We are conscious that asking a particular group of people, who have a protected characteristic under the Equality Act 2010, to restrict their duties, could expose the Trust to allegations of discrimination. What steps can we take to avoid someone/a group of people feel that they have been treated differently because of their protected characteristic?

If it is not possible to find work for the employee to do at home, you do have the option of putting the employee on furlough.

The basics of health and safety law requires that employers take “all reasonably practicable steps” to ensure workers’ safety and that a suitable and sufficient assessment of risk is undertaken. It is the individual assessment of Covid-19 risk in each workplace that will be central. Employers will be required to conduct a robust risk assessment and then, following the hierarchy of controls, put robust processes and safeguards in place to address those risks.

UK government guidance and HSE advice is continually evolving, which in practice means that any risk assessment will need to be reviewed very regularly as that guidance develops. There is flexibility for individual businesses within the overall government framework and there will need to be a process of evaluation to ensure that the measures in place continue to meet the requirements.

The starting point of avoid, eliminate and control means looking at individuals continuing to work from home where possible (the fewer the number of people back in the workplace the lower the risk), and if not look at risk management, which leads to administrative controls – i.e. changing work practices before ending up at PPE. PPE is generally seen as control of last resort but in practice – facemasks, disposable gloves and constant prompts to wash hands for example.

In terms of changing working practices, employers should be thinking about:

• the workspace and how this is laid layout
• how do we make sure it is kept clean and hygienic
• how do we keep people apart
• how can we use toilets, canteens or other shared spaces/facilities safely
• how do we promote and enable higher levels of workplace hygiene
• if we are going to rely on PPE – can we get it, and is it suitable
• what about limiting customer interactions
• will there be enough first aiders on site
• can we manage fire safety, deliveries etc
• what about higher risk workers
• should work tools and equipment be allocated on an individual basis to employees.

These decisions need to be recorded and clearly communicated to staff members.

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

The MHFA training makes this clear, it should be made clear in the MHFA role specification and procedures and discussed during regular MHFA peer support and MHFA surgery sessions. It is important to ensure that where an Employee Assistance Programme is in place, all MHFAs have details of that scheme available so they are able to instantly share details of the scheme with those who require support. If in doubt due to serious concerns then using 999 or Samaritans is an option.

The CMA is particularly concerned about certain activities, its guidance highlights:

• Exchange of commercially sensitive information where this is not necessary in response to the crisis
• Collaboration which unfairly excludes third parties
• Abuse of a dominant position (including a dominant position held as a result of the crisis) – particularly to charge excessive prices
• Seeking to maintain prices or prevent reductions in prices
• Cooperation going beyond what is necessary to respond to the crisis in the interests of consumers