How should an employer handle personal information in relation to NHS Test and Trace?
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.
Related FAQs
If the business has areas requiring an increased workforce whilst others require a reduced workforce, staff can be retrained and redeployed across the organisation or even across a wider group of companies. This will not reduce the wage bill but will avoid the need for redundancies. Making fundamental changes to an employee’s role and duties will require their agreement following a fair selection and consultation process.
The GMC recognises the challenges the doctors may face as the situation continues to develop. This includes concerns about the risks to the health of the doctors when treating patients with coronavirus. Doctors should follow the current public health advice including self-isolating if they know or suspect that they are infected or are at a higher risk of infection.
Finally, all necessary steps should be taken to ensure that doctors have access to protective equipment and minimise the risk of transmission when treating patients. It is imperative that a record is kept of all decisions made and how any safety or health concerns have been handled.
The GMC continues to work with NHS England and UK’s Chief Medical Officers to provide updates and advice to all doctors as the situation develops. Click here for more information.
The Competition and Markets Authority (CMA) has issued a number of guidance documents about the application of competition law rules during the coronavirus outbreak. In general, the competition law rules are being relaxed in very specific circumstances.
The government has announced a number of measures to try to protect businesses during the current period of uncertainty. However there is no outright ban on creditors being able to take legal action to recover money they are owed, though there are temporary restrictions on some forms of legal action, like winding up petitions.
However, it is important to note that these measures only relate to winding up proceedings. Creditors will still be free to commence county court claims.
The new Corporate Insolvency and Governance Act 2020 brings in a new “moratorium” procedure. Businesses in financial difficulty that are viable and can be rescued will now be able to work with an insolvency practitioner to obtain at least 20 business days’ breathing space from creditors to allow the business to formulate a plan to deal with its financial problems.
For more information on the Corporate Insolvency and Governance Act, click here
As part of the raft of measures put forward by the government over recent months, there are also restrictions on landlords taking action to evict commercial tenants who miss rent payments. Various payment holidays and forbearance have been put in place in respect of certain tax liabilities and some business rates.
If your business is going to go into an insolvency process like administration or a company voluntary arrangement, there is the ability to obtain a freeze on creditors taking action whilst those procedures are put in place. However, these sorts of moratoriums will not be available to everyone and in any event not unless an insolvency process is being instigated.
Regardless of whether a business has formal protection from creditors or not, engagement with creditors and trying to reach agreement with them to deal with the debt is therefore vital. Much of the protection measures that the Government has introduced like curbing the ability of landlords to evict a commercial tenant, do not wipe out the debt. They simply prevent action being taken or a payment becoming due for a short time. All businesses should use that time to consider how those debts can be dealt with and engage with the relevant stakeholders sooner rather than later.
Yes. The Government has confirmed that those on furlough will also be permitted to volunteer to help the NHS during the coronavirus outbreak without risking their pay.