How should an employer handle personal information in relation to NHS Test and Trace?
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.
Related FAQs
Every company has to file accounts at Companies House every year. If they are filed late, a fine is automatically levied. If there is a long delay in filing them, the directors are at risk of prosecution and the Registrar of Companies might start a process which could ultimately lead to the company being struck from the register.
However, Companies House has recognised that businesses might currently face exceptional problems in preparing and filing their accounts on time and so have posted a notice on their website which says that if immediately before the filing deadline, it becomes apparent that accounts will not be filed on time due to coronavirus, you can make an application to extend the period allowed for filing.
Head of Commercial, Colin Hewitt, speaks with the team at NewcastleGateshead Initiative about the complexities of event cancellations and the associated legal implications.
Click here to listen to the full podcast.
The Confederation of British Industry
“What you need to know about coronavirus and how it will impact your business”. This includes the very influential and highly regarded daily webinars hosted by Director General Dame Carolyn Fairburn.
https://www.cbi.org.uk/coronavirus-hub/
The Entrepreneurs’ Forum
Links to valuable resources collected by the Entrepreneurs’ Forum team as requested by its members and partner network, including on People, Finances, Physical and Mental Wellbeing, Technology and Leadership.
https://entrepreneursforum.net/support-hub
RTC North
Billed as containing “all the UK government information in one place”, this resource includes information on access to finance, employees, planning and leadership, Growth hub toolkits, and working from home.
https://www.rtcnorth.co.uk/covid-19/
Newcastle Gateshead Initiative (NGI)
Businesses across the UK and around the world are sharing their expertise in everything from remote working to business planning. The team at NGI have collated some of the most useful resources, alongside its own content which is designed to help partner organisations and other businesses across North East England.
https://www.ngi.org.uk/covid-19-business-resources/
North East of England Chamber of Commerce
The NEECC brings together its latest advice and guidance for businesses, as well as some of its own FAQs.
https://www.neechamber.co.uk/covid-19
Greater Manchester Chamber of Commerce
The Chamber has pulled together information about how it and others in the area are supporting all businesses during the Covid-19 outbreak.
https://www.gmchamber.co.uk/covid-19-coronavirus/
North East Growth Hub
The North East Growth Hub toolkit is intended to provide businesses with the latest advice, guidance and support available from government in response to the COVID-19 pandemic. Topics covered include:
- Financial support available for businesses
- Official guidance for employees, employers and businesses
- Advice on effective home working
- How to care for staff/suppliers/customers and prevent the spread of COVID-19
https://www.northeastgrowthhub.co.uk/toolkits/covid-19-coronavirus-toolkit
Pro-Manchester
Links to valuable resources collected by the Pro-Manchester team, including national Government support and advice, regional support and cyber security advice.
https://www.pro-manchester.co.uk/home/covid-19-support/
Innovation SuperNetwork
The Innovation SuperNetwork, a “network of networks”, detail on their website what their team of Innovation Managers are offering during these difficult times, as well as details of funding available, and what is being offered by their numerous partners.
There are several options that can be used at this time to try and settle disputes. If it is not possible to settle a dispute via direct discussions between the parties then some form of Alternative Dispute Resolution (“ADR”) might be appropriate. Mediation is the most popular form of ADR. Most people’s perception of mediation is that it needs to be in person but that does not have to be the case.
Mediation can take place online or on the telephone. Most, if not all, ADR providers remain open for business and are quickly changing their business model to ensure that mediations can still take place. Mediation can be arranged at reasonably short notice and certainly so far as the online model is concerned, it mirrors the process that is adopted when parties appear in person. Online mediation allows for joint sessions with the mediator to take place and also for the parties to break out into their respective rooms for private discussions. If a dispute settles at mediation – and the vast majority do – then the agreement reached between the parties is binding and can be enforced.
A group of senior former judges and legal academics have now called for an acceleration in the use of ADR in light of the current circumstances. They have stated that courts should promote “and where appropriate require” the use of ADR. Mediation has particularly seen an increase in growth at this time.
ADR normally results in a quicker outcome than if the matter proceeds in the courts. Due to its conciliatory nature it is a very useful process where parties continue to be in a trading relationship. Contracting parties should also consider building ADR into dispute resolution clauses in their contracts so that in the event there is a dispute the focus is on resolving the dispute as soon as possible before it escalates into litigation.”
We have teamed up with Scaleup North East to help companies impacted by the coronavirus outbreak plan how to get back to business.
Our specialist lawyers will provide a free “diagnostic” call with eligible businesses across the NE, exploring challenges they are facing in the aftermath of the lockdown, and identify specific steps to survive, and then thrive, in these challenging times and beyond.
Through the collaboration with Scaleup North East, eligible North East-based SMEs are then able to apply for up to 40% funding towards up to £4,000 of legal advice.
These might include:
- Employment issues, such as dealing with a phased return to work
- Measures to support cash-flow, such as amendment to terms of trading and debt collection procedures
- Renegotiations and amendments to contracts, and other advice about contracts with suppliers and customers to deal with consequences of Covid-19
- Managing property costs – review of leases, advice on break clauses and formalisation of any revised arrangements recently put in place with landlords/tenants
- Health and safety implications of return to work and social distancing
Find out more on our website or contact partner Damien Charlton. If you are not eligible because of location but are interested in the free “diagnostic”, please contact us.