What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
In the event that the worst happens and contractor insolvency occurs, there are a number of steps which the employer should take immediately:
- Confirm that insolvency has actually occurred and the type of insolvency (for example liquidation or adjudication) – actions taken based on rumours can have adverse consequences
- Secure the site and carry out an audit of the plant, equipment and materials present – this may extend to changing the locks on site in order to prevent overzealous contractors and sub-contractors seeking to return and take what they see as their possessions. The building contract may contain a provision that these are the employer’s property, but they can be difficult to recover if they are not within the employer’s possession – possession is 9/10ths of the law!
- Ensure that there are adequate insurance and health and safety arrangements in place for the site – these would usually be dealt with by the contractor and therefore may no longer be in place, so alternative arrangements may be required
- Ensure that any further payments to the contractor are stopped pending a more detailed review
- Consider whether any off-site materials have already been paid for and can be secured. This can however be difficult in practice where the materials are not physically within the employer’s possession
In addition, there are also a number of further actions which the employer should consider in the slightly longer term:
- Investigate the options available and ascertain the cost of completing the works to assist in deciding how best to proceed
- Consider whether termination of the contractor’s employment under the building contract is required, and if so take the necessary steps in accordance with the building contract
- Consider whether there are any bonds or guarantees in place upon which the employer can rely, and if so assess their terms as to whether and how to make a claim
- Make arrangements to complete the works – as a general rule of thumb the cost of completing the works may increase by around 30% if it is necessary to get a replacement contractor
- Consider whether direct payment to subcontractors is possible or desirable
- Although we would say this(!) we would strongly recommend taking legal advice, as insolvency and its implications are complex and it is easy to inadvertently fall foul of the various different requirements
The reality of these unprecedented times is that enforcement of health and safety legislation by the HSE (particularly through the criminal courts) in relation to Covid-19 is an extremely unlikely outcome.
It has also been proposed in the Corporate Insolvency and Governance Bill that public companies who were due to file their accounts in the period from 26 March 2020 to 30 September 2020 will have until the earlier of the 30 September 2020 and the date which is 12 months after the end of their relevant accounting period to do this.
This is separate from the pre-existing scheme, announced on 25 March 2020, whereby companies can apply to Companies House for a 3 month extension for filing their accounts.
Employees on Flexible Furlough can engage in training during hours which you record your employee as being on furlough, as long as in undertaking the training the employee does not provide services to, or generate revenue for, or on behalf of their organisation or a linked or associated organisation.
Where training is undertaken by furloughed employees during hours which you record your employee as being on furlough, at the request of their employer, they are entitled to be paid at least their appropriate national minimum wage for this time.
If the duties are so fundamentally different from their contracted role, then yes. For example, if you are asking a frontline clinical member of staff to undertake administrative tasks in another area, then this will be a fundamental change to their terms and conditions for which you need their consent.
If there is a minor alteration to their duties, or the clause within their contract is wide enough to cover their amended duties, then arguably to do not need their consent but best practice would be to obtain their agreement.