Skip to content
Menu

Home FAQs How should an employer handle personal information in relation to NHS Test and Trace?

How should an employer handle personal information in relation to NHS Test and Trace?

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

  • Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
  • Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
  • Only use the information for the purpose of managing the workforce during the pandemic.
  • Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
  • Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
  • Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
  • Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
  • Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
  • Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
  • All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

Related FAQs

Can contractors with public sector engagements and who are in scope (deemed employment) for IR35 purposes be furloughed?

Contractors working for public sector organisations who are deemed employees for IR35 purposes may be eligible to be furloughed provided they are paid via PAYE. In this scenario the agreement to furlough would be made between the contractor’s personal service company (PSC) and the fee payer (usually the agency). The parties would agree that the contractor will carry out no work for the public sector organisation while furloughed and the fee payer would apply for the grant.

At the moment the guidance states that in order to be eligible a claim for furlough must have to have been submitted by 31 July 2020 for a period of 3 weeks between 1 March and 30 June 2020.

Last updated on 14th April, 2020

Can furloughed employees carry out work for another business during furlough?

Yes, if there is a contractual right to do so. Furloughed employees who start work with another employer during this time must inform HMRC that they have another job.

Last updated on 6th April, 2020

Can you still have people on furlough leave full-time after 1 July 2020?

Yes. You can continue to fully furlough employees until 30 September 2021 (but from between 1 August 2020 and 31 December 2020 and from 1 July 2021 you need to contribute to the cost). If on full-time furlough, employees continue not to be able to undertake any work for you. As before, they can undertake training, or volunteer or work for another employer or organisation (if contractually allowed).

Last updated on 16th June, 2020

Am I obliged to offer staff flexible furlough?

No, there is no obligation on employers to offer a flexible furlough arrangement to staff. Operationally, flexible furlough may not be appropriate for your business and equally, returning on a part-time basis may not be suitable for individuals already furloughed for various reasons. Concerns about returning to work part-time or at all should be considered on a case-by-case basis.

Last updated on 2nd June, 2020

What facilities are available under CBILS?

Lenders implementing the Scheme can assist in a number of ways, including:

  • Term loans
  • Overdrafts
  • Invoice finance
  • Asset finance facilities

The maximum value available under the scheme is £5m, with repayment terms of up to six years for term loans and asset finance. Overdrafts and invoice finance facilities will be available for up to three years.

Last updated on 26th March, 2020