How should an employer handle personal information in relation to NHS Test and Trace?
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.
Related FAQs
Under usual rules, workers are entitled to a minimum of 28 days holiday including bank holidays, each year. Except in limited circumstances, it cannot be carried between leave years meaning that workers lose their holiday if they do not take it.
The government passed emergency legislation relaxing the carry-over of the 20 days leave entitlement provided under EU law. Where it is not reasonably practicable for an employee to take leave in the relevant leave year as a result of the effects of the coronavirus then they could be entitled to carry over the untaken leave into the next year.
During the COVID-19 global pandemic, trials and hearings have been mostly conducted over Skype for Business and various other online platforms. Looking forward to the future, what we have experienced during the lock-down may continue and we believe will make litigation a more streamlined, user friendly experience for litigants.
One example of a regime which has been introduced is hybrid trials for lower value claims. Hybrid trials allow for parties and their witnesses to be linked into the court room by video link, whilst the judge and advocates are present in court. This makes it easier and frees up more time for witnesses, which would otherwise be spent in travel and waiting time, especially for those with other commitments.
With hybrid trials, clients still get a full legal experience and the judge will still apply normal legal principles during the trial. The procedure for the case is the same, both leading up to the trial or hearing and during the case itself; except without the need to physically attend court. It may also mean that there will be less of a backlog arising from the current crisis with cases continuing to be heard, allowing for matters to be listed earlier and a quicker outcome for the parties involved.
The shift to the use of online platforms may prove more practical for all those involved in legal matters. Interim hearings can be heard remotely resulting in a time and cost saving for litigants. Even for the final hearing only the legal representatives need to attend court – again resulting in time and cost savings for all concerned.
The MHFA training makes this clear, it should be made clear in the MHFA role specification and procedures and discussed during regular MHFA peer support and MHFA surgery sessions. It is important to ensure that where an Employee Assistance Programme is in place, all MHFAs have details of that scheme available so they are able to instantly share details of the scheme with those who require support. If in doubt due to serious concerns then using 999 or Samaritans is an option.
As discussed above, Covid-19 will inevitably deplete the workforce of housing providers in the foreseeable future. It would be prudent to consider making short-term policy changes to deal with this situation and manage the expectations of tenants going forward. A key policy change to consider is the extension of the standard lead-time for completing all non-urgent repairs and inform tenants of this change.
Such a change will also reduce pressure on landlords and front-facing staff.
As above, employers must protect the interests of their staff, particularly regarding health and safety. Extra care should be exercised when assessing the level of emergency of a repair on a case by case basis. All efforts should be made to reduce the number of attendances at properties by repair staff, whilst keeping all tenants safe.
As ever, communication is key – the pandemic cannot be used as a blanket excuse for abstaining from all duties and obligations. Housing providers must take a pragmatic approach in safeguarding customers whilst considering the interests of is workers. Maintaining lines of communication with all parties remains paramount.
No. The Home Office has confirmed that sponsors do not need to report sponsored workers as working from home, where this is directly related to the coronavirus outbreak.
However any UK employers who sponsor overseas workers, should also ensure that they remain compliant with their other sponsor licence duties, which includes reporting any change to an employee’s salary and duties.