What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
To qualify for a grant under the scheme you must pay your furloughed staff the wages you are claiming for. Failure to do so may result in a HMRC investigation and/or claims from furloughed staff for unlawful deductions from wages and possibly constructive dismissal claims.
Normal benefits including non-monetary benefits should continue during furlough unless the individual has agreed in writing to reduce or remove a benefit during this time.
Employers are expected to apply for one or more of the financial support schemes available to be able to continue to pay staff.
Endorsing bodies are still processing applications for these visa types and endorsements are still being issued. You usually have to apply for your visa within 3 months of receipt of your endorsement. In most cases you will still be able to submit your application online within this timeframe however it will not be completed as visa application centres across the world are closed. If you cannot apply because you haven’t been able to travel and your endorsement has expired, you may still be eligible for a visa. You should make your application as planned and UKVI will consider all applications on a case by case basis.
The Home Office has not stated when it will end these temporary measures, albeit it has stated that it will provide a warning. Where employers have carried out checks using the temporary measures, the Home Office has confirmed that it will require employers to carry out retrospective checks on any of the following:
- Employees who started working for you when the temporary measures were in place
- Employees who required a follow up check during the temporary measures (for example because their previous leave was coming to an end).
It is not explicit from the guidance but these retrospective checks must require you to have in your possession the physical ID in its original form. When carrying out the retrospective check, employers must record this using the following wording “the individual’s contract commenced on [insert date]. The prescribed right to work check was undertaken on [insert date] due to Covid-19.”
These further checks must be made within eight weeks of the temporary measures ending, and employers must keep records of both checks undertaken. Where the employer discovers that the employee does not have the right to work during the retrospective check they should stop employing them.
Initially, the relaxation applied to supermarkets and food suppliers. This was subsequently widened to apply to other businesses, permitting them to collaborate where necessary to respond to the crisis in the interests of consumers.
In some circumstances, visitors and customers are required to wear face coverings, such as those travelling on public transport, shoppers and museum visitors. The government guidance states that:
- businesses must remind people to wear face coverings where mandated; and
- premises where face coverings are required should take reasonable steps to promote compliance with the law.
As part of their duty of care to employees and to uphold a relationship of mutual trust and confidence, employers should consider how employees can ensure that visitors and customers comply with the rules and provide their staff with guidance. They must also seek ways to protect their employees both from the risks of those customers not wearing face masks and potential abuse from customers or visitors who decline to wear a face covering. This may include having signs in place requiring customers and visitors to wear a mask and allowing staff to refuse to serve customers if they do not follow the rules.
However, it is ultimately the responsibility of the police, security and public transport officials to remove customers from premises where they are not complying with the rules on face coverings.
The police and Transport for London have been given greater powers by the government to take measures if the public do not comply with the law relating to face coverings without a valid exemption, such as refusing to wear a face covering. This includes issuing fines which have now been increased to £200 for the first offence (and £100 if paid within 14 days). Transport operators can also deny access to their public transport services if a passenger is not wearing a face covering, or direct them to wear one or leave a service.