What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
Payments of the Community Infrastructure Levy (“CIL”) are tied to commencement of development, and where an instalment policy is in place, the instalments are usually tied to periods of time following commencement rather than build out rates. Therefore where a development has commenced, payments of CIL are likely to fall due in respect of a site notwithstanding that the site may have temporarily closed or build out rates have slowed.
New regulations now in force, provide some additional relief for those developers with an annual turnover of £45 million or less. Such relief will allow the Council to defer payments, disapply late interest charges, and refund late interest charges that have already been levied since 21 March 2020.
For those developers that cannot benefit from the new provisions, unless a Council has adopted an exceptional circumstances relief policy the regulations do not provide for any relief to be provided in instances where payment of CIL will create viability issues. Most Councils have not adopted such a policy, and in those circumstances the CIL liability will remain due in accordance with the payment schedule on the demand notice.
Councils are at liberty to amend their instalment policies in accordance with their own internal procedures, and the Government is encouraging Councils to explore this option to provide some relief to developers. However this will only assist in respect of any prospective instalments where the development commences after the new instalment policy has been adopted.
For those developers whose annual turnover exceeds £45 million, the Government seems to be taking the view that such developers can afford their CIL liabilities regardless of the current climate. The only concession the Government has proposed is to encourage Councils to make use of the existing discretion they have in respect of the imposition of surcharges for late payments.
- On admission to hospital, all adults should be assessed for frailty, irrespective of their age and Covid-19 status. Regard should be had to any comorbidities and underlying health conditions.
- If a patient is identified as potentially having Covid-19, the UK Government guidance on infection prevention and control measures should be followed.
- If Covid-19 is then diagnosed in someone who is not isolated from admission or presentation, the UK Government guidance on actions required when a case was not diagnosed on admission should be followed.
There is less guidance in respect of whether an employee can refuse to go into the workplace as a result of health and safety concerns about their commute. An employer’s duties to ensure the health, safety and welfare of its employees only extend to the workplace or where an employee is acting in the course of their employment. This does not include the risks of travelling to and from work by public transport.
As there are various ways in which an employee can travel to work, it will be difficult for them to legitimately refuse to come to work due to their commute. Employers should discuss any concerns with the employee and seek to find an appropriate resolution. The government has published guidance on safer travel for passengers during the Covid-19 pandemic and employers should encourage flexibility as far as possible, such as allowing employees to travel at off-peak times and staggering workers’ hours.
- It is important to have a clear paper trail for any agreed reduction in salary, and hence any reduction in the amount of contributions. However, the contribution rates (as opposed to the amounts) should be the same as normal, and hence all processes and software should function as per normal and, amongst other things, remain compliant with auto-enrolment employer duties.
- However, if the period of affected contributions does not overlap precisely with the period of reduced salary, for example because of different cut-off dates, there may well be instances of non-compliance with auto-enrolment employer duties at the beginning as well as at the end of the period covered by the Coronavirus Job Retention Scheme.
- Accordingly, where an employer takes advantage of the Coronavirus Job Retention Scheme, good communication with the persons responsible for pensions administration and detailed record-keeping are essential to prevent non-compliances in the short-term and confusion in the long term.
It is the individual assessment by an organisation of its Covid-19 risk in its workplace that will be central. There may be common features across sites or areas of a site but every workplace will have a different risk profile depending on the service it offers and the workers who deliver those services. No one size fits all.
The context of managing Covid-19 risk is the need to tie in with UK government guidance and HSE advice – which despite being a lot more comprehensive than it was, is not a panacea and will continue to evolve. The difficulty we have with this in the context of the known increased risk to BAME employees from Covid-19 is that our understanding of the risk is, we would suggest, at a pretty early stage which makes it more difficult to address. However we know the increased risk exists and we owe our BAME workers a duty to manage that risk and keep them safe.
We also have a duty to consult employees. This is critical in managing this risk – ensuring BAME workers have a loud voice in the assessment process will be very important.
Where an individual has a particular characteristic, for instance they’re pregnant, they have physical or mental disabilities etc, the law requires us to look at that individual or, where it is a group, that group of individuals and assess the risk to them and take any reasonably practicable steps to control the risk to them.
Risk control hierarchy is key. In “normal” businesses we reduce our Covid-19 risk by keeping people away from the workplace – “avoid, eliminate and substitute” then changing work practices (e.g. social distancing measures) before we arrive at PPE. In a healthcare context, we arrive at PPE a lot more quickly.
We need to ensure our people are given sufficient information, instruction and training so they can do their jobs safely and we must consult workers and involve them in workplace safety – this is going to be critical in the context of Covid-19.