How should an employer handle personal information in relation to NHS Test and Trace?
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.
Related FAQs
The best advice is that parties should proceed as they would have done before the crisis began.
Interestingly, there is currently no ‘single’ technology to be used by the judiciary within the protocol. The court and parties must choose from a selection of possible IT platforms or audio/telephone hearing (further details available in the guidance e.g. Skype for Business, Microsoft Teams, Zoom etc.) The particular platform must be agreed at the outset of each case and then specified in the case management order. The guidance issued also sets out the basic principles which apply when conducting remote hearings.
Office holders who provide services under an intermediary (such as a service company consultancy agreement) and whose services relate to the office held, would fall under the IR35 regime and must be assessed accordingly.
The National Police Chiefs Council (NPCC) issued guidance mid-April confirming that you can move to a friend’s address for several days to “cool off” following an argument at home. You should strongly consider either yourself or your spouse moving elsewhere where children are involved as it prevents the children from witnessing conflict within the home, at what is already an emotionally charged time for them. Nevertheless, you should also consider and take legal advice on the financial implications of either of you or your partner moving out and how contact with the children is going to be promoted with both parents, if suitable. The Government Guidance has confirmed that children can be moved between households if they have separated parents.
It is still possible to issue Divorce proceedings and much of the process has now been taken online. The main divorce suit is dealt with separately to the separation of financial assets and children arrangements, which can often take much longer to review and discuss. While staff shortages may mean slower turn-around times there is no reason to suspect that a divorce will not otherwise go ahead as anticipated. Once coronavirus has passed, it is likely that divorce rates will spike and there will be an increased demand on the Court system, so your divorce process may take longer if you delay filing your divorce.
It is also still possible to issue Court Applications regarding any financial settlements or children arrangements, however, the Court system was already under significant pressure before coronavirus, so the pandemic will only add to that and we expect Court processes to significantly be slower in those areas.
Court Applications should in any event be used as a last resort and there are alternative dispute resolution processes available which you should consider, including Arbitration and Mediation. Family lawyers are continuing to advise and assist individuals, manage their separations and can provide information about the options available, using alternative methods of communication such as Teams, Skype or Zoom for clients. Understandably, speaking aloud may be difficult in circumstances where you are not able to get any private time away from your spouse due to you being in lockdown and so email correspondence may be the most appropriate method of communication.
From 8 June 2020, people entering the UK from overseas (excluding those entering from Ireland, the Channel Islands or the Isle of Man) must comply with a mandatory 14 day quarantine period. However, for those travelling to England, a number of country specific exemptions have been introduced.
A full list of the countries excluded from the quarantine provisions can be found on the gov.uk website which change on a regular basis, often on short notice.
Where a quarantine period does apply, a person will not be able to leave the place they are staying in for 14 days, except in some very limited circumstances.
These rules will apply to both British and foreign nationals, however there are some further exemptions to this rule where a person is coming to the UK to undertake a certain role (such as a healthcare professional coming to the UK to provide essential healthcare). A full list of the narrow exemptions can be found on the gov.uk website.
Before travelling, individuals will be asked to provide their contact details and information about their journey and the accommodation that they will be self-isolating in. To do this, individuals will need to fill in an online form on the gov.uk website. Individuals who refuse to fill in this form may be fined £100 and/or denied entry at the UK border should they not be a British citizen or UK resident.
The information provided in the form will ensure that the Government can check that an individual is self-isolating at the address given. Where an individual refuses to self-isolate they can be fined £1,000 if they are staying in England or Wales.
Once visa application centres re-open overseas and UK visa applications are processed, this 14 day period will need to be taken into consideration and may require employment start dates in the UK to be delayed.