How much data can I gather?
You also need to consider other aspects of data protection.
Be proportionate – only gather and use Covid-19 data where you need to.
Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.
Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).
Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.
Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.
Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.
Related FAQs
Aside from the CBILS Scheme, the Government have, or are in the process of, implementing several different schemes to support businesses financially through the Covid-19 outbreak.
For those with variable pay, if the employee has been employed for a full 12 months before the period claimed for you, can take the higher of:
- The same month’s earnings in the previous year; or
- Average monthly earnings from the 2019/20 tax year.
For those who have been employed for less than one year you can use the average of their monthly earnings since they began their employment until the date they were furloughed.
If they have been employed for less than a month, work out a pro rata for their earnings so far, and claim for 80%.
- Trusts should allow for telephone advice rather than face-to-face review from critical care when clinically appropriate.
- Hospitals should discuss the sharing of resources and the transfer of patients between units, including units in other hospitals, to ensure the best use of critical care within the NHS.
Please note, the above is intended to provide a summary of the key recommendations which emerge from this guidance. Access to the full guidance can be found here.
A quicker and more cost-effective option may be the involvement of the police given their recent allocation of emergency powers to disperse, fine or even arrest persons who flout these rules. Nevertheless, it appears that the Court is willing to support housing providers in their efforts to tackle anti-social behaviour during this time.
At the discretion of the lender, the Scheme may be used for unsecured lending for facilities of £250,000 and under.
Lenders were required to demonstrate lending additionality (i.e. lending that without the Scheme, wouldn’t have otherwise taken place). The Scheme has been extended to those businesses who would have previously met requirements for a commercial facility and would not have been eligible for CBILS. As a result it is suggested that all viable small businesses affected by Covid-19, and not just those unable to secure regular commercial financing, will now be eligible should they need finance to keep operating.
Primary Residential Property cannot be taken as Security under the Scheme. If the lender can offer finance on normal commercial terms without the need to make use of the Scheme, they will do so.