Can you require an employee to tell their employer whether they have been tested for coronavirus/the results of that test?

Yes. The Government continues to support the construction industry and the Prime Minister’s recent statement supports the return to work of those who cannot work from home, if they can work safely.  This has seen an immediate surge in industry workforce returning to work. Banks and storage and distribution businesses are permitted to operate as essential businesses.

Solicitors and estate agents may still not permit members of the public to enter their premises, but can operate remotely via website, phone, email and other methods, as normal.  The Government’s latest guidance published on 13 May now advises that moving house need not be postponed, provided social distancing and safe ways of working can be adopted. Restrictions remain for those who are infected or who are self-isolating or vulnerable, and they should not move house or accept visitors.

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.

We hope that all organisations will come out of lockdown successfully. However, the current economic crisis means that many organisations will face very difficult trading conditions.

Employment costs are one of, if not the, largest cost to your organisation. These costs will have an effect on your financial well-being – and many organisations are now considering how to reduce employment costs. That said, your workforce is also your most important asset and as we get back to business, you will need your workforce to run the organisation, produce your goods, deliver your services and deal with your customers.

As a result, many organisations are facing a very difficult situation – how to reduce or flex the cost of the workforce whilst also maintaining an ability to service customers. This difficulty is enhanced by the uncertainty of when the pandemic will be controlled and the threat of lockdowns end.

There are four criteria which must be satisfied if an agreement is to be considered exempt:

• It must improve production or distribution, or promoting technical or economic progress – the guidance suggests that cooperation ensuring essential goods and services can be made available to the public, or an important sub-set of the public such as key workers, will satisfy this criterion.
• It must allow consumers a fair share of the resulting benefit – the guidance suggests this will be the case where the action prevents or reduces shortages.
• It must not impose on the undertakings concerned restrictions which are not indispensable to the attainment of the above benefits – the guidance suggests this will be the case where the cooperation is the only reasonable option due to the urgency of the crisis and where the cooperation is temporary in nature.
• It must not afford the undertakings concerned the possibility of eliminating competition – therefore the parties must endeavour to retain competition in respect of the products (in particular price competition).

Although there is no formal selection process that must be followed in order to furlough staff, the basis for selecting who will be furloughed should be explained to all relevant staff. Basing this on work levels, required skills or whether work can in fact be carried out efficiently from home will help this process. Staff can be invited to volunteer to be furloughed or re-furloughed. Any requests can be considered on a case by case basis. It may be that a particular skill set is required which may result in an employee’s request being refused.