What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
Some examples of the key questions to ask include:
- Is there still a viable underlying business that is likely to continue beyond the current crisis?
- What does the revised short to medium cash flow look like and will the company continue to be able to pay its liabilities?
- Does the company have the support of all of its stakeholders – lenders, shareholders, customers, suppliers and banks – even though the business might be in breach of its own obligations?
- What measures could (and should) the board put in place to protect creditors, including making sure that exposure to creditors (both collectively and individually) is not increased, assets are not sold at less than value and no creditor is treated more favourably than another?
- Is there still a reasonable prospect of the business avoiding liquidation or administration?
The key question is always whether accepting the money is in the best interests of creditors as a whole bearing in mind that accepting Government support and continuing to trade might increase the company’s overall liabilities. Directors should be mindful that if the business fails, their decisions during this critical time may be scrutinised and it is therefore important that directors have up-to-date financial information and projections to form the basis of any decisions, take stock, get the right advice and document the decisions that are taken.
The guidance is clear that furloughed staff must receive no less than 80% of their reference pay (up to the monthly cap of £2500).
Employers cannot enter into any transaction with the worker which reduces the wages below this amount. This includes any administration charge, fees or other costs in connection with the employment.
Failure to comply with the individual consultation obligations could render the dismissal unfair and expose you to a financial penalty of the lower of up to 1 years gross pay or the maximum statutory limit (currently £88,519).
The Home Office has not stated when it will end these temporary measures, albeit it has stated that it will provide a warning. Where employers have carried out checks using the temporary measures, the Home Office has confirmed that it will require employers to carry out retrospective checks on any of the following:
- Employees who started working for you when the temporary measures were in place
- Employees who required a follow up check during the temporary measures (for example because their previous leave was coming to an end).
It is not explicit from the guidance but these retrospective checks must require you to have in your possession the physical ID in its original form. When carrying out the retrospective check, employers must record this using the following wording “the individual’s contract commenced on [insert date]. The prescribed right to work check was undertaken on [insert date] due to Covid-19.”
These further checks must be made within eight weeks of the temporary measures ending, and employers must keep records of both checks undertaken. Where the employer discovers that the employee does not have the right to work during the retrospective check they should stop employing them.
The Cabinet Office has published a useful Procurement Policy Note (“PPN”) on relief available to suppliers due to Covid-19 (available here). In brief, you should not be penalised by a public sector body, if, in the current circumstances, you are unable to comply (fully or partly) with your contractual obligations. Public sector bodies are expected to work with suppliers and, if appropriate, provide relief against current contractual terms. This is in order to maintain business and service continuity and avoid claims being accepted for other forms of contractual relief, such as the occurrence of a force majeure event.
The types of relief that may be available to suppliers to the public sector will depend on the existing contracts in place. Some contracts may have a payments by result mechanism, whereas others may be based on certain key performance indicators (KPIs) being met. Other contracts may not include any such mechanisms and therefore it will be a matter for discussion between suppliers and the public sector body.
The PPN provides that, rather than a supplier seeking to invoke a clause that would permit the supplier to suspend performance of its obligations (such as a force majeure clause), public sector bodies should first work with the supplier to amend or vary the contract. Any changes should be limited to the particular circumstances and considered on a case-by-case basis. Changes could include:
- Amending the contract requirements
- Varying timings of deliveries
- Relaxing KPIs or service levels
- Extending time for performance (e.g. revising a contract delivery plan), and/or
- Preventing the public sector from exercising any rights or remedies against the supplier for non-performance (e.g. liquidated damages or termination rights).
These should only be temporary variations and the contract should return to the original terms once the impact of the Covid-19 outbreak on the contract has ended. Discussions with the public sector body about any changes that are agreed should be documented, in a variation signed by both parties.
A public sector may also need to take account of regulation 72 of the Public Contract Regulations 2015, to ensure that any changes to a contract (even of a temporary nature) do not trigger a requirement to conduct a new tender process. Whilst this may be unlikely to be the case with temporary variations, suppliers should still bear this in mind when discussing any changes to a contract with a public sector body.
If you are a supplier to a public sector body and you are currently struggling to meet your contractual obligations, we recommend that you take legal advice as to whether it might be possible to take advantage of the flexible approach that the PPN requires public sector bodies to adopt – it could be that you can avoid service credits or other financial deductions, or the need to serve formal notices such as “force majeure” or other relief notices.