Can I collect health data in relation to Covid-19?
Yes. With respect to employees you have an obligation to protect their health so you can gather information to do that. You might gather information from your employees on who has the virus, who has had it and recovered and also who has tested negative. You might also want to know if individuals have been in contact with someone who has it or if they are in a vulnerable group. It is reasonable to want to know where individuals have travelled. In the future it may also be reasonable to know if they are planning to travel to a virus hot spot, as the impact of the virus around the world is likely to continue for some time even after the outbreak has been contained in the UK.
It is reasonable to gather some information about visitors to your site, be they customers or suppliers, as this information will also help protect your staff. However, you should keep what you gather to a minimum. For visitors, it’s unlikely that you need to know anything more than they have Covid-19, are displaying symptoms or have recently been in contact with someone who has the virus.
Related FAQs
There is not a magic number. It depends on the nature of the organisation, the work carried out, the organisational structure, the geographical spread, working patterns and conditions. We would give specific advice personalised to the organisation and taking all these and other factors in to consideration. There is no such things as too many MHFAs!
The Act is intended to facilitate the rescue of businesses that are in financial difficulty by preventing suppliers from invoking certain termination clauses under a supply contract, and therefore maintaining supply of goods and services to the business whilst plans to save the business can be considered.
Supply contracts often contain a clause enabling them to terminate the contract, or take other steps such as requiring payment in advance, in the event that the customer enters an insolvency procedure.
This new Act removes any such contractual right by dis-applying any clause that allows the supplier to terminate the contract, or take any other step, due to the customer entering an insolvency process.
Suppliers are also prevented from demanding payment for pre-insolvency debts owed by the customer as a condition of continued supply.
Additionally, where the supplier had a contractual right to terminate the contract due to an event occurring before the customer went into the insolvency process (whether or not linked to payment issues), the supplier loses this right for the duration of the insolvency process.
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
You must only make a report under RIDDOR (The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) when:
- An unintended incident at work has led to someone’s possible or actual exposure to coronavirus. This must be reported as a dangerous occurrence
- A worker has been diagnosed as having COVID 19 and there is reasonable evidence that it was caused by exposure at work. This must be reported as a case of disease
- A worker dies as a result of occupational exposure to coronavirus.
The Government has produced workplace guidance for employers, setting out 2 key messages for employers:
- Continue to make workplaces as safe as possible; and
- Encourage workers to heed any notifications to self-isolate and to support them while they are require to isolate
Government guidance can be accessed here: How it works (an overview) and Workplace guidance for employers.