Who can bring a claim for financial provision?

The Act was obviously subject to much debate and criticism as the Bill passed through Parliament. It is difficult to properly assess any gaps until after the necessary secondary legislation has been published and comes into force (along with the remainder of the Act), but some of the likely issues include:

• The impact on the insurance market, and the (lack of) availability and increased cost of insurance in light of the provisions of the Act
• How the introduction of retrospective claims will affect the market, both in relation to how parties might go about trying to prove matters which are 30 years old, but also the lack of certainty for those potentially on the receiving end of these claims which they previously had by virtue of the Limitation Act provisions
• Whether the definition of higher risk buildings is correct, or will require some refinement.

The Martlet v Mulalley case provides some useful observations and clarifications, for example that designers cannot necessarily rely on a ‘lemming’ defence that they were simply doing what others were doing at the time, that ‘waking watch’ costs are generally recoverable, and commentary on certain specific Building Regulations. The judgment however made clear that much of the case turned on its specific facts, so it is useful from the perspective of providing some insight as to how the Courts will deal with cladding disputes in future, rather than setting significant precedents to be followed.

Employers will need to be flexible with employees who are unable to return to work at present due to childcare difficulties. While schools have reopened, a period of isolation may result in employees having to keep children off school/nursery and therefore have childcare issues. Some employees will be able to manage this with their partner and extended family, whereas others will not. Where an employee simply cannot make any other arrangements to care for their children in the short term then they will be unable to return to work until that situation changes. Any dismissals on the basis that someone is unable to return to work as a result of lack of childcare are likely to be unfair, at least in the short term where such employees may well be able to demonstrate that they had no options available to them.

Obtaining an employee’s Covid-19 test result will amount to processing personal data for the purposes of the General Data Protection Regulation 2016/679 (GDPR) and information about an employee’s health is a special category of data (sensitive personal data under the Data Processing Act 2018 (DPA)).

In accordance with the GDPR and DPA, there must be lawful grounds for processing such information. Most employers rely on employees’ consent to obtain medical information and process sensitive personal data and if the employee is unwilling to give consent, you will not normally be entitled to the information.

Special category data can be processed lawfully if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. Employers may be able to require an employee to disclose their Covid-19 test if there is a substantial public interest, such as ensuring that the employee self-isolate if they have a positive test. However, there is a risk that this measure could be considered disproportionate particularly if it is enforced on all employees as a blanket measure.

The duty is to inform and consult appropriate representatives of the “affected employees”.

Note that the term “affected employees” means those who may be “affected by the proposed dismissals or who may be affected by measures taken in connection with those dismissals”. The term extends beyond those immediately at risk of dismissal to include those affected by measures associated with the redundancies.

“Appropriate representatives” can be:

• The Trade Union (if recognised)
• (For any roles not covered by collective recognition) any existing standing body of elected or appointed employee representatives (if already in place)
• Employee representatives, who are elected specifically for redundancy consultation

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.