Skip to content
Menu

Home FAQs How should an employer handle personal information in relation to NHS Test and Trace?

How should an employer handle personal information in relation to NHS Test and Trace?

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

  • Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
  • Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
  • Only use the information for the purpose of managing the workforce during the pandemic.
  • Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
  • Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
  • Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
  • Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
  • Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
  • Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
  • All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

Related FAQs

What support is provided by the government under CBILS?

The Government will provide the lender with a partial guarantee (80%) against the outstanding facility balance, subject to an overall cap per lender. Note, the Government guarantee is to the lender only, the borrower will always remain 100% liable for the debt.

We understand that will make an initial claim for recovery against the borrower and will, once its normal recovery procedures have been completed, claim against the Government guarantee.

Last updated on 26th March, 2020

What is the Clinical Negligence Scheme for Coronavirus?

The Government has recently passed the Coronavirus Act 2020 in a response to the challenges posed by the pandemic, especially in relation to those facing the NHS during this time of crisis.  NHS Resolution worked closely with the Department for Health and Social Care to draft a clause within the Coronavirus Act providing indemnity for clinical negligence for any coronavirus related activity not currently covered by an existing arrangement.  In order to implement this clause, NHS Resolution has launched the Clinical Negligence Scheme for Coronavirus (“CNSC”).

It is intended that the CNSC will cover new contracts put in place for healthcare arrangements to respond to coronavirus, such as organisations supporting testing arrangements or Independent Contractors making agreements with NHS England and NHS Improvement to release capacity to the NHS.  Membership is not required for this scheme and the contracts entered into will automatically provide indemnity under the scheme.

The CNSC will not replace existing indemnity provisions made under the Clinical Negligence Scheme for Trusts (“CNST”) and it has been confirmed that the new Nightingale Hospitals will be covered by CNST rather than CNSC.  Similarly, NHS Resolution have confirmed that those doctors and nurses returning to practice from retirement, or those joining as students will be covered by the CNST or, where applicable the Clinical Negligence Scheme for General Practice (“CNSGP”).  The CNSC will not cover returning midwives to the profession, but the Royal College of Midwives have confirmed that they will extend all of the benefits of membership including Medical Malpractice Insurance to returning retired midwives.

For more information regarding this please click here.

Last updated on 7th April, 2020

I hold a licence but can’t trade. Can I terminate it?

A licence to occupy premises is not an interest land and operates as a commercial contract between the parties that enter into it. Licences tend to be put in place to cover short periods and consequently they are generally a lot more flexible than commercial leasing arrangements. To that extent occupants under licences should review the contract to establish whether or not there are any provision allowing them to terminate on notice to the Licensor.

Occupants under licences that are granted for longer periods without the option to terminate may try to argue that the contract has frustrated because they are effectively unable to occupy.

Last updated on 2nd April, 2020

How are civil hearings being conducted?

The majority of hearings are taking place by video or phone.

Court guidance has been issued on telephone and video hearings during the coronavirus outbreak:

https://www.gov.uk/guidance/hmcts-telephone-and-video-hearings-during-coronavirus-outbreak

Where a Judge orders “teleconferencing”, it will take place using BTMeetMe, or video conferencing using Skype for Business or Cloud Video Platform.

All hearings are subject to the relevant jurisdictional rules and practice directions and usual court etiquette, including wearing appropriate attire and not eating or drinking during a hearing.

Electronic bundles of documents and authorities (if required) need to be prepared, indexed and paginated and sent to the Court well in advance of any hearing.

Last updated on 15th May, 2020

What are the changes to the law?

On 25th June 2020, the Corporate Insolvency and Governance Act, among other things, introduced new restrictions on suppliers of goods and services to terminate the contract in the event that the customer enters an insolvency process.  This has very important consequences for many businesses as it could expose them to greater financial risks.

Last updated on 5th June, 2020