How should an employer handle personal information in relation to NHS Test and Trace?
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.
Related FAQs
A licence to occupy premises is not an interest land and operates as a commercial contract between the parties that enter into it. Licences tend to be put in place to cover short periods and consequently they are generally a lot more flexible than commercial leasing arrangements. To that extent occupants under licences should review the contract to establish whether or not there are any provision allowing them to terminate on notice to the Licensor.
Occupants under licences that are granted for longer periods without the option to terminate may try to argue that the contract has frustrated because they are effectively unable to occupy.
Local government legislation formerly stipulated that councillors must be physically present to vote and this requirement has already led to the widespread cancellation of Council meetings. There is a limit to what can be achieved under the chair’s emergency powers and delegation to officers.
The Government has now legislated to allow for remote voting until 7 May 2021. The secondary legislation required was issued in draft on 2 April and has been in force since Saturday 4 April.
The legislation allows for committee meetings to go ahead where members and any members of the public attending remotely can all times “hear (and where possible see) and be heard (and where possible be seen) by the other members in attendance”.
It remains to be seen how many local authorities take up the opportunity to hold a virtual committee meeting. Concern has been expressed that the demographic of local councillors may mean that members have difficulty with the technological mechanisms for holding such meetings. However, the message from the Secretary of State is clear that wherever possible, the planning system should keep moving in these current times.
With another lock-down in force in England, it has been confirmed that the courts will remain open. This is different to the first lockdown in March 2020, in which the majority of courts were closed and most face to face hearings did not take place. Hopefully, this new lock-down measure will ensure that cases are still being heard at a steady rate, and there should not be a backlog for your case to be dealt with.
Lord Chancellor Robert Buckland QC MP emphasised the importance of maintaining safety during the new measures: “Our courts & tribunals continue to be an essential public service, served by essential workers and meeting Covid-secure standards endorsed by public health officials. With the use of remote hearings wherever appropriate, this vital work can and should continue.”
A large sum of £110m has been spent in recent months to make courts safe and to ensure that trials should go ahead where necessary. As a result of the expenditure, hearings can now still take place both in person, whilst adhering to the rules, as well as remotely. Your case may be heard in court if it is deemed as being “necessary in the interest of justice”.
Precautionary measures, such as social distancing, will still be in place, with Judges and magistrates ensuring that this happens.
Lord Chief Justice, Lord Burnett of Maldon commented: “The next few weeks will present difficulties in all jurisdictions. But as before judges, magistrates, staff, the legal profession and others involved in the system will meet them and ensure that the administration of justice continues to function in the public interest.”
If you are running a business, yes you can. Please see our Funding and Finance FAQ’s.
We are hearing that Banks are more likely to advance monies on the basis of known income, so for example notified legacies, where there may be a time lag in them being received or against investments where, if they were realised now, would crystallise a loss. Asking for a loan which will need to repaid from future services or trading income should be carefully considered in particular where the charity does not operate to create a surplus which would allow this.
No, government advice remains that if employees can work from home, they should continue to do so in order to minimise social contact across the country in order to keep infection rates down.