How is the Pensions Regulator reacting to the crisis?

Given the impact the Coronavirus is going to have upon the commercial property market, landlords will undoubtedly, as a matter of good commercial sense, will have to seriously entertain approaches from tenants seeking a rent suspension – notwithstanding there is no entitlement to the same under their lease.

Some landlords may decide it is better to waive or suspend rental payments over the short term rather than face their tenants going out of business and leaving them with an empty building in a flat or dead market.

A measure falling short of a rent suspension would be for the tenants to negotiate with their landlord’s monthly payments of rent rather than quarterly and for those monthly payments to be in payments arrears, rather than in advance.

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

Yes, you can ask to see any information/documentation sent to an employee informing them that they should self-isolate.

There is no minimum period of notice you are required to give employees of their return, but from a good HR practice point of view you should be speaking to your staff and letting them know what the plan is; giving people a reasonable amount of notice of return will allow them to prepare both practically and psychologically.

Yes, this is very likely to amount to a reasonable management instruction which is put in place for public health reasons. Employers should make it clear to their employees that this is something they are required to do and that if they fail to do so this may lead to disciplinary action.