also need to consider other aspects of data protection.

Be proportionate – only gather and use Covid-19 data where you need to.

Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.

Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to  make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).

Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.

Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.

Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.

Related FAQs

What options do I have if my employee, who can work from home, is struggling to do so because they have young children at home who need "teaching" and supervision?

This is likely to be a common situation and employers and employees are going to have to take a pragmatic approach. You could enter into a temporary flexible working arrangement perhaps agreeing to vary working hours/days or reducing targets or agree to use some annual leave.

Employees could ask to take a period of unpaid leave, asserting their right to time off to care for a dependant but the lack of pay is likely to be unappealing.

Alternatively employees who are unable to work because they have caring responsibilities as a result of COVID-19, which includes childcare responsibilities, can be furloughed.

Last updated on 5th January, 2021

What can I do if someone refuses to wear PPE for cultural and/or religious observance reasons?

Again, the primary point must be that an open dialogue is held with that individual to understand their concerns and to properly consider the impact that not wearing PPE will have on their abilities to undertake their duties. Consideration must be given as to whether there are any parts of their duties that they can undertake and whether they can remain in their role. Engage with the individual to ensure that you understand their point of view. What other duties can they do if they cannot do fulfil all the duties of their role?

Last updated on 19th May, 2020

What actions and measures should be avoided?

The CMA is particularly concerned about certain activities, its guidance highlights:

  • Exchange of commercially sensitive information where this is not necessary in response to the crisis
  • Collaboration which unfairly excludes third parties
  • Abuse of a dominant position (including a dominant position held as a result of the crisis) – particularly to charge excessive prices
  • Seeking to maintain prices or prevent reductions in prices
  • Cooperation going beyond what is necessary to respond to the crisis in the interests of consumers

Last updated on 31st March, 2020

How are the Courts applying the new guidance?

Overall it is our experience that the Courts are quickly adapting in the context of the Coronavirus epidemic and making pragmatic decisions. The Judges seem live to the difficulties currently been faced by practitioners dealing with litigation and they are applying the new guidance.

The Courts are also mindful of pressures on NHS frontline staff and are taking steps not to put additional pressures on them at this time, including in our experience vacating an imminent Trial.

Last updated on 15th May, 2020

What is the Government’s Coronavirus Job Retention Scheme?

All employers in the UK are eligible to participate in the scheme. The purpose of the scheme is to allow employers to claim back employment costs if they have furloughed employees arising from the coronavirus crisis. Importantly this means the scheme is not limited to cases where the employee would otherwise have been made redundant.

Key points:

  • Between 1 November 2020 – 30 June 2021, the government will reimburse employers for 80% of wage costs, up to a cap of £2,500 per month, with employers expected to contribute 10% of that 80% in July 2021 and 20% of that 80% in August and September 2021. Employers will still need to pay employer NICs and employer pension contributions (these cannot be claimed for).
  • The scheme now also allows employees to return to work part time being on furlough for the remainder. See flexible furlough above for more information.
  • The employer can agree to pay the employee more than it will be reimbursed but it cannot reclaim the additional amount or any other costs associated with the additional amount.
  • The workers covered by the scheme are those who have been “furloughed” which is a leave of absence.
  • Workers must be told about and agree to this change of status (see below).
  • Employers have to continue to pay the furloughed workers and the Government will reimburse the employer.
  • HMRC is administering the scheme and it has been extended until the end of September 2021
  • Those who left employment and are re-employed and subsequently furloughed by agreement are eligible (please see the FAQ regarding redundancy and furlough above).
  • Payments may be withheld if claims are based on inaccurate or dishonest information, or are found to be fraudulent. HMRC has put in place an online hotline for employees and the general public to report suspected fraudulent claims.
  • The Government has made alternative help available for employers to continue to pay employees while the scheme is set up.

Last updated on 28th March, 2020