How should an employer handle personal information in relation to NHS Test and Trace?
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.
Related FAQs
Lenders implementing the Scheme can assist in a number of ways, including:
- Term loans
- Overdrafts
- Invoice finance
- Asset finance facilities
The maximum value available under the scheme is £5m, with repayment terms of up to six years for term loans and asset finance. Overdrafts and invoice finance facilities will be available for up to three years.
An amendment to the Civil Procedure Rules’ Practice Directions has been approved by the Master of the Rolls and the Lord Chancellor on 1 April 2020, and is now Practice Direction 51ZA. This has the effect of allowing the parties to extend by prior written agreement up to a maximum of 56 days (rather than the usual 28 days detailed at CPR 3.8(4)) any rule, practice direction or order provided that any extension does not put at risk any hearing date. This Practice Direction will cease to have effect on 30 October 2020.
Additionally each regions’ Designated Civil Judge (DCJ) has issued a Covid-19 Protocol. There are some minor variations between the regions, but overall the guidance is very similar.
In Northumbria, Durham and Teesside the DCJ guidance for multi-track cases provides that “The parties are at liberty to extend, by consent, any step in the timetable up to a maximum of 90 days (as opposed to the present limit of 28 days)” and the Court does not need to be notified if the Trial date is not effected. Where Trial windows are likely to be impacted due to Covid-19 and the parties are in agreement to extending this, a letter can be sent to the Court with a draft order proposing a new timetable, including a new trial window and agreed availability within the trial window.
The same guidance also confirms that an electronic signature on all documents including witness statements and disclosure statements will suffice.
Yes, however holiday pay during furlough must remain at the normal rate of pay and not the reduced furloughed rate. You can still claim for this period under the scheme but you will be responsible for any amounts beyond the maximum you can claim. Employers have flexibility to restrict when leave can be taken both during and after period of furlough in the normal way.
If an employee usually works bank holidays then the employer can agree that this is included in the grant payment. If the employee usually takes the bank holiday as leave then you would either have to top up their usual holiday pay, or give the employee a day of holiday in lieu.
The CMA is the government body that is responsible for protecting consumers from unfair trading practices. It has announced programme of work to investigate reports of businesses failing to respect cancellation rights during the Coronavirus pandemic.
Based on the complaints received by them from consumers, the CMA has identified three sectors of particular concern:
- Weddings and private events
- Holiday accommodation
- Nurseries and childcare providers
The CMA has expressed concern about the number of complaints that it has received about businesses seeking to retain deposits for cancelled events, undue restrictions being placed on use of vouchers provided for cancelled bookings, and payments being demanded to hold open nursery places.
The CMA has said it will prioritise investigation of these sectors, and then move on to other sectors.
Yes, if they are paid via PAYE. This includes agency workers engaged under umbrella companies.
The furlough should be agreed between the agency (the employer) and the worker and documented in accordance with the guidance. It is recommended that the decision to furlough is discussed with end user clients. Just like other employees, agency workers cannot perform work through or on behalf of the agency while furloughed. This includes work for the client.
For agency staff working under umbrella companies, it is for the umbrella company and the agency worker to agree on furloughing the worker.