Skip to content
Menu

Home FAQs How much data can I gather?

How much data can I gather?

You also need to consider other aspects of data protection.

Be proportionate – only gather and use Covid-19 data where you need to.

Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.

Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to  make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).

Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.

Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.

Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.

Related FAQs

Are all employees now required to wear face coverings?

The guidance states that people should aim to wear a face-covering in indoor spaces where social distancing is not always possible and they come into contact with others, for example on public transport or in some shops, and potentially in the workplace. Face coverings do not mean face masks such as clinical masks worn by certain key workers as PPE, which should be reserved for those people.

Staff working in areas that are open to the public must wear face coverings, this includes:

  • shops
  • supermarkets
  • bars
  • pubs
  • restaurants
  • cafes
  • banks
  • estate agents
  • post offices
  • public areas of hotels and hostels

If these businesses have taken steps in line with Health and Safety Executive guidance for COVID-19 secure workplaces to create a physical barrier between workers and members of the public then staff behind the barrier will not be required to wear a face covering.

For other indoor settings, employers should assess the use of face coverings on a case by case basis depending on the workplace environment, other appropriate mitigations they have put in place, and whether reasonable exemptions apply.

Last updated on 12th May, 2020

Can I be investigated or prosecuted by HSE if one of my workers contracts Covid-19?

The reality of these unprecedented times is that enforcement of health and safety legislation by the HSE (particularly through the criminal courts) in relation to Covid-19 is an extremely unlikely outcome.

Last updated on 27th March, 2020

What will my case look like going forward and what are the courts doing?

During the Covid 19 crisis lawyers and the courts have had to adapt with hearings being heard remotely and with more electronic communication. It is clear that going forward, some of these changes will become more permanent.

The Lord Chancellor, Robert Buckland QC MP, has spoken last week regarding changes to the justice system following the COVID-19 pandemic and we know that there is a significant backlog of work that needs to be processed.

Firstly, 10 sites have been identified for ‘Nightingale courts’ which will allow for better social distancing. The authorities have suggested that it is a possibility that courts will need to stay open for a longer time or at weekends, to increase the number of cases that can be heard safely on any given day. This will enable more cases to be heard in a day and therefore a swifter outcome for your case. The standard of video technology will also continue to improve, with plans for new technology being rolled out across all courts form July onwards. The enhanced use of technology may result in matters being heard more efficiently, decreasing the time spent during each hearing.

HMCTS is working to expand access to audio and video technology to support more and new types of hearings. There has been an increase in the use of new and varying equipment over the lock-down period. With the appropriate systems in place, many more hearings could take place on platforms such as the Cloud Video Platform (CVP). Throughout July, the CVP will be more readily available to Country courts. There will be further hardware rolled out to improve the quality of video hearings, and there will be more efficient methods used to organise video lists.

The increased use and training of CVP means that witnesses and advocates may not need to attend court and could attend the hearing remotely. This will give you increased flexibility, enabling you to attend from your office or home. The CVP is efficient and simple to use, with no complex functions; making it user-friendly. This should make litigation more time and cost effective (albeit that there will be the cultural challenge of having less contact with your legal team or the court experience).

Last updated on 6th July, 2020

Who is exempt from wearing a face mask at work?

Those individuals who are already exempt from the existing face covering obligations, will continue to be exempt from the new rules. These include:

  • Those unable to put on or wear a face covering because of a physical or mental illness or disability
  • People for whom wearing or removing a face covering will cause severe distress
  • Anyone assisting someone who relies on lip reading to communicate

Last updated on 25th September, 2020

What is Coronavirus Business Interruption Loan Scheme (CBILS)?

The Coronavirus Business Interruption Loan Scheme (“CBILS“) is open for applications to provide small businesses with a loan of up to £5m to assist with the Covid-19 outbreak. The Scheme is aimed at businesses who are experiencing lost or deferred revenues, and who otherwise would be denied support from lenders, to be supported by a Government backed guarantee. The Scheme will initially run for six months with the possibility to be extended where required, so businesses should only approach a lender under the Scheme as and when they require assistance.

Last updated on 26th March, 2020