What should I do if I think this is relevant to my contracts?

Hopefully, further guidance will provide additional clarification on this, but it is difficult to see how a charity whose operations have been significantly curtailed because of the Covid-19 restrictions, cannot furlough employees and access the scheme, in particular where they have several different income streams. For example if a charity’s retail or fundraising operations have been significantly curtailed due to the restrictions, then it would appear unfair for it not to able to rely on the furlough scheme to assist in the funding of the employment costs associated with this part of the charity.

However, it might be prudent, where there are services that are publicly funded and employees working within those services cannot undertake their normal work, to consider if they can do different roles to work on Covid-19 activities. If there is no such work available then the guidance does appear to allow the furloughing of employees and such organisations to access the scheme.

In our experience, the funding streams and work undertaken by the organisations that could fall into the third category identified above can be exceptionally diverse and we would strongly recommend that you take advice before making such decisions about furloughing employees.

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

The government has produced a series of industry specific “Covid-19 Secure” guidelines, which employers should follow. These guidelines are designed to keep the risk of infection as low as possible, while allowing as many people as possible to resume their livelihoods.

As their employer, you have an overriding duty to provide a safe system of work. The Trust would not be able to run a defence to say that an employee “waived their rights” and chose to continue to work. Provided the decision around restricting duties has been carefully thought out, a full risk assessment undertaken and the employee has been truly consulted about the impact on them, then the decision taken will be a reasonable management instruction. Failing to follow that reasonable management instruction could amount to a disciplinary offence.

The basics of health and safety law requires that employers take “all reasonably practicable steps” to ensure workers’ safety and that a suitable and sufficient assessment of risk is undertaken. It is the individual assessment of Covid-19 risk in each workplace that will be central. Employers will be required to conduct a robust risk assessment and then, following the hierarchy of controls, put robust processes and safeguards in place to address those risks.

UK government guidance and HSE advice is continually evolving, which in practice means that any risk assessment will need to be reviewed very regularly as that guidance develops. There is flexibility for individual businesses within the overall government framework and there will need to be a process of evaluation to ensure that the measures in place continue to meet the requirements.

The starting point of avoid, eliminate and control means looking at individuals continuing to work from home where possible (the fewer the number of people back in the workplace the lower the risk), and if not look at risk management, which leads to administrative controls – i.e. changing work practices before ending up at PPE. PPE is generally seen as control of last resort but in practice – facemasks, disposable gloves and constant prompts to wash hands for example.

In terms of changing working practices, employers should be thinking about:

• the workspace and how this is laid layout
• how do we make sure it is kept clean and hygienic
• how do we keep people apart
• how can we use toilets, canteens or other shared spaces/facilities safely
• how do we promote and enable higher levels of workplace hygiene
• if we are going to rely on PPE – can we get it, and is it suitable
• what about limiting customer interactions
• will there be enough first aiders on site
• can we manage fire safety, deliveries etc
• what about higher risk workers
• should work tools and equipment be allocated on an individual basis to employees.

These decisions need to be recorded and clearly communicated to staff members.