Can I collect health data in relation to Covid-19?
Yes. With respect to employees you have an obligation to protect their health so you can gather information to do that. You might gather information from your employees on who has the virus, who has had it and recovered and also who has tested negative. You might also want to know if individuals have been in contact with someone who has it or if they are in a vulnerable group. It is reasonable to want to know where individuals have travelled. In the future it may also be reasonable to know if they are planning to travel to a virus hot spot, as the impact of the virus around the world is likely to continue for some time even after the outbreak has been contained in the UK.
It is reasonable to gather some information about visitors to your site, be they customers or suppliers, as this information will also help protect your staff. However, you should keep what you gather to a minimum. For visitors, it’s unlikely that you need to know anything more than they have Covid-19, are displaying symptoms or have recently been in contact with someone who has the virus.
Related FAQs
It is clear that we are emerging from a completely unprecedented period of disruption for many businesses, and this may have had a huge impact on their contractual arrangements both with suppliers and customers.
As the lockdown eases, and we get back to business, it’s important that businesses take stock of what has happened, and ensure they review and address the legal and contractual consequences of what has been happening since the start of the global pandemic.
The National Police Chiefs Council (NPCC) issued guidance mid-April confirming that you can move to a friend’s address for several days to “cool off” following an argument at home. You should strongly consider either yourself or your spouse moving elsewhere where children are involved as it prevents the children from witnessing conflict within the home, at what is already an emotionally charged time for them. Nevertheless, you should also consider and take legal advice on the financial implications of either of you or your partner moving out and how contact with the children is going to be promoted with both parents, if suitable. The Government Guidance has confirmed that children can be moved between households if they have separated parents.
It is still possible to issue Divorce proceedings and much of the process has now been taken online. The main divorce suit is dealt with separately to the separation of financial assets and children arrangements, which can often take much longer to review and discuss. While staff shortages may mean slower turn-around times there is no reason to suspect that a divorce will not otherwise go ahead as anticipated. Once coronavirus has passed, it is likely that divorce rates will spike and there will be an increased demand on the Court system, so your divorce process may take longer if you delay filing your divorce.
It is also still possible to issue Court Applications regarding any financial settlements or children arrangements, however, the Court system was already under significant pressure before coronavirus, so the pandemic will only add to that and we expect Court processes to significantly be slower in those areas.
Court Applications should in any event be used as a last resort and there are alternative dispute resolution processes available which you should consider, including Arbitration and Mediation. Family lawyers are continuing to advise and assist individuals, manage their separations and can provide information about the options available, using alternative methods of communication such as Teams, Skype or Zoom for clients. Understandably, speaking aloud may be difficult in circumstances where you are not able to get any private time away from your spouse due to you being in lockdown and so email correspondence may be the most appropriate method of communication.
Yes, but only for work purposes and where it is unreasonable to do so from home. Work colleagues cannot meet to socialise.
- Yes, if contributions to a defined contribution (“DC”) scheme exceed statutory minimum for auto-enrolment purposes, it may be possible to reduce employer contributions to the statutory minimum, but not further.
- However, the processes required for reduction of DC employer contributions will necessitate obtaining legal advice:
- Reducing employer contributions may require changes to the employment contracts of affected staff (as does the furlough process).
- Reducing employer contributions may also require negotiation with trade unions or other staff representative forums.
- Where group personal pensions are used, the contractual format may not permit changes of employer contributions, and hence it may also be necessary to enter into a new contractual arrangement. Choosing a new group personal pension plan is a not insignificant task in itself.
- Employers with at least 50 employees are required to conduct a 60-day consultation process with affected employees if they propose to reduce employer contributions (but please see below).
- Finally, it may require a change to the scheme rules and engagement with the scheme trustees if the scheme is operated under trust.
- For DB schemes, specific considerations apply (see the last section, below).
Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.
- Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
- Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
- Only use the information for the purpose of managing the workforce during the pandemic.
- Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
- Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
- Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
- Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
- Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
- Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
- All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.
If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.
** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.