What are the data protection implications of holding Covid-19 health data?

Residents will be obliged to:

• Not act in a way that creates a significant risk of a building safety risk materialising
• Not interfere with building safety equipment in the common parts
• Comply with an Accountable Person’s request for information in relation to the assessment and management of building safety risks.

The Accountable Person then has powers in relation to these duties, including:

• Issuing a contravention notice, requiring a resident to pay for replacement or repair of safety equipment which they have interfered with
• Applying for court orders in certain situations
• Requesting access at a reasonable time (in writing with at least 48 hours’ notice) to a resident’s property for the purposes of assessing or managing building safety risks, or checking compliance with the resident’s duties as above.

Secondary legislation is still awaited to bring these provisions into force, so the timing is unknown, but it will likely be within the next 12 months in line with the anticipated timetable for the remainder of the Act.

Head of Commercial, Colin Hewitt, speaks with the team at NewcastleGateshead Initiative about the complexities of event cancellations and the associated legal implications.

Click here to listen to the full podcast.

The Coronavirus pandemic will have impacted businesses in many different ways, but some of the most likely impacts that could have a legal implication are as follows:

• Services were not performed in accordance with contract during the period of disruption. This could be a reduction in volume of services performed, a suspension of services, or performance in a way that does not comply with contractual KPIs
• Late delivery or non-delivery of goods because of factory closures, or disruption in the supply chain
• Changes being agreed between parties to contracts to deal with the consequences of the Covid-19 outbreak

The Information Commissioner’s Office (ICO) announce new guidance in light of coronavirus.

The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/

The ICO has stated the following:

“Data protection is not a barrier to increased and different types of homeworking. During the pandemic, staff may work from home more frequently than usual and they can use their own device or communications equipment. Data protection law doesn’t prevent that, but you’ll need to consider the same kinds of security measures for homeworking that you’d use in normal circumstances.”

Whether you work from home or in the office, you still need to comply with data protection laws. While you need to process personal data with the same care you use in the office, the home working environment throws up specific data protection concerns particularly in respect of data security. You should make sure you have a home working policy which deals with data protection and these data security issues.

 Organisations must ensure that, for staff who can work from home, their obligations in respect of processing personal data are clearly communicated. Organisations may already have a home working policy – if this is the case, then this should be reviewed to ensure it remains relevant and up-to-date for practices during this pandemic.

If the duties are so fundamentally different from their contracted role, then yes. For example, if you are asking a frontline clinical member of staff to undertake administrative tasks in another area, then this will be a fundamental change to their terms and conditions for which you need their consent.

If there is a minor alteration to their duties, or the clause within their contract is wide enough to cover their amended duties, then arguably to do not need their consent but best practice would be to obtain their agreement.