How is the Pensions Regulator reacting to the crisis?

You must only make a report under RIDDOR (The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) when:

• An unintended incident at work has led to someone’s possible or actual exposure to coronavirus. This must be reported as a dangerous occurrence
• A worker has been diagnosed as having COVID 19 and there is reasonable evidence that it was caused by exposure at work. This must be reported as a case of disease
• A worker dies as a result of occupational exposure to coronavirus.

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

Where it is envisaged that 20 or more employees will be dismissed at a relevant establishment within a 90 day period or less, then collective consultation is required (in addition to individual consultation) and the company must inform BEIS (using form HR1).

If there are less than 20 dismissals then you are only required to carry out individual consultation.

This would depend on the reason as to why the employee is refusing to come into work. An unauthorised absence is where an employee fails to attend work and they do not have a statutory or contractual right, or their employer’s permission, to do so. An employer will not be obliged to pay employees their normal pay for periods of unauthorised absence.

There are some absences which may be viewed as authorised which would entitle the employee to their full pay. For instance, employees who believe that they are in serious and imminent danger by coming to work would be entitled to stay at home and receive pay if their belief is deemed reasonable.

An employer should always try to discuss any unauthorised absences with an employee. They may then consider whether to take disciplinary action against the employee.

In appropriate cases, disciplinary action and then dismissal may be fair if an employee refuses to wear a face covering in the workplace. For example, if this is in breach of the government guidance or if  employer has issued a reasonable management instruction to this effect due to an identified health and safety risk.

It is important that employers use a fair and reasonable procedure when deciding whether to discipline and/or dismiss an employee and that its actions does not unlawfully discriminate against employees who have legitimate reasons for not wearing masks, such as those individuals who have health conditions like asthma.