What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
The General Medical Council (GMC) have published guidance online for doctors during this time of uncertainty.
Alongside this, their website displays guidance for temporary registration to approximately 15,000 doctors, who left the register or gave up their licence to practise in the last three years.
These clinicians have been contacted to assist with the growing pandemic, outlining the process they would follow and informing them of their right to opt-out. The Secretary of State for Health can ask the GMC to grant such registration under Section 18a of the Medical Act 1983, in an emergency.
At the discretion of the lender, the Scheme may be used for unsecured lending for facilities of £250,000 and under.
Lenders were required to demonstrate lending additionality (i.e. lending that without the Scheme, wouldn’t have otherwise taken place). The Scheme has been extended to those businesses who would have previously met requirements for a commercial facility and would not have been eligible for CBILS. As a result it is suggested that all viable small businesses affected by Covid-19, and not just those unable to secure regular commercial financing, will now be eligible should they need finance to keep operating.
Primary Residential Property cannot be taken as Security under the Scheme. If the lender can offer finance on normal commercial terms without the need to make use of the Scheme, they will do so.
The practicalities and processes regarding disrepair claims will undoubtedly be affected. Housing providers will have to adopt a risk-based approach and consider government guidance to handle claims going forward. Key points to consider are:
- Compliance with the Pre-Action Protocol for Housing Conditions Claims (particularly disclosure)
- The practicalities of inspection
- Non-urgent repairs
An employer has a duty of care to its workforce and must take reasonable precautions to protect the health and safety of employees. Employers also have a duty of care towards anyone entering or using their place of business, such as visiting clients or customers.
This means that if an employer reasonably believes that wearing face masks at work is appropriate and necessary, it can issue an instruction to employees to this effect and employees should abide by this as far as possible.
However employers should be cautious about introducing and enforcing a policy across its business which requires its staff to wear face masks as there is the risk of unlawfully discriminating against people who are exempt from wearing face coverings or have legitimate reasons for not doing so. An employer should also consider the duty to make reasonable adjustments for disabled employees and discuss any concerns raised by employees who do not want to or feel unable to wear a mask.
An amendment to the Civil Procedure Rules’ Practice Directions has been approved by the Master of the Rolls and the Lord Chancellor on 1 April 2020, and is now Practice Direction 51ZA. This has the effect of allowing the parties to extend by prior written agreement up to a maximum of 56 days (rather than the usual 28 days detailed at CPR 3.8(4)) any rule, practice direction or order provided that any extension does not put at risk any hearing date. This Practice Direction will cease to have effect on 30 October 2020.
Additionally each regions’ Designated Civil Judge (DCJ) has issued a Covid-19 Protocol. There are some minor variations between the regions, but overall the guidance is very similar.
In Northumbria, Durham and Teesside the DCJ guidance for multi-track cases provides that “The parties are at liberty to extend, by consent, any step in the timetable up to a maximum of 90 days (as opposed to the present limit of 28 days)” and the Court does not need to be notified if the Trial date is not effected. Where Trial windows are likely to be impacted due to Covid-19 and the parties are in agreement to extending this, a letter can be sent to the Court with a draft order proposing a new timetable, including a new trial window and agreed availability within the trial window.
The same guidance also confirms that an electronic signature on all documents including witness statements and disclosure statements will suffice.