June 2020 Newsletter
The Institute of Legal Research & Standards
JUNE 2020 – ARTICLES & ITEMS OF INTEREST
DBSI – DATA PROTECTION IMPLICATIONS OF THE RETURN TO WORK SAFELY PROTOCOL
On the 26th June 2020 the Department of Business Enterprise and Innovation published a guidance document titled “Data Protection Implication of the Return to Work Safely Protocol” which provides advice to employers where the measures set out in the Return to Work Safety Protocol (referred to in last month’s Articles & Items of Interest) may result in the processing of personal data and assist employers in complying with their obligations as data controllers under the GDPR and Data Protection Act, 2018.
This document offers guidance notes on specific elements of the Return to Work Safely Protocol: –
- Measure – Develop/Update the Covid-19 Response Plan
- In advance of returning to work the employer will take into account the workers individual risk factors e.g. older workers, underlying illness etc.
- Employers need to ensure all medical information is treated in a strictly confidential manner, only the minimum amount of medical information is collected, existing privacy notices and data protection policies should be updated and provided to all workers setting out how this medical information will be used, securely stored and ultimately destructed when the information is no longer required.
- Measure – Develop or amend policies and procedures for prompt identification and isolation of workers who may have symptoms of COVID-19
- As appropriate employers will: keep a log of contact/group work to facilitate contact tracing.
- The use of the Personal Data contained in these logs should be restricted to the minimum amount of Personal Data required (data minimalisation) and should only be used for the HSE’s official Contact Tracing procedures and not be used by employers for any other purpose.
- Measure – Implementing the COVID-19 Prevention and Control Measures to Minimise risk to Workers
- Employers must establish and issue a Pre-Return to Work Form for Workers to complete at least 3 days in advance of their return to work which seeks confirmation that the worker, to the best of their knowledge, does not have COVID-19 symptoms and should also be used to confirm that the worker is not self-isolating or awaiting the results of a COVID-19 test.
- This form should not be retained by the employer but disposed of or destructed securely as soon as the worker has returned to the workplace or it can be returned to the worker at the point of entry to the workplace.
- Temperature Testing should only be conducted in line with current health advice.
The above is just a brief synopsis of the guidance document, to view it in full see https://dbei.gov.ie/en/Publications/Publication-files/Data-Protection-Return-to-Work-Safely-Protocol.pdf
DPC – DATA PROTECTION IMPLICATIONS OF THE RETURN TO WORK SAFELY PROTOCOL – LEGAL BASES FOR PROCESSING
On the 26th June 2020 the Data Protection Commissioner published its own guidance note relating to the Return to Work Safely Protocol and the aforementioned guidance note.
It discusses Contact Tracing Logs, Return to Work Forms and Temperature Testing and it also importantly identifies the LEGAL BASIS FOR PROCESSING the personal data in the context of implementing the measures recommended by the Protocol.
The view this guidance note see https://www.dataprotection.ie/sites/default/files/uploads/2020-06/Guidance%20on%20Return%20to%20Work%20Safely%20Protocol.pdf
LAW SOCIETY GUIDELINES ON RETURNING TO WORK ON-SITE
In this month’s Law Society Gazette Keith O’Malley head of the Law Society Support Services looks at returning to the workplace and the challenges it brings.
In this article he sets out the 5 phases of the ‘Roadmap for Reopening Society and Business’. He states the Law Society’s Support Services have produced guidelines containing a 12-step approach on how to return to work on-site. This article briefly discusses the 12 steps namely: Risk Assessment – Internal Communications – Working Arrangements – Vulnerable staff – Risk Management – Social Distancing – Workstations – Meetings – Common Areas – Visitors – Teamwork – Work-related travel.
HOW TO CONSIDER THE BEST WORK SYSTEM FOR YOUR ORGANISATION
The Law Society of England and Wales have also issued a guidance note titled “Guidance on how to consider the best work system for your organisation”. This guidance note aims to help firm’s understand how the legal framework could apply to managing workforces while the coronavirus poses a danger to the public’s health and to consider what long term strategic approach is best for your organisation before adapting new work systems.
It poses the following questions and answers/discusses same: –
- Can we be liable if an employee contracts coronavirus at work?
- The Legal Framework.
- Different rules and regulations applying to different countries.
- The impact of coronavirus on working practices could be long-term.
- What policies should be looked at?
- Re-opening offices
- Re-opening your office
- Carrying out a risk assessment and sharing it with your employees
- Choosing who can return to work
- Can staff demand to come into the office
- Can a worker refuse to come into work or leave a workplace of they think its unsafe?
- Is it my responsibility to take into account the risks involved in travelling to the office?
- Managing those classed a vulnerable
- Making special requirements for those the government deems particularly vulnerable to coronavirus
- Is it reasonable for a worker to refuse to come into office because they live with a clinically vulnerable person?
- Am I able to compel a pregnant worker to come into the office?
- Can a worker refuse to come into the office or work certain hours because of childcare commitments?
- Will workers still need to self-isolate if they have symptoms or have been close to someone who is suspected to have the coronavirus?
- Managing the Health of Workers
- Will I have to provide PPE?
- Asking workers to inform me if they have coronavirus
- Testing workers and/or downloading the NHS app
- Are employers obliged to fund an employee’s home office set-up?
- Carrying out a health and safety check for employees who now work from home
- Do I have a responsibility to be concerned for the mental health of my workforce?
- Health and Safety Law and Regulations
To view this guidance note in full see https://beta.lawsociety.org.uk/topics/coronavirus/coronavirus-covid-19-guidance-on-how-to-consider-what-are-the-best-work-systems-for-your-law-firm
SAFE RETURN TO THE OFFICE – TOOLKIT FOR MEMBERS
This month on the 8th June 2020, the Law Society of England and Wales have produced a COVID-19 Risk Assessment Template for law firms, posters re handwashing, two metre distance for common areas, one person in the toilet and a flow chart re staffing decisions.
To view any of the above see https://www.lawsociety.org.uk/support-services/coronavirus/safe-return-to-the-office-toolkit-for-firms/
CYBER-ATTACK AND CYBER-SECURITY
In this month’s Law Society Gazette John Elliot Registrar of Solicitors and Director of Regulation has written a practice note which states due to solicitors’ practices now providing legal services remotely there is an increased risk of a cyber-attack.
He sets out the circumstances of a recent cyber-attack where a sale collapsed and the solicitor received a request for the return of moneys however the bank account details provided were for a fraudulent account and the solicitor transferred the moneys without verifying the details.
John Elliot sets out the best practice in respect of obtaining and verifying bank account details and he also has written a further guidance note on the steps a firm can take to guard against a cyber-attack.
To view both practice notes see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2020/june-2020-gazette.pdf#page=62
GUIDELINE ON REMOTE AND FLEXIBLE WORKING ARRANGEMENTS
This month the Law Society of Ireland has published a Guideline on Remote and Flexible Working Arrangements.
To view this document see https://www.lawsociety.ie/globalassets/documents/news/covid19/guideline-remote-flexible-working.pdf
DPC PUBLISHES TWO YEAR REGULATORY ACTIVITIES REPORT
The DPC has published a two-year Regulatory Activities report under the GDPR to assess the range of regulatory tasks over the period 25 May 2018 to 25 May 2020.