Skip to content
Menu

Home FAQs How should an employer handle personal information in relation to NHS Test and Trace?

How should an employer handle personal information in relation to NHS Test and Trace?

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

  • Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
  • Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
  • Only use the information for the purpose of managing the workforce during the pandemic.
  • Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
  • Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
  • Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
  • Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
  • Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
  • Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
  • All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

Related FAQs

Do voluntary redundancies count as a dismissal?

Yes.

Last updated on 7th May, 2020

I would like to make a Lasting Power of Attorney. How do I and my Attorney(s) get our signatures witnessed and who can be my Certificate Provider?

As with a Will, your solicitor can take instructions by telephone, Skype or a similar tool. Your solicitor can then post or email the documentation to you. As with Wills, your signature and those of your proposed Attorneys will need to be witnessed, but in this case only by one other person. However, there are specific requirements as to who can witness your signature. The witness must be aged 18 or older and cannot be your Attorney but they can be your Certificate Provider.

Your Certificate Provider must either be someone you have known personally for at least two years or an appropriate professional. However, they must not be your Attorney and they must not be a member of your family or the partner, boyfriend or girlfriend of a member of your family or a business partner or employee of yours.

Also, if you are living in a care home, the Certificate Provider cannot be the owner, manager, director or employee of the home you live in.

Given the current restrictions on movement, if you have regular medical checks you could ask your GP or another medical professional to witness your signature and act as your Certificate Provider when you go to see them or they come to you. Alternatively, if someone you have known for two years or more is dropping off essentials, they could act as a witness and Certificate Provider remembering to retain the necessary distance and protective measures.

Concerning your Attorney(s) you cannot act as their witness. Otherwise, anyone aged 18 or older can act as their witness, including the other Attorney. Ideally, a witness to your or your Attorney’s signatures should not be a family member for the sake of impartiality and to avoid disputes. If necessary they can be.

Last updated on 1st April, 2020

I hold a licence but can’t trade. Can I terminate it?

A licence to occupy premises is not an interest land and operates as a commercial contract between the parties that enter into it. Licences tend to be put in place to cover short periods and consequently they are generally a lot more flexible than commercial leasing arrangements. To that extent occupants under licences should review the contract to establish whether or not there are any provision allowing them to terminate on notice to the Licensor.

Occupants under licences that are granted for longer periods without the option to terminate may try to argue that the contract has frustrated because they are effectively unable to occupy.

Last updated on 2nd April, 2020

Does an employee who is furloughed lose his/her benefits under an EMI share option?

One of the key legislative requirements of EMI is that the employee satisfies the working time requirement, which is that they work at least 25 hours per week in the company or, if less, 75% of the employee’s total working time. If the working time requirement ceases to be met, then there is a “disqualifying event”. That means that the tax benefits of EMI ceases. It may also mean that the option lapses, but that depends on the specific terms of the option.

An employee who has been furloughed is by definition no longer working 25 hours/week and therefore on the face of it, there is a disqualifying event. However, the Government has tabled an amendment to the Finance Bill currently going through Parliament providing in effect that time not worked because an employee has been furloughed counts as working time, both for determining whether the working time requirement is met initially and whether there is a disqualifying event. Provided this amendment is enacted, this should address the issue.

Last updated on 3rd April, 2020

What agreements will the CMA choose not to take enforcement action in respect of?

CMA guidance suggests that it will not take enforcement action in respect of agreements which:

  • Are appropriate and necessary to avoid a shortage, or ensure security, of supply
  • Are clearly in the public interest
  • Contribute to the benefit or wellbeing of consumers
  • Deal with critical issues that arise as a result of the Covid-19 pandemic
  • Last no longer than is necessary to deal with these critical issues

Last updated on 31st March, 2020