As lockdown restrictions start to ease and businesses begin to reopen, the ICO has set out the key steps organisations need to consider around the use of personal information. The six data protection steps for organisations addresses questions about the rules around organisations collecting additional personal information to provide a safe environment for their staff. The ICO point out that data protection does not stop employers asking employees whether they are experiencing any COVID-19 symptoms or introducing appropriate testing, as long as the principles of the law – transparency, fairness and proportionality – are applied. The six key data protection steps covered in the guidance are: (a) Only collect and use what’s necessary; (b) Keep it to a minimum by collecting only the information needed to implement their measures appropriately and effectively; (c) Be clear, open and honest with staff about their data; (d) Treat people fairly; (e) Keep people’s information secure; and (f) Staff must be able to exercise their information rights.
This provides summary information and comment on the subject areas covered. Where employment tribunal and appellate court cases are reported, the information does not set out all of the facts, the legal arguments presented and the judgments made in every aspect of the case. Employment law is subject to constant change either by statute or by interpretation by the courts. While every care has been taken in compiling this information, we cannot be held responsible for any errors or omissions. Specialist legal advice must be taken on any legal issues that may arise before embarking upon any formal course of action.
