How should an employer handle personal information in relation to NHS Test and Trace?
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.
Related FAQs
It is a theoretical possibility that “anti-vax” beliefs could be a philosophical belief under the Equality Act 2010 and therefore anti-vaxers have the right not to be discriminated against for their beliefs. Much will depend on why the individual is against the vaccine. Conspiracy theorists (the vaccine is being used as an opportunity to monitor you or it’s all because of 5G) are highly unlikely to be treated as having a philosophical belief!
The scheme is being administered by HMRC under a new online portal that has been set up. It applies to businesses, charities, recruitment agencies, individuals who employ a nanny, administrators (where there is a reasonable likelihood of re-hiring the workers) and public authorities.
All employers with a UK payroll can apply as long as you have:
- Created and started a PAYE payroll scheme on or before 28 February 2020
- Enrolled for PAYE online (which can take up to 10 days)
- A UK bank account.
To make a claim you will need:
- The number of employees being furloughed
- The start and end date of the claim
- The name and National Insurance Numbers for each furloughed employee
- Your employer PAYE reference number
- To be registered for PAYE online
- The Self-Assessment Unique Taxpayer Reference, Corporation Tax Unique Taxpayer Reference or Company Registration Number as appropriate for your entity
- Your UK bank account details and sort code
- Your name and contact number
- Your organisation’s registered name
- Your organisation’s billing address
- The full amounts you are claiming for including:
- Employee wages
- Employer national insurance contributions
- Employer minimum pension contributions
For claims for those who are flexibly furloughed you will also need:
- the number of usual hours the employee would work during the claim period
- the hours the employee has worked or will work during this period
- you will also need to keep a record of the number of furloughed hours that the employee has or will be furloughed for.
You will need the above information ready before you access the system to make a claim. You will also need to have calculated the amounts claimed in advance as the application needs to be completed in one session. You can currently save one draft of the application and it must be completed within 7 days of starting it.
The Government has issued a step-by-step guide for employers who wish to make a claim under the scheme which can be found using the link below. It contains useful information about calculating the payments claimed. You will need to register for a Government Gateway ID and password if you do not yet have one in order to access the portal.
If you use an agent who is authorised to act for you for PAYE purposes, they will be able to make a claim on your behalf. If you use a file only agent (who files your RTI return but doesn’t act for you on any other matters) they won’t be authorised to make a claim for you and you will need to make the claim yourself. A file only agent can assist you in obtaining the information required to make a claim (listed above). If an agent makes a claim on your behalf you will need to tell them which bank account you would like the grant to be paid into.
For claims for fewer than 100 employees you will need to input the details separately for each employee. If claiming for more than 100 employees you can upload a file with the information instead. The file should include the following information for each furloughed employee: name, National Insurance number, claim period and claim amount, payroll/employee number (optional). You will also need to include details of hours normally worked, actual hours worked and hours furloughed for those who are flexibly furloughed.
The need to demonstrate the impact of coronavirus on your business is not one of the criteria listed above about who can make a claim, so the government does not appear to intend to set a specific test to determine if a business is “severely impacted by coronavirus”. You are not required to explain the impact of Coronavirus on your business when submitting your claim.
HMRC will retain the right to audit any claim retrospectively. You must keep records for 6 years including:
- the amount claimed and claim period for each employee
- the claim reference number
- you calculations for each claim
- details of hours usually worked and hours actually worked for flexibly furloughed employees.
You must tell your employees that you have made a claim under the scheme, and you must continue to pay their wages during this time.
The Government has produced and published three new Procurement Policy Notes as a direct result of the ever changing Covid-19 environment.
PPN 01/20: Responding to COVID-19
The purpose of PPN 01/20 is to ensure that contracting authorities are able to procure goods, services and works with extreme urgency, to allow them to respond to the pandemic efficiently.
This PPN provides guidance for the following circumstances:
- Direct award due to extreme urgency (regulations 32(2)(c)) (click here to read our article regarding regulation 32)
- Direct award due to an absence of competition or protection of exclusive rights
- Call off from an existing framework agreement or dynamic purchasing system
- Call for competition using a standard procedure with accelerated timescales
- Extending or modifying a contract during its term
PPN 02/20: Supplier relief due to COVID-19
PPN 02/20 focuses predominantly on the supplier to assist in keeping supply chains open and ensuring that suppliers are kept financially sound during these unpredictable times.
This PPN provides guidance for the following circumstances:
- Urgent reviews of contract portfolios and to update suppliers if they believe they are at risk
- Put in place appropriate payment measure to support supplier cash flow
- Where contract payments are based on ‘payment by results’ make payments based on previous invoices
- Ask suppliers to act on a ‘open book’ basis and make cost data available to the contracting authority during this period
- Ensure invoices submitted by suppliers are paid immediately on receipt
PPN 03/20: Use of Procurement Cards
The third guidance note PPN 03/20 relates to the use of procurement cards to increase efficiency and accelerate payment to suppliers.
This PPN provides the following advice and urges organisations to arrange with their procurement card provider to:
- Increase a single transaction limit to £20,000 for key card holders
- Raise monthly limits on spending with procurement cards to £100,000 for key card holders
- Spend on procurement cards each month in excess of £100,000 should be permissible to meet business needs
Although the above advice has been provided, should these limits not be necessary, organisations should seek an appropriate transaction limit or monthly limit.
The PPN also advises that by 30 April 2020, in scope organisations should:
- Ensure that a number of appropriate staff have the authority to use these cards
- Open all relevant categories of spend to enable these cards to be used more widely
One of the key legislative requirements of EMI is that the employee satisfies the working time requirement, which is that they work at least 25 hours per week in the company or, if less, 75% of the employee’s total working time. If the working time requirement ceases to be met, then there is a “disqualifying event”. That means that the tax benefits of EMI ceases. It may also mean that the option lapses, but that depends on the specific terms of the option.
An employee who has been furloughed is by definition no longer working 25 hours/week and therefore on the face of it, there is a disqualifying event. However, the Government has tabled an amendment to the Finance Bill currently going through Parliament providing in effect that time not worked because an employee has been furloughed counts as working time, both for determining whether the working time requirement is met initially and whether there is a disqualifying event. Provided this amendment is enacted, this should address the issue.
- Integration:
- Is the individual held out as being employed by the business by having a company email address, uniform, how would they introduce themselves to customers?
- Exclusivity:
- Is the contractor restricted from working for other organisations without the consent of the end user client?
- Length of engagement:
- Is the contractor engaged to work on a specific project for a defined period? Or are they engaged for an indefinite period with no reference to a specific task or project?
- Pay:
- Are there regular fixed payments or is payment on completion of specific task or commission based? Is the contractor entitled to benefits or bonuses?
- Facilities:
- Does the contractor provide their own equipment and materials to provide the services?
- Financial risk:
- Is the contractor personally responsible for any loss arising from their work in performing the services? Will they have to rectify unsatisfactory work at their own time and expense? Will they have the opportunity to profit from the success of a project?