What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
There are two stages:
- Stage 1 – The provision of written information to the representatives.
- Stage 2 – Consultation on the proposed redundancies “with a view to reaching agreement” about certain matters
Stage 1: Provision of information
The first stage in the collective consultation process is to provide the representatives with written information including details of the proposed redundancies (often called a section 188 letter). This information must be given to the appropriate representatives and the time limit before dismissals can take effect does not start to run until they have received it. It is this information which ‘starts the clock’.
It is possible that there will be changes to the proposals during the consultation process: indeed that is part of the reason for the process. The employer’s obligation is not just to provide the appropriate representatives with the relevant information at the start of the process. It is under a continuing obligation to provide them with information in writing about any developments during the consultation process (although later changes do not ‘restart the clock’ before dismissals can take effect).
Stage 2: Consultation on the proposed redundancies “with a view to reaching agreement” about certain matters
The consultation process must include consultation “with a view to reaching agreement with the appropriate representatives” on ways of:
- Avoiding the dismissals
- Reducing the number of employees to be dismissed
- Mitigating the consequences of the dismissals
The guidance is helpful and is likely to be useful to businesses as they seek to respond to the crisis and to restart their business activities as lockdown is eased. However, there remain outstanding questions. For example, can collaboration to prevent widespread insolvencies be viewed as in the interest of consumers? Businesses need to remain aware of the extremely high stakes involved in relation to competition law. Businesses contemplating collaboration with competitors should take legal advice before doing so.
In recognition of the problems that the current situation is causing, the UK IPO classed the 24th March and all subsequent days as “interrupted days” which means that deadlines that fall within this period will be extended until the UK IPO declares that the interrupted days have ceased. As lockdown has begun to be eased, the IPO has now reviewed its position and has confirmed that the “interrupted days” period will come to an end on the 29 July 2020. This means that Thursday 30 July 2020 will be the first normal day of operation, therefore all “interrupted days” deadlines will expire on this day. Similarly, if your deadline falls after the period of interruption ends, this deadline will not be automatically extended.
The IPO is conscious that many businesses may still be in challenging positions when the period of “interrupted days” end. They will endeavour to continue to provide flexibility and support to assist businesses with their applications. They hope to temporarily remove fees for requests for extensions of deadlines, and will give further updates when this fee exemption is in place.
The IPO continues to encourage applicants to meet original deadlines where they are able. As their offices are closed, the UK IPO is not currently processing paper forms (i.e. hard copy) and faxes. However, they are processing forms which have been submitted electronically, or via email and have made a new email address available for the submission of forms.
Intellectual Property Offices covering other territories have made their own announcements about the extension of deadlines. The EUIPO’s period of extension of deadlines came to an end on the 18th May. However, they have published a Guidance Note and accompanying webinar on the EUIPO website, detailing options for parties who may struggle to meet deadlines and remedies for those who may have missed deadlines.
Although there is no formal selection process that must be followed in order to furlough staff, the basis for selecting who will be furloughed should be explained to all relevant staff. Basing this on work levels, required skills or whether work can in fact be carried out efficiently from home will help this process. Staff can be invited to volunteer to be furloughed or re-furloughed. Any requests can be considered on a case by case basis. It may be that a particular skill set is required which may result in an employee’s request being refused.
The Government has produced workplace guidance for employers, setting out 2 key messages for employers:
- Continue to make workplaces as safe as possible; and
- Encourage workers to heed any notifications to self-isolate and to support them while they are require to isolate
Government guidance can be accessed here: How it works (an overview) and Workplace guidance for employers.