How should an employer handle personal information in relation to NHS Test and Trace?
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.
Related FAQs
In recognition of the problems that the current situation is causing, the UK IPO classed the 24th March and all subsequent days as “interrupted days” which means that deadlines that fall within this period will be extended until the UK IPO declares that the interrupted days have ceased. As lockdown has begun to be eased, the IPO has now reviewed its position and has confirmed that the “interrupted days” period will come to an end on the 29 July 2020. This means that Thursday 30 July 2020 will be the first normal day of operation, therefore all “interrupted days” deadlines will expire on this day. Similarly, if your deadline falls after the period of interruption ends, this deadline will not be automatically extended.
The IPO is conscious that many businesses may still be in challenging positions when the period of “interrupted days” end. They will endeavour to continue to provide flexibility and support to assist businesses with their applications. They hope to temporarily remove fees for requests for extensions of deadlines, and will give further updates when this fee exemption is in place.
The IPO continues to encourage applicants to meet original deadlines where they are able. As their offices are closed, the UK IPO is not currently processing paper forms (i.e. hard copy) and faxes. However, they are processing forms which have been submitted electronically, or via email and have made a new email address available for the submission of forms.
Intellectual Property Offices covering other territories have made their own announcements about the extension of deadlines. The EUIPO’s period of extension of deadlines came to an end on the 18th May. However, they have published a Guidance Note and accompanying webinar on the EUIPO website, detailing options for parties who may struggle to meet deadlines and remedies for those who may have missed deadlines.
Yes unless you are self-isolating, infected with Covid-19 or within a vulnerable group.
The Government has issued updated guidance on 13 May providing comprehensive advice to reflect the move to relax lock down restrictions and encourage house sales. The advice can be found here:
Key points to note
Unless you are self-isolating, infected with covid 19 or vulnerable, the guidance states that you can move house, provided you comply with social distancing measures at every stage, whether visiting a seller’s house or accepting visitors or professional for viewings, surveys and removals.
All businesses such as surveyors, estate agents and removals, linked to the housing market may now operate, provided that social distancing measures are observed and safe working procedures (see link below) are followed.
https://www.gov.uk/guidance/working-safely-during-coronavirus-covid-19/homes
House viewing should be conducted virtually wherever possible, and open-house viewings should not be conducted. Houses should be cleaned before and after visitors come, and home owners should vacate during viewings and surveys to minimise the chance of contact. Doors and windows should be left open, and sinks made available for hand washing.
Agents can supervise, provided they maintain social distancing.
New homes show houses should be operated on an appointment basis, and cleaned between viewings, with hand washing facilities made available. Staff should adopt safe working procedures. Housebuilder sale-staff, tradespeople, fitters and NHBC inspectors can all attend to facilitate viewings, fit out, commission equipment and inspect completed homes.
Solicitors and Estate Agents remain unable to open their premises to members of the public, for the time being. Government guidance advises that solicitors adopt special covid 19 clauses to permit flexibility on completion dates where parties become unable to move or complete for reasons connected with the pandemic.
The Law Society in conjunction with other trade and professional bodies in the sector, has published links to pan-industry guidance on the re-opening of the housing market:
https://www.lawsociety.org.uk/news/press-releases/industry-issues-guidance-kickstart-housing-market/
The current situation with the coronavirus pandemic has presented obvious challenges to the effective and fair operation of the Court of Protection (COP). Remote access to the COP has therefore become a necessity to ensure that hearings continue to provide proper access to justice. All parties involved in such cases have a responsibility in achieving this primary aim.
There is not currently a requirement for MHFAs to be DBS checked.
Yes, but as a last resort. In summary, the law requires employers:
- to assess the workplace risks posed to new or expectant mothers or their babies;
- to alter the employee’s working conditions or hours of work to avoid any significant risk to them;
- where it is not reasonable to alter working conditions or hours, or would not avoid the risk, to offer suitable alternative work on terms that are not “substantially less favourable”;
- where suitable alternative work is not available, or the employee reasonably refuses it, the employer should consider whether it is appropriate to suspend the employee on full pay.