How much data can I gather?
You also need to consider other aspects of data protection.
Be proportionate – only gather and use Covid-19 data where you need to.
Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.
Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).
Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.
Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.
Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.
Related FAQs
The Coronavirus pandemic will have impacted businesses in many different ways, but some of the most likely impacts that could have a legal implication are as follows:
- Services were not performed in accordance with contract during the period of disruption. This could be a reduction in volume of services performed, a suspension of services, or performance in a way that does not comply with contractual KPIs
- Late delivery or non-delivery of goods because of factory closures, or disruption in the supply chain
- Changes being agreed between parties to contracts to deal with the consequences of the Covid-19 outbreak
With another lock-down in force in England, it has been confirmed that the courts will remain open. This is different to the first lockdown in March 2020, in which the majority of courts were closed and most face to face hearings did not take place. Hopefully, this new lock-down measure will ensure that cases are still being heard at a steady rate, and there should not be a backlog for your case to be dealt with.
Lord Chancellor Robert Buckland QC MP emphasised the importance of maintaining safety during the new measures: “Our courts & tribunals continue to be an essential public service, served by essential workers and meeting Covid-secure standards endorsed by public health officials. With the use of remote hearings wherever appropriate, this vital work can and should continue.”
A large sum of £110m has been spent in recent months to make courts safe and to ensure that trials should go ahead where necessary. As a result of the expenditure, hearings can now still take place both in person, whilst adhering to the rules, as well as remotely. Your case may be heard in court if it is deemed as being “necessary in the interest of justice”.
Precautionary measures, such as social distancing, will still be in place, with Judges and magistrates ensuring that this happens.
Lord Chief Justice, Lord Burnett of Maldon commented: “The next few weeks will present difficulties in all jurisdictions. But as before judges, magistrates, staff, the legal profession and others involved in the system will meet them and ensure that the administration of justice continues to function in the public interest.”
The reaction from NCVO is that this is an important first step. However, it will not stop well run charities from closing and others will look very different in a few months’ time.
As long as you can demonstrate that you have exercised reasonable care in determining status you have discharged your obligations in that respect. However, if you are unable to demonstrate this, you may as the end user client be responsible for the contractor’s tax and NIC’s.
On 13 March 2020 the Secretary of State for Housing, Communities and Local Government issued a Written Statement in respect of delivery restrictions.
In this respect, many supermarkets, food retailers and distribution centres in England operate under planning restrictions (conditions and/or obligations) which limit the time and number of deliveries from lorries and other delivery vehicles which can take place particularly at night primarily to protect the residential amenity of nearby residential property.
Key points in the Statement include;
- Given the exceptional challenges facing the UK from the coronavirus, it is vital that deliveries of food, sanitary and other essential products over the coming weeks can be made as quickly and safely as possible, minimising disruption to the supply chains. The likely pressures on driver capacity mean additional flexibility is needed so that retailers can accept deliveries throughout the day and night where necessary.
- That planning enforcement is discretionary and that local planning authorities should act proportionately in responding to suspected breaches of planning control.
- That local planning authorities should not seek to undertake planning enforcement action which would result in unnecessarily restricting deliveries of food and other essential deliveries during this period having regard to their legal obligations.
The Statement acknowledges that the increased frequency of deliveries particularly at night could have a temporary impact on residents. It therefore concludes that the Government will review the need for the flexibility outlined in the Statement after the pressure from the coronavirus has reduced and that it is the intention to withdraw it once the immediate urgency has subsided.
A link to the Written Statement is below.