I don’t live in the same home as my child’s other parent. Can my child move between each house?

If organisations don’t have a formal home working policy, then they should set out, as soon as possible, in clear terms, what is expected of employees from a data protection perspective when working from home. These might include:

• If someone is using their own device for remote working, ensuring that any devices that hold work-related information have up-to-date anti-virus software and that broadband connections have properly configured firewalls
• Reminding staff to contact the organisation’s IT department if they encounter any issues with home working, and not to try and resolve any issues themselves
• Reminding staff that they should notify relevant individuals within the organisation if they consider that there might have been a personal data breach. A breach will still be notifiable even if it does occur at home during the pandemic. These should be logged by the organisation in their data breach log in the normal way
• Ensuring staff lock their devices whenever they are not using them
• Where possible, working in a separate part of the home to family members
• Ensuring confidentiality of information – advising staff not to have phone calls where others are likely to hear the conversation. This might mean moving to a different room, closing the door, or arranging a call for a more convenient time. If employees have smart speakers, you may want to consider advising them to either turn these off, if they are working in the same room as it, or work in a different room
• Wherever possible, avoid taking hard copy documents home, and, if papers are taken home, never placing those papers in a bin or using a home shredder – any such papers should be shredded back at the office in the usual way
• Locking any papers in a safe place
• Not using social media platforms (unless already used and permitted by the organisation) to discuss work matters
• Advising extra caution with incoming emails as at times such as this there may be an increased risk of fraud, email hacking, spear phishing etc.
• Avoiding information being sent to personal email accounts (for example, so it can then be printed at home)
• Reminding staff of your organisation’s Information Security policies, procedures and protocols. These could be emailed to all staff working from home or they could be directed to such documents on the organisation’s intranet, for example

Organisations should also ensure that their remote access systems can cope with increased demand.

Whilst the ICO appreciates the unprecedented nature of this pandemic, it does not mean that organisations can forget about their obligations as controllers of personal data. If a major data security breach were to happen, there is still the possibility of enforcement action where the organisation didn’t put in place good risk mitigation measures.

We have a specialist team of data protection lawyers here at Ward Hadaway, and would be happy to discuss any data protection concerns or issues that you might have.

Employees will be reluctant to take unpaid leave or a sabbatical but when faced with the alternative prospect of redundancy may give it some serious consideration. This would remove the cost of that employee from the employer’s business for an agreed period of time. This is an option which can be offered to employees but again, imposing it without agreement creates significant risk.

There is no minimum period of notice you are required to give employees of their return, but from a good HR practice point of view you should be speaking to your staff and letting them know what the plan is; giving people a reasonable amount of notice of return will allow them to prepare both practically and psychologically.

CEST stands for Check Employment Status for Tax and, although this should do exactly what is says on the tin, there has been criticism of its accuracy and effectiveness. The CEST tool does not test whether there is ‘mutuality of obligation’ in the relationship which is a key factor in determining status.

You are not obliged to use CEST if you are happy with your own assessment process. If you do use CEST keep a record of the certificate given at the end of the assessment and keep this on the contractor’s file. HMRC will stand by the outcome of a CEST assessment provided the information has been honest and accurate. However, you must have entered information honestly to rely on it – you can’t just say what you want to get the right answer, as HMRC may test what you have said.  Also, many people are unhappy with the CEST tool and consider it leans too much towards employed status.

Data on properties, and people, has never been more important.

Given that compliance is at risk here, such a decision must be made by the Board to ensure good governance. Board approval should be sought and recorded for the approach the organisation is taking.

It is essential that you continue to record your data on compliance and report to your board at all times, and that there is a clear audit trail for issues with access, and if appropriate to the Regulator. Access issues as a result of self-isolation should be readily identifiable.

Operatives need to be provided with the tools to operate in as safe a way as possible:

• Checklist of questions to ascertain occupant’s current health
• Protective equipment (masks, gloves, over clothing)

The Gas Safe website is a useful resource for updates: https://www.gassaferegister.co.uk/help-and-advice/covid-19-advice-and-guidance/