Skip to content
Menu

Home FAQs How much data can I gather?

How much data can I gather?

You also need to consider other aspects of data protection.

Be proportionate – only gather and use Covid-19 data where you need to.

Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.

Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to  make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).

Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.

Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.

Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.

Related FAQs

What is the guidance in relation to the Mental Capacity Act 2005 and Deprivation of Liberty Safeguards during the Covid-19 pandemic?

The Department of Health & Social Care has published guidance for hospitals, care homes and supervisory bodies on the Mental Capacity Act 2005 (MCA) and Deprivation of Liberty Safeguards (DoLS) during the coronavirus pandemic.

In many scenarios created or affected by the pandemic, decision makers in hospitals and care homes will need to decide:

  • if new arrangements constitute a ‘deprivation of liberty’ (most will not), and
  • if the new measures do amount to a deprivation of liberty, whether a new DoLS authorisation will be required (in most cases it will not be).

If a new authorisation is required, decision makers should follow their usual DoLS processes, including those for urgent authorisations.

A summary of the key points to be taken from the guidance is outlined below:

Use of the MCA and DoLS due to Covid-19

  • During the pandemic, the principles of the MCA and the safeguards provided by DoLS still apply.
  • It may be necessary to change the usual care and treatment arrangements, for example to provide treatment for people with Covid-19, to move them to a new hospital or care home to better utilise resources or to protect them from becoming infected.
  • All decision makers are responsible for implementing the emergency Government health advice  and any decision made under the MCA must be made in relation to a particular individual, it cannot be made in relation to groups of people.

Best interest decisions

  • In many cases, a best interests decision will be sufficient to provide the necessary care and treatment for a person who lacks the capacity to consent to the care and/or treatment arrangements during this emergency period.
  • If an individual has made a valid and applicable advance decision to refuse the treatment in question, then the relevant treatment, even for Covid-19, cannot be provided.

Delivering life-saving treatment

  • Where life-saving treatment is being provided in care homes or hospitals, including for the treatment of Covid-19, then the person will not be deprived of liberty as long as the treatment is the same as would normally be given to any person without a mental disorder.
  • The DoLS will therefore not apply to the vast majority of patients who need life-saving treatment who lack the mental capacity to consent to that treatment, including treatment to prevent the deterioration of a person with Covid-19.

The full guidance can be found here.

Last updated on 14th April, 2020

Can those on sick leave or who have been advised to self-isolate be furloughed?

If an employee is self-isolating (as a result of the pandemic) they may be entitled to SSP. Employers should not furlough employees in this category just because of their absence, but they can furlough if there are genuine business reasons for doing so and other eligibility requirements are met. In these cases the employees should no longer receive sick pay and they would be classified as furloughed.

The guidance has specified that those on long term sick leave or who are ‘shielding’ for 12 weeks in line with public health guidance can also be furloughed. But it is important that you clarify that they do fall in the category of extremely vulnerable (https://www.gov.uk/government/publications/guidance-on-shielding-and-protecting-extremely-vulnerable-persons-from-covid-19). It is up to employers to decide whether to furlough employees who are shielding or on long-term sick leave.

You can claim from the CJRS and also for the two week SSP rebate scheme (see below) for the same employee but not for the same period of time. Therefore if you have a furloughed employee who becomes ill and you subsequently move them to SSP you cannot claim the furlough rate of pay. If you keep the employee on the furloughed rate you can continue to claim this under CJRS.

Last updated on 14th April, 2020

What are the new Procurement Policy Notes (PPN)?

The Government has produced and published three new Procurement Policy Notes as a direct result of the ever changing Covid-19 environment.

PPN 01/20: Responding to COVID-19

The purpose of PPN 01/20 is to ensure that contracting authorities are able to procure goods, services and works with extreme urgency, to allow them to respond to the pandemic efficiently.

This PPN provides guidance for the following circumstances:

  • Direct award due to extreme urgency (regulations 32(2)(c)) (click here to read our article regarding regulation 32)
  • Direct award due to an absence of competition or protection of exclusive rights
  • Call off from an existing framework agreement or dynamic purchasing system
  • Call for competition using a standard procedure with accelerated timescales
  • Extending or modifying a contract during its term

PPN 02/20: Supplier relief due to COVID-19

PPN 02/20 focuses predominantly on the supplier to assist in keeping supply chains open and ensuring that suppliers are kept financially sound during these unpredictable times.

This PPN provides guidance for the following circumstances:

  • Urgent reviews of contract portfolios and to update suppliers if they believe they are at risk
  • Put in place appropriate payment measure to support supplier cash flow
  • Where contract payments are based on ‘payment by results’ make payments based on previous invoices
  • Ask suppliers to act on a ‘open book’ basis and make cost data available to the contracting authority during this period
  • Ensure invoices submitted by suppliers are paid immediately on receipt

PPN 03/20: Use of Procurement Cards

The third guidance note PPN 03/20 relates to the use of procurement cards to increase efficiency and accelerate payment to suppliers.

This PPN provides the following advice and urges organisations to arrange with their procurement card provider to:

  • Increase a single transaction limit to £20,000 for key card holders
  • Raise monthly limits on spending with procurement cards to £100,000 for key card holders
  • Spend on procurement cards each month in excess of £100,000 should be permissible to meet business needs

Although the above advice has been provided, should these limits not be necessary, organisations should seek an appropriate transaction limit or monthly limit.

The PPN also advises that by 30 April 2020, in scope organisations should:

  • Ensure that a number of appropriate staff have the authority to use these cards
  • Open all relevant categories of spend to enable these cards to be used more widely

Last updated on 17th April, 2020

Should we issue petitions?

Our advice to you here is simple. It will depend on the circumstances surrounding your debt but for the most part, unless it is crystal clear that there has been a debt outstanding long before Covid-19 and there was an inability to pay prior to the Covid situation we would recommend that you hold off issuing any further petitions until after the 31st December. Unless the criteria set out above is met, a judge is likely to exercise their discretion leniently and could dismiss the petition. This could also lead to cost consequences which would adversely affect you.

We are happy to discuss individual cases to assist creditors at this difficult time, however, generally any cases proceeding to petition would be the exception as opposed to the rule. Even if presenting a winding up petition is not available for now, there may still be other forms of legal proceedings that you can use to collect money owed to you, like county court proceedings.

Last updated on 26th May, 2020

What actions and measures should be avoided?

The CMA is particularly concerned about certain activities, its guidance highlights:

  • Exchange of commercially sensitive information where this is not necessary in response to the crisis
  • Collaboration which unfairly excludes third parties
  • Abuse of a dominant position (including a dominant position held as a result of the crisis) – particularly to charge excessive prices
  • Seeking to maintain prices or prevent reductions in prices
  • Cooperation going beyond what is necessary to respond to the crisis in the interests of consumers

Last updated on 31st March, 2020