Skip to content
Menu

Home FAQs How should an employer handle personal information in relation to NHS Test and Trace?

How should an employer handle personal information in relation to NHS Test and Trace?

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

  • Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
  • Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
  • Only use the information for the purpose of managing the workforce during the pandemic.
  • Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
  • Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
  • Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
  • Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
  • Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
  • Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
  • All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

Related FAQs

My visa is about to expire, can I apply to extend it?

Yes, you should submit a new visa application before your current visa expires.

The visa application is a two stage process:

  • First you submit the online application and pay the fee
  • Second you attend a visa application centre to enrol your biometrics and verify your passport.

Submitting a valid online application before your current visa expires secures your right to continue living and working in the UK, even after your current visa has expired.

Visa application centres across the world have been closed due to covid19 but are now mostly re-open to enable you to book an appointment to complete your application, albeit some are experiencing a backlog of applications.

Last updated on 15th May, 2020

What sort of issues are likely to have arisen?

The Coronavirus pandemic will have impacted businesses in many different ways, but some of the most likely impacts that could have a legal implication are as follows:

  • Services were not performed in accordance with contract during the period of disruption. This could be a reduction in volume of services performed, a suspension of services, or performance in a way that does not comply with contractual KPIs
  • Late delivery or non-delivery of goods because of factory closures, or disruption in the supply chain
  • Changes being agreed between parties to contracts to deal with the consequences of the Covid-19 outbreak

Last updated on 7th May, 2020

What are the new Procurement Policy Notes (PPN)?

The Government has produced and published three new Procurement Policy Notes as a direct result of the ever changing Covid-19 environment.

PPN 01/20: Responding to COVID-19

The purpose of PPN 01/20 is to ensure that contracting authorities are able to procure goods, services and works with extreme urgency, to allow them to respond to the pandemic efficiently.

This PPN provides guidance for the following circumstances:

  • Direct award due to extreme urgency (regulations 32(2)(c)) (click here to read our article regarding regulation 32)
  • Direct award due to an absence of competition or protection of exclusive rights
  • Call off from an existing framework agreement or dynamic purchasing system
  • Call for competition using a standard procedure with accelerated timescales
  • Extending or modifying a contract during its term

PPN 02/20: Supplier relief due to COVID-19

PPN 02/20 focuses predominantly on the supplier to assist in keeping supply chains open and ensuring that suppliers are kept financially sound during these unpredictable times.

This PPN provides guidance for the following circumstances:

  • Urgent reviews of contract portfolios and to update suppliers if they believe they are at risk
  • Put in place appropriate payment measure to support supplier cash flow
  • Where contract payments are based on ‘payment by results’ make payments based on previous invoices
  • Ask suppliers to act on a ‘open book’ basis and make cost data available to the contracting authority during this period
  • Ensure invoices submitted by suppliers are paid immediately on receipt

PPN 03/20: Use of Procurement Cards

The third guidance note PPN 03/20 relates to the use of procurement cards to increase efficiency and accelerate payment to suppliers.

This PPN provides the following advice and urges organisations to arrange with their procurement card provider to:

  • Increase a single transaction limit to £20,000 for key card holders
  • Raise monthly limits on spending with procurement cards to £100,000 for key card holders
  • Spend on procurement cards each month in excess of £100,000 should be permissible to meet business needs

Although the above advice has been provided, should these limits not be necessary, organisations should seek an appropriate transaction limit or monthly limit.

The PPN also advises that by 30 April 2020, in scope organisations should:

  • Ensure that a number of appropriate staff have the authority to use these cards
  • Open all relevant categories of spend to enable these cards to be used more widely

Last updated on 17th April, 2020

Can employees take annual leave during a period of furlough?

Yes, however holiday pay during furlough must remain at the normal rate of pay and not the reduced furloughed rate. You can still claim for this period under the scheme but you will be responsible for any amounts beyond the maximum you can claim. Employers have flexibility to restrict when leave can be taken both during and after period of furlough in the normal way.

If an employee usually works bank holidays then the employer can agree that this is included in the grant payment. If the employee usually takes the bank holiday as leave then you would either have to top up their usual holiday pay, or give the employee a day of holiday in lieu.

Last updated on 7th April, 2020

What happens if a patient is admitted to critical care during the pandemic?
  • On admission to critical care, the risks, benefits and likely outcomes of the different treatment options should be discussed with patients, families and carers so they can make informed decisions about their treatment wherever possible.
  • A member of the critical care team should be involved in these discussions whenever the patient or team needs advice about critical care to make decisions about treatment.

Last updated on 26th March, 2020