How much data can I gather?
You also need to consider other aspects of data protection.
Be proportionate – only gather and use Covid-19 data where you need to.
Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.
Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).
Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.
Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.
Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.
Related FAQs
Yes. You should be able to furlough a suspended employee subject to all other eligibility requirements however we recommend that you take advice on this before doing so.
Mortuaries are a sui generis use, unless ancillary to some other use of land, a hospital for example.
Sui generis uses are not within any Use Class. Consequently planning permission is required for the:
- Change in the use to a sui generis use
- Subsequently for the change in the use to an alternative use, whether that be another sui generis use or a use within a Use Class
Acknowledging the above, if the scale of the use is above de minimis, planning permission is likely to be required to change the use of a warehouse or factory unit into a temporary mortuary.
Should planning control be breached, a local planning authority must decide whether to take enforcement action or not. That enforcement is discretionary was recently reiterated in a Ministerial Statement issued on 13 March 2020 a link to which is below.
Depending on the form of the enforcement action, there could be a right of appeal.
- Keep in touch. If contact is poor, workers can feel disconnected, isolated or abandoned. This can adversely affect stress levels and mental health – especially in the current crisis when everyone is feeling more anxious.
- Think about the use of laptops/devices (DSE) at home. Provide a basic form of risk assessment for self-completion.
- Remind workers of simple steps to reduce the risks from display screen work:
- take regular breaks (at least 5 minutes every hour) or change activity
- avoid awkward, static postures by regularly changing position
- get up and move or do stretching exercises
- avoid eye fatigue by changing focus or blinking from time to time
Undeniably and understandably BAME staff, as well as those staff who are identified as being at a higher risk, are going to have high levels of stress and anxiety. For some, this may become of such severity that those staff should be considered to be disabled under the Equality Act 2010. The question as to whether someone is disabled is one that should be answered in conjunction with appropriate medical advice. But the question about how to support any staff suffering with stress and anxiety should not be left until that stage. Proactive steps need to be taken and expert advice obtained on what support measures should be put in place. We know that many NHS organisations are already giving the mental wellbeing of their staff the highest priority.
From our perspective, we would ask managers to be mindful that stress and anxiety is likely to feature in how an individual reacts to questions about the level of risk to their health and the impact on their duties. The conversations with some staff may not be easy to have and may be met with challenge.
For those staff who’s stress and anxiety is such that it would qualify as a disability, reasonable adjustments will need to be considered to the processes that you are applying.
An additional point to consider – it might be worth writing to all staff, asking them to come forward if they have any health conditions that they think you ought to be aware of, assuring them that such information is being given in the strictest confidence. You want to make sure that you are taking the appropriate measures to ensure their health and safety.
The Government has produced and published three new Procurement Policy Notes as a direct result of the ever changing Covid-19 environment.
PPN 01/20: Responding to COVID-19
The purpose of PPN 01/20 is to ensure that contracting authorities are able to procure goods, services and works with extreme urgency, to allow them to respond to the pandemic efficiently.
This PPN provides guidance for the following circumstances:
- Direct award due to extreme urgency (regulations 32(2)(c)) (click here to read our article regarding regulation 32)
- Direct award due to an absence of competition or protection of exclusive rights
- Call off from an existing framework agreement or dynamic purchasing system
- Call for competition using a standard procedure with accelerated timescales
- Extending or modifying a contract during its term
PPN 02/20: Supplier relief due to COVID-19
PPN 02/20 focuses predominantly on the supplier to assist in keeping supply chains open and ensuring that suppliers are kept financially sound during these unpredictable times.
This PPN provides guidance for the following circumstances:
- Urgent reviews of contract portfolios and to update suppliers if they believe they are at risk
- Put in place appropriate payment measure to support supplier cash flow
- Where contract payments are based on ‘payment by results’ make payments based on previous invoices
- Ask suppliers to act on a ‘open book’ basis and make cost data available to the contracting authority during this period
- Ensure invoices submitted by suppliers are paid immediately on receipt
PPN 03/20: Use of Procurement Cards
The third guidance note PPN 03/20 relates to the use of procurement cards to increase efficiency and accelerate payment to suppliers.
This PPN provides the following advice and urges organisations to arrange with their procurement card provider to:
- Increase a single transaction limit to £20,000 for key card holders
- Raise monthly limits on spending with procurement cards to £100,000 for key card holders
- Spend on procurement cards each month in excess of £100,000 should be permissible to meet business needs
Although the above advice has been provided, should these limits not be necessary, organisations should seek an appropriate transaction limit or monthly limit.
The PPN also advises that by 30 April 2020, in scope organisations should:
- Ensure that a number of appropriate staff have the authority to use these cards
- Open all relevant categories of spend to enable these cards to be used more widely