Skip to content
Menu

Home FAQs Should I have a homeworking policy?

Should I have a homeworking policy?

If organisations don’t have a formal home working policy, then they should set out, as soon as possible, in clear terms, what is expected of employees from a data protection perspective when working from home. These might include:

  • If someone is using their own device for remote working, ensuring that any devices that hold work-related information have up-to-date anti-virus software and that broadband connections have properly configured firewalls
  • Reminding staff to contact the organisation’s IT department if they encounter any issues with home working, and not to try and resolve any issues themselves
  • Reminding staff that they should notify relevant individuals within the organisation if they consider that there might have been a personal data breach. A breach will still be notifiable even if it does occur at home during the pandemic. These should be logged by the organisation in their data breach log in the normal way
  • Ensuring staff lock their devices whenever they are not using them
  • Where possible, working in a separate part of the home to family members
  • Ensuring confidentiality of information – advising staff not to have phone calls where others are likely to hear the conversation. This might mean moving to a different room, closing the door, or arranging a call for a more convenient time. If employees have smart speakers, you may want to consider advising them to either turn these off, if they are working in the same room as it, or work in a different room
  • Wherever possible, avoid taking hard copy documents home, and, if papers are taken home, never placing those papers in a bin or using a home shredder – any such papers should be shredded back at the office in the usual way
  • Locking any papers in a safe place
  • Not using social media platforms (unless already used and permitted by the organisation) to discuss work matters
  • Advising extra caution with incoming emails as at times such as this there may be an increased risk of fraud, email hacking, spear phishing etc.
  • Avoiding information being sent to personal email accounts (for example, so it can then be printed at home)
  • Reminding staff of your organisation’s Information Security policies, procedures and protocols. These could be emailed to all staff working from home or they could be directed to such documents on the organisation’s intranet, for example

Organisations should also ensure that their remote access systems can cope with increased demand.

Whilst the ICO appreciates the unprecedented nature of this pandemic, it does not mean that organisations can forget about their obligations as controllers of personal data. If a major data security breach were to happen, there is still the possibility of enforcement action where the organisation didn’t put in place good risk mitigation measures.

We have a specialist team of data protection lawyers here at Ward Hadaway, and would be happy to discuss any data protection concerns or issues that you might have.

Related FAQs

What is the guidance in relation to the Mental Capacity Act 2005 and Deprivation of Liberty Safeguards during the Covid-19 pandemic?

The Department of Health & Social Care has published guidance for hospitals, care homes and supervisory bodies on the Mental Capacity Act 2005 (MCA) and Deprivation of Liberty Safeguards (DoLS) during the coronavirus pandemic.

In many scenarios created or affected by the pandemic, decision makers in hospitals and care homes will need to decide:

  • if new arrangements constitute a ‘deprivation of liberty’ (most will not), and
  • if the new measures do amount to a deprivation of liberty, whether a new DoLS authorisation will be required (in most cases it will not be).

If a new authorisation is required, decision makers should follow their usual DoLS processes, including those for urgent authorisations.

A summary of the key points to be taken from the guidance is outlined below:

Use of the MCA and DoLS due to Covid-19

  • During the pandemic, the principles of the MCA and the safeguards provided by DoLS still apply.
  • It may be necessary to change the usual care and treatment arrangements, for example to provide treatment for people with Covid-19, to move them to a new hospital or care home to better utilise resources or to protect them from becoming infected.
  • All decision makers are responsible for implementing the emergency Government health advice  and any decision made under the MCA must be made in relation to a particular individual, it cannot be made in relation to groups of people.

Best interest decisions

  • In many cases, a best interests decision will be sufficient to provide the necessary care and treatment for a person who lacks the capacity to consent to the care and/or treatment arrangements during this emergency period.
  • If an individual has made a valid and applicable advance decision to refuse the treatment in question, then the relevant treatment, even for Covid-19, cannot be provided.

Delivering life-saving treatment

  • Where life-saving treatment is being provided in care homes or hospitals, including for the treatment of Covid-19, then the person will not be deprived of liberty as long as the treatment is the same as would normally be given to any person without a mental disorder.
  • The DoLS will therefore not apply to the vast majority of patients who need life-saving treatment who lack the mental capacity to consent to that treatment, including treatment to prevent the deterioration of a person with Covid-19.

The full guidance can be found here.

Last updated on 14th April, 2020

Can you require an employee to tell their employer whether they have been tested for coronavirus/the results of that test?

Yes, this is very likely to amount to a reasonable management instruction which is put in place for public health reasons. Employers should make it clear to their employees that this is something they are required to do and that if they fail to do so this may lead to disciplinary action.

Last updated on 23rd June, 2020

What amount do you claim under the Flexible Furlough Scheme?

You will claim a pro rata’d amount of 80% of salary, based on the proportion of hours not worked out of the employee’s normal working hours (their “usual” hours).

There are 2 ways to calculate an employee’s usual hours, depending on whether they have fixed or variable hours/pay:

  • For those with fixed hours/pay, you take the number of hours worked in the pay period before 19 March 2020.
  • For those with variable hours/pay, you take the higher of:
  1. the average number of hours worked in the tax year 2019 to 2020 or
  2. the corresponding calendar period in the tax year 2019 to 2020.

If employees are paid per task or piece of work done, you should work out the usual hours for these employees in the same way as for other employees who work variable hours, if possible.

When you calculate the usual hours, you should include any hours of leave for which they were paid their full contracted rate (such as annual leave) and any hours worked as overtime (but only if the pay for those hours was not discretionary).

Last updated on 16th June, 2020

Capability issues

All organisations have underperformers. Capability is a potentially fair reason to dismiss and is separate to any redundancy procedures.

Generally, capability falls into either absences through illness or underperformance in the role. Those who are absent through sickness can be furloughed, but when furlough comes to an end they will need to go back onto sickness. If you are looking to tackle absence then you need to tackle long term and short term absence in a different way.

Long term absence: You need to establish whether the employee is able to return to work (with or without reasonable adjustments) in the medium term. This requires medical opinion and be careful of disability issues. Reasonable adjustments are likely to be important.

Short term absence: You will need to demonstrate that you have fair absence triggers in place and there is normally be a 3 stage procedure: warning and final warning followed by dismissal on notice. Each stage needs a fair procedure, with written information, a fair hearing and the opportunity to appeal. Be careful of disability issues.

As for underperformance: To tackle this, you will need to have clear SMART objectives in place and evidence of the employee failing to meet these. There would then normally be a 3 stage procedure: warning and final warning followed by dismissal on notice. Each stage needs a fair procedure, with written information, a fair hearing and the opportunity to appeal.

Last updated on 6th May, 2020

Do you have to reach agreement during collective consultation?

Although an employer is obliged to conduct consultation “with a view to reaching an agreement”, it is not required to actually agree to any counter proposals made by the employee representatives. Merely to consider them in good faith.

Last updated on 7th May, 2020