Can you ask employees for evidence of the requirement to self-isolate under the Test and Trace scheme?

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

As part of the Coronavirus Bill there is some good news for tenants in so far as it included the following:

• All commercial tenants in England, Wales and Northern Ireland missing rent payments are to benefit from a government ban on forfeiture of their lease.
• Landlords then will be prevented from terminating leases and “evicting” commercial tenants.
• The above provisions rules will apply not only to principal rent, but to “any sum a tenant is required to pay”, leaving the burden of supplying services and insuring the premises on landlords. The bill will last until 30 June 2020, with an option for the government to extend this deadline.

Whist this is helpful to any Tenant planning not to pay rent or other payments due under their lease insofar as they will not suffer forfeiture and be evicted, it should be noted that the contractual obligation to continue paying rent and all other costs due under the lease remains and Landlords will still be able to take action to recover any payments due under the lease that are in arrears.

It is envisaged that employees of organisations falling into the first two categories set out above and won’t be eligible for the job retention scheme in relation to the majority of their employees. It is envisaged that NHS Trusts for example are going to require their staff to be working at full capacity where possible. However, the guidance doesn’t definitely exclude public sector organisations from furloughing employees and notably the government expects such organisations to use public money to continue to pay staff and not furlough them, rather than say requires. In reality, it is difficult to see how such an organisation will be able to rely on the scheme, but the guidance doesn’t completely rule it out.

Schools should be considering both Youth MHFA training and Adults MHFA training so that there are people within every school who have the skills and knowledge to support the mental health needs of students and teaching staff.

If such testing is regarded as a “reasonably practicable step” which has been identified as an appropriate control following a risk assessment then it is something you can do.

Although you can’t physically force someone to have something intrusive done, this is very likely to be a reasonable management instruction and therefore if someone refuses to have this done as a condition of entry into the work place then disciplinary action may follow.

Where this is something that is required of employees, employers should be letting their staff know that this is one of a number of measures that are being introduced into the workplace for their own safety. If the employer can explain, in advance of the return, why temperature checks need to be taken, what the consequences of the results will be- i.e. will they be sent home if over a certain temperature, whether this data will be stored (and if the sole purpose is to determine whether or not they are fit to attend work on a particular day then why are they being stored), and the fact that temperature checks are a requirement of entry to company premises for everyone, then there shouldn’t be significant resistance to this measure.

Large scale temperature checks have in some businesses become part of the “new normal” working environment.