If an employee has had a coronavirus test, can we require them to disclose evidence of their test results?
Obtaining an employee’s Covid-19 test result will amount to processing personal data for the purposes of the General Data Protection Regulation 2016/679 (GDPR) and information about an employee’s health is a special category of data (sensitive personal data under the Data Processing Act 2018 (DPA)).
In accordance with the GDPR and DPA, there must be lawful grounds for processing such information. Most employers rely on employees’ consent to obtain medical information and process sensitive personal data and if the employee is unwilling to give consent, you will not normally be entitled to the information.
Special category data can be processed lawfully if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. Employers may be able to require an employee to disclose their Covid-19 test if there is a substantial public interest, such as ensuring that the employee self-isolate if they have a positive test. However, there is a risk that this measure could be considered disproportionate particularly if it is enforced on all employees as a blanket measure.
Related FAQs
Local government legislation formerly stipulated that councillors must be physically present to vote and this requirement has already led to the widespread cancellation of Council meetings. There is a limit to what can be achieved under the chair’s emergency powers and delegation to officers.
The Government has now legislated to allow for remote voting until 7 May 2021. The secondary legislation required was issued in draft on 2 April and has been in force since Saturday 4 April.
The legislation allows for committee meetings to go ahead where members and any members of the public attending remotely can all times “hear (and where possible see) and be heard (and where possible be seen) by the other members in attendance”.
It remains to be seen how many local authorities take up the opportunity to hold a virtual committee meeting. Concern has been expressed that the demographic of local councillors may mean that members have difficulty with the technological mechanisms for holding such meetings. However, the message from the Secretary of State is clear that wherever possible, the planning system should keep moving in these current times.
As the pandemic progresses, more and more people will be forced to self-isolate and, inevitably, both tenants and staff will be affected. Put plans in place to mitigate the impact that this may have, particularly regarding staff shortages. The most important focus here should be communication.
The Covid-19 outbreak will affect the pace of everyday life and delays will be expected. Rather than allowing the pandemic to take over completely, it is important to maintain open communication with tenants as much as possible and inform them of any front-facing challenges that you may face.
The Protocol does envisage that delays may occur and allows for some degree of flexibility. Whilst all efforts should be made to conduct inspections where practical and possible, it should be expected by all parties that timescales will be extended during this crisis. It is fundamental, however, that all changes made to standard practice are communicated and explained to tenants to manage expectations.
Similar flexibility should be afforded to tenants. As households are required to isolate it will not always be possible to gain access to properties as would usually be expected and required. Likewise, vulnerable people will wish to protect themselves and their families and may refuse access on this basis. During this period, a degree of understanding must be exercised and concessions made.
Inspections may be delayed if anyone in the household has symptoms. A questionnaire should be prepared for those visiting properties to assess so far as possible the risk; Personal Protective Equipment should be issued to those visiting, and government guidelines followed.
Employees who are unable to work because they are shielding in line with public health guidance (or need to stay home with someone who is shielding) can be furloughed after 1 July 2020, as long as you have previously submitted a claim for them in relation to a furlough period of at least 3 consecutive weeks taking place any time between 1 March 2020 and 30 June.
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.
One of the key legislative requirements of EMI is that the employee satisfies the working time requirement, which is that they work at least 25 hours per week in the company or, if less, 75% of the employee’s total working time. If the working time requirement ceases to be met, then there is a “disqualifying event”. That means that the tax benefits of EMI ceases. It may also mean that the option lapses, but that depends on the specific terms of the option.
An employee who has been furloughed is by definition no longer working 25 hours/week and therefore on the face of it, there is a disqualifying event. However, the Government has tabled an amendment to the Finance Bill currently going through Parliament providing in effect that time not worked because an employee has been furloughed counts as working time, both for determining whether the working time requirement is met initially and whether there is a disqualifying event. Provided this amendment is enacted, this should address the issue.