JUNE 19, 2020

Covid-19: Data Protection and Employee Health

While Covid continues to subside, employers have a heightened responsibility for the health and safety of all employees, particularly as businesses return to the workplace. To the best of their ability, employers are required to maintain a Covid free environment and ban symptomatic employees from returning to their place of work. In this blog, Goldstein Legal will explain the guidelines for the management of employee health data and provide data protection guidance for those working from home.

Employee Health Data

The Information Commissioners Office (ICO), the UK body responsible for overseeing data protection, have released a 6-step guide advising on the collection and management of employee health data in light of the pandemic. The guide has been developed specifically to enable employers to adequately manage health related data as their employees return to work. The ICO advises employers to consider the following, and remain vigilant of employee health concerns at all times:

  1. Only collect and use what is necessary – Employers should only request health data that is necessary to keep their employees safe. Any request for the provision of personal health data should be reasonable and proportionate in the circumstances
  2. Keep it to a minimum – It is important not to collect data that the business does not need. Employers may take the view that the collation of Covid test results are sufficient
  3. Be clear, open, and honest about their data – Employers should be open and clear about the storage and use of employee health data. If the data may mean that an employee is required to take time away from work, such as a positive Covid test, these measures should be communicated from the outset
  4. Treat people fairly – A policy should be drafted to ensure that all employee health data, and any further action required, shall be handled fairly and in a non-discriminatory manner
  5. Keep data secure – As with any other data, all employee health information is to be maintained securely, in accordance with the retention policy, and access should be restricted as required
  6. Employees must be able to exercise their information rights – Employers should inform employees of their rights over the data, and not restrict or affect those rights in any way

The full guide is available at the following link – https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/coronavirus-recovery-six-data-protection-steps-for-organisations/

Working from Home

Current government advice is to permit at home working for employees who are shielding, those with Covid symptoms, and where social distancing is not an option in their normal working environment. Employees that work from home must remain data protection compliant and employers should consider the following:

  • Use of Personal Devices – Permitting employees to use their personal devises at this time may be unavoidable. However, it is important to ensure that any such device does not leave your system or data exposed. Employers should ensure all devices are updated, have sufficient protections in place, and adequately support their network and software. Each device should be password secured, and it should be made clear to employees that all company data is to be held in a separate storage area which is hosted remotely.
  • Video Conferencing – The use of video conferencing software has increased exponentially during the pandemic. Most programs have privacy and security features, including password controlled meetings and restrictions permitting the organiser to control those that enter. Employees should be vigilant when sharing meeting links via email and remain wary of suspect invitations that may be phishing for data access
  • Policies, Security, Risk Assessments and Remote Working – Employers should assess the risk of any new IT solution, program, or similar, that is implemented to facilitate home working. In particular, employees will be relying on access to cloud storage and remote data sharing while at home. Employees should also update software and passwords regularly and implement multi-factor authentication. Employers that do not currently operate remote access should consider implementing these measures, especially for employees that manage ‘info’ or ‘admin’ accounts as these are often targeted. Employers are encouraged to reassess their existing policies and carry out additional training in order to mitigate the increased risk and remain compliant.

How can we help you?

Goldstein Legal is part of Nexa. Goldstein Legal are members of the British Franchise Association and offer a range of legal services for franchisors and franchisees, regularly advising both businesses and individuals. Contact any of our friendly team for a confidential, no obligation chat to find out how we can help you.
Roz Goldstein

Roz Goldstein

FOUNDER & COMMERCIAL LAWYER

Ready to get started? Arrange your initial consultation today.

Get in touch

ADDITIONAL SERVICES

You may also be interested in

white-property (1)

Franchise Resales

Our expert franchise lawyers have years of experience dealing with franchise re-sales.

white-property (1)

Franchise Property & Leases

Property is often a company's single biggest asset. To get the most from it, you need a legal team you can rely on.

white-property (1)

Get in touch today

To arrange a no-fee initial consultation with one of our expert franchise lawers.

Our Latest News

We regularly blog on subjects related to franchising in the UK, commercial law and employment law.

Goldstein Legal’s founder, Roz Goldstein to retire from Leading Goldstein Legal in September 2023

Goldstein Legal’s founder, Roz Goldstein to retire from Leading Goldstein Legal in September 2023 Goldstein Legal, the legal franchising boutique that operates from Nexa, the consultancy platform, announces that founder...

Goldstein Legal Goldstein Legal

My legal life: Roz Goldstein, Goldstein Legal – Eyes on the Franchise Prize

My legal life: Roz Goldstein, Goldstein Legal - Eyes on the Franchise Prize  I went to Bristol Polytechnic (now the University of West of England) to do my law degree...

Goldstein Legal Goldstein Legal

Goldstein Legal Follow

Leading commercial law firm based in Windsor with clients all over the UK. Specialists in franchising, commercial property, employment law, IP & brand licensing

Avatar
Avatar Goldstein Legal @goldsteinlegal ·
8 May

There is just a few hours left to get your tickets to the Encouraging Women into Franchising Awards next Thursday afternoon in London. Check out @EWIF_UK for tickets or go straight to their website:

Reply on Twitter 1920455966358655343 Retweet on Twitter 1920455966358655343 Like on Twitter 1920455966358655343 X 1920455966358655343
Avatar Goldstein Legal @goldsteinlegal ·
2 May

Interesting First Friday session today with real time AI demonstrations. Thank you to The Franchise Company for organising.

Reply on Twitter 1918320425349599625 Retweet on Twitter 1918320425349599625 Like on Twitter 1918320425349599625 1 X 1918320425349599625
Avatar Goldstein Legal @goldsteinlegal ·
25 Apr

Getting your Franchise Agreement reviewed is a key part of your due diligence process. The agreement is usually non-negotiable, so the review is about making sure you understand the obligations within the agreement. Take a look to see how we can help you

Reply on Twitter 1915724603780968486 Retweet on Twitter 1915724603780968486 Like on Twitter 1915724603780968486 X 1915724603780968486
Avatar Goldstein Legal @goldsteinlegal ·
10 Apr

A busy week in the franchise industry: collaboration stations, forums, socials, exhibitions and today the Franchise Innovation Think Tank. Goldstein Legal attended the BFA forum yesterday. Today and tomorrow off to Excel to catch up with our franchising clients and colleagues

Reply on Twitter 1910297015507886286 Retweet on Twitter 1910297015507886286 Like on Twitter 1910297015507886286 1 X 1910297015507886286
Load More