Will the golden thread requirements in relation to maintaining a central record of building info be retrospective?

The coronavirus outbreak has seen State support being given to businesses on an unprecedented scale.

This issue is likely to be increasingly relevant as Governments seek to protect and stimulate their economies as they emerge from lockdown.

How have the rules been relaxed in the context of the crisis and what facets of the existing law can be used for the State to provide support to undertakings?

Many will have worked collaboratively with their suppliers and customers to deal with the immediate public health crisis. This will have meant offering flexibility as to contractual arrangements, whether in delivery dates, volumes of goods or services supplied, or even in the specification of what has been delivered.

If this is the case, it is important that businesses now do their legal housekeeping and make sure they have a proper record of what has been agreed. Unfortunately, our experience shows that many legal disputes arise out of amendments to contracts, typically where the parties to the contract each have a different view about what exactly they agreed to change.

We would therefore advise businesses to review any amendments that they might have agreed either verbally, by email, or otherwise, and consider whether they need to be captured in a more formal way which will make clear exactly what has been agreed to be varied, and (where appropriate) how long that variation will remain in force.

It’s also important to remember that some contracts contain provisions that set out specific requirements about how amendments are to be made. For example, they might require that amendments are made in writing (rather than verbally). These “No Oral Modification” clauses are commonly found in commercial contracts, and the courts have recently shown that they are willing to enforce them.

Failing to deal with amendments in accordance with contractual requirements could therefore have a serious impact on businesses as they recover from the disruption caused by the lockdown. If they end up in dispute with a customer or supplier, a business could find that the contract has not actually been amended in the way that they think – potentially leading to legal costs and liabilities at the worst possible time.

The current situation with the coronavirus pandemic has presented obvious challenges to the effective and fair operation of the Court of Protection (COP). Remote access to the COP has therefore become a necessity to ensure that hearings continue to provide proper access to justice. All parties involved in such cases have a responsibility in achieving this primary aim.

Employees on Flexible Furlough can engage in training during hours which you record your employee as being on furlough, as long as in undertaking the training the employee does not provide services to, or generate revenue for, or on behalf of their organisation or a linked or associated organisation.

Where training is undertaken by furloughed employees during hours which you record your employee as being on furlough, at the request of their employer, they are entitled to be paid at least their appropriate national minimum wage for this time.

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.