How much data can I gather?
You also need to consider other aspects of data protection.
Be proportionate – only gather and use Covid-19 data where you need to.
Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.
Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).
Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.
Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.
Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.
Related FAQs
The Act should make it easier for residents to obtain relevant information. It includes an obligation for the Principal Accountable Person to prepare a strategy for promoting the participation of residents, including the information to be provided to them and consultations about relevant decisions. The strategy must be provided to residents, and there will be provision for residents to be able to request information and copies of documents from the Principal Accountable Person. The type of information and the form in which it is to be provided will be set out in secondary legislation in due course, but the explanatory notes anticipate that it will include:
- Full current and historical fire risk assessments•Planned maintenance and repair schedules
- The outcome of building safety inspection checks
- Information on how assets in the building are managed
- Details of preventative measures
- Details of fire protection measures and the fire strategy for the building
- Information on the maintenance of fire safety systems
- Structural assessments
- Planned and historical changes to the building
The Government guidance does not require any business to close except some non-essential shops and public venues, so in theory, all businesses can continue to occupy and operate from their existing premises. However, government guidance strongly encourages businesses to arrange for everybody able to work from home to do so. The majority of office sector business will fall into this category.
In the industrial sector, the majority of businesses will not be able to operate via home working and will, therefore, need to retain employees on site though in some cases this may be able to be scaled back.
Any tenants continuing to operate from their premises should consider whether or not they need to make any alterations to the premises to facilitate social distancing of employees and whether or not such works would require a consent from the Landlord under the terms of the lease.
CBILS is made available through the British Business Bank’s 40+ accredited lenders and partners, which are listed on their website (https://www.british-business-bank.co.uk/ourpartners/coronavirus-business-interruption-loan-scheme-cbils/accredited-lenders/).
Businesses should initially approach their own lender and only consider other lenders if they are unable to access the finance they need. Note, not every accredited lender can provide every type of finance listed.
Some banks/lenders are not included in the list of accredited lenders which appears to mean that they cannot provide support through the Scheme. We understand from the British Business Bank that further lenders are applying to be accredited but that this may take a little time to process. If the provider of your senior debt is not on the accredited list you should consider approaching the bank which provides your day to day account banking services.
If you wish or need to access the Scheme via an alternative funder the process may take longer as usual on-boarding and KYC processes will need to be undertaken.
Workers who have not taken 20 days holiday entitlement due to Covid-19 can now carry it over into the next 2 leave years. It only applies where it was not reasonably practicable for a worker to take their annual leave due to the coronavirus.
No. The Home Office has confirmed that sponsors do not need to report sponsored workers as working from home, where this is directly related to the coronavirus outbreak.
However any UK employers who sponsor overseas workers, should also ensure that they remain compliant with their other sponsor licence duties, which includes reporting any change to an employee’s salary and duties.