If an employee has had a coronavirus test, can we require them to disclose evidence of their test results?
Obtaining an employee’s Covid-19 test result will amount to processing personal data for the purposes of the General Data Protection Regulation 2016/679 (GDPR) and information about an employee’s health is a special category of data (sensitive personal data under the Data Processing Act 2018 (DPA)).
In accordance with the GDPR and DPA, there must be lawful grounds for processing such information. Most employers rely on employees’ consent to obtain medical information and process sensitive personal data and if the employee is unwilling to give consent, you will not normally be entitled to the information.
Special category data can be processed lawfully if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. Employers may be able to require an employee to disclose their Covid-19 test if there is a substantial public interest, such as ensuring that the employee self-isolate if they have a positive test. However, there is a risk that this measure could be considered disproportionate particularly if it is enforced on all employees as a blanket measure.
Related FAQs
The Information Commissioner’s Office (ICO) announce new guidance in light of coronavirus.
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
The ICO has stated the following:
“Data protection is not a barrier to increased and different types of homeworking. During the pandemic, staff may work from home more frequently than usual and they can use their own device or communications equipment. Data protection law doesn’t prevent that, but you’ll need to consider the same kinds of security measures for homeworking that you’d use in normal circumstances.”
Whether you work from home or in the office, you still need to comply with data protection laws. While you need to process personal data with the same care you use in the office, the home working environment throws up specific data protection concerns particularly in respect of data security. You should make sure you have a home working policy which deals with data protection and these data security issues.
Organisations must ensure that, for staff who can work from home, their obligations in respect of processing personal data are clearly communicated. Organisations may already have a home working policy – if this is the case, then this should be reviewed to ensure it remains relevant and up-to-date for practices during this pandemic.
- On admission to hospital, all adults should be assessed for frailty, irrespective of their age and Covid-19 status. Regard should be had to any comorbidities and underlying health conditions.
- If a patient is identified as potentially having Covid-19, the UK Government guidance on infection prevention and control measures should be followed.
- If Covid-19 is then diagnosed in someone who is not isolated from admission or presentation, the UK Government guidance on actions required when a case was not diagnosed on admission should be followed.
No. You should always treat employees consistently and fairly, but this doesn’t mean treating them all the same, or applying the same requirements. For those employees who have been homeworking and doing so without any problems, then they should be allowed to continue to do so.
We would anticipate that the vast majority, if not all, businesses will be approaching the return on a phased basis, which inevitably means some employees returning to work sooner than others. In reality then, you aren’t treating everyone the same, but try to be fair and consistent; you need to do what works best from a business perspective, but can you rotate people, require them to come in at different times etc. Where people perceive that the planned return is being worked out fairly they are far more likely to buy into this, which will help avoid resentments building up between colleagues.
Endorsing bodies are still processing applications for these visa types and endorsements are still being issued. You usually have to apply for your visa within 3 months of receipt of your endorsement. In most cases you will still be able to submit your application online within this timeframe however it will not be completed as visa application centres across the world are closed. If you cannot apply because you haven’t been able to travel and your endorsement has expired, you may still be eligible for a visa. You should make your application as planned and UKVI will consider all applications on a case by case basis.
- Yes, and this includes furloughed employees under the Coronavirus Job Retention Scheme.
- Employers must continue to assess their new employees or newly eligible existing employees and enrol them where required, but can make use of the statutory postponement procedure which allows them to delay for up to three months the assessment of new employees for the purpose of enrolment (see further details here on the Pensions Regulator’s website). Declarations of compliance for new employers must still be completed in the normal way.
- Postponement cannot be used for re-enrolment. The Regulator recommends employers use the re-enrolment date tool on the Regulator’s website to choose a date up to three months after the third anniversary of enrolment to assess staff for re-enrolment. Further information about employers’ obligations about reenrolment from the Pensions Regulator can be found here. Re-declarations of compliance for new employers must still be completed in the normal way.