What allowances has the Government proposed for company meetings?

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

The European Commission has reintroduced its “comfort letter” system for cooperation in relation to shortage of supply. This allows cooperating businesses to check what the Commission’s view of their proposals are before implementing them.

In the UK context the SMA has introduced an exemption for suppliers of healthcare services to the NHS. This allows:

• Sharing information about capacity
• Coordination of staff deployment
• Joint purchasing of goods, services and facilities
• Sharing or lending of facilities
• Division of activities, including agreeing whether to expand or reduce the volume or type of services provided by suppliers

In relation to whether the CMA will investigate cooperation, it has indicated:

• The CMA will use its discretion as to the prioritisation of its enforcement action to permit some agreements/collaboration which would otherwise potentially give rise to enforcement action (including potentially attracting fines of up to 10% of group worldwide turnover)
• The CMA will use its existing power to exempt certain agreements under the Competition Act 1998 where these are in the public interest

In some circumstances, visitors and customers are required to wear face coverings, such as those travelling on public transport, shoppers and museum visitors. The government guidance states that:

• businesses must remind people to wear face coverings where mandated; and
• premises where face coverings are required should take reasonable steps to promote compliance with the law.

As part of their duty of care to employees and to uphold a relationship of mutual trust and confidence, employers should consider how employees can ensure that visitors and customers comply with the rules and provide their staff with guidance. They must also seek ways to protect their employees both from the risks of those customers not wearing face masks and potential abuse from customers or visitors who decline to wear a face covering. This may include having signs in place requiring customers and visitors to wear a mask and allowing staff to refuse to serve customers if they do not follow the rules.

However, it is ultimately the responsibility of the police, security and public transport officials to remove customers from premises where they are not complying with the rules on face coverings.

The police and Transport for London have been given greater powers by the government to take measures if the public do not comply with the law relating to face coverings without a valid exemption, such as refusing to wear a face covering. This includes issuing fines which have now been increased to £200 for the first offence (and £100 if paid within 14 days). Transport operators can also deny access to their public transport services if a passenger is not wearing a face covering, or direct them to wear one or leave a service.

• Start critical care treatment with a clear plan of how the treatment will address the diagnosis and lead to agreed outcomes.
• Review critical care treatment regularly and when the patient’s clinical condition changes.
• Stop critical care treatment when it is no longer considered able to achieve the desired outcomes. Record the decision and the discussion with family, carers and the patient (if possible).

The Act is intended to facilitate the rescue of businesses that are in financial difficulty by preventing suppliers from invoking certain termination clauses under a supply contract, and therefore maintaining supply of goods and services to the business whilst plans to save the business can be considered.

Supply contracts often contain a clause enabling them to terminate the contract, or take other steps such as requiring payment in advance,  in the event that the customer enters an insolvency procedure.

This new Act removes any such contractual right by dis-applying any clause that allows the supplier to terminate the contract, or take any other step, due to the customer entering an insolvency process.

Suppliers are also prevented from demanding payment for pre-insolvency debts owed by the customer as a condition of continued supply.

Additionally, where the supplier had a contractual right to terminate the contract due to an event occurring before the customer went into the insolvency process (whether or not linked to payment issues), the supplier loses this right for the duration of the insolvency process.