12/06/2020
1
We recommend thatyou use the latestversion of one of thefollowing browsers toparticipate in ourwebinars
Google Chrome Safari Firefox
Opera Microsft Edge
• The Legal Implications
• PrivacyImplications
• Infection Prevention
1
2
12/06/2020
2
COVID-19 Infection Prevention and Legal Implications
Dr Roselyn Borg
Mr Angelito Sciberras
12th June 2020
Employer Health & Safety Obligations
3
4
12/06/2020
3
Returning to Work
• Legal Notice 170, 171 & 172 of 2020 permitted various non-essential business to re-open and once again commence operations at the start of May 2020
• On the 22 May 2020, further non-essential businesses (such as hairdressers & barbers, beauticians, catering establishments etc.) have been allowed to re-open
• Various restrictions have been imposed for the health and safety of both employees and persons visiting such establishments
The Law
OHSA Act (Chapter 424)OHSA Act (Chapter 424)
General Provisions for Health and Safety at Work Places Regulations (SL 424.18)General Provisions for Health and Safety at Work Places Regulations (SL 424.18)
All other sectoral Regulations under the OHSA ActAll other sectoral Regulations under the OHSA Act
5
6
12/06/2020
4
Health & Safety
“It shall be the duty of an employer to ensure the health and safety of workers at all times in every aspect related to the
work”
General Provisions for Health and
Safety at Work Places Regulations
(SL 424.18)
Health & Safety
• Employers are legally obliged to safeguard their employees’ health (in general, pandemic or not!), for example by:• Ensuring the provision of sufficient safety equipment and
machinery
• Rectifying/repairing any hazard
• Maintaining adequate levels of cleanliness and hygiene
• Informing workers/representatives of the health and safety measures in place and putting in place adequate signage where required
7
8
12/06/2020
5
Privacy Implications
• Special category data is personal data that needs moreprotection because it is sensitive.
• In order to lawfully process special category data, youmust identify both a lawful basis under Article 6 of theGDPR and a separate condition for processing underArticle 9. These do not have to be linked.
Privacy Implications
Processing of special categories of personal data
Art 6
Processing is lawful if based on one of the following legal basis
9
10
12/06/2020
6
Privacy Implications
Processing of special categories of personal data
“processing is necessary for the purposes of carrying out the obligations
and exercising specific rights of the controller or of the data subject in the
field of employment and social security and social protection law in so far
as it is authorised by Union or Member State law or a collective agreement
pursuant to Member State law providing for appropriate safeguards for
the fundamental rights and the interests of the data subject”
Art 9(2)(b)
Privacy Implications
Processing of special categories of personal data
“processing is necessary for reasons of public interest in the area of public
health, such as protecting against serious cross-border threats to health or
ensuring high standards of quality and safety of health care and of
medicinal products or medical devices, on the basis of Union or Member
State law which provides for suitable and specific measures to safeguard
the rights and freedoms of the data subject, in particular professional
secrecy”
Art 9(2)(i)
11
12
12/06/2020
7
Penalties
If an employer violates the OHSA Act or any of its Regulations may be liable to:
• Imprisonment for up to 2 years
• Fine (multa) of between €465.87 and €11,646.87
• Both the fine and imprisonment
• The cancellation of licences, warrants or permits issued to the employer
Penalties
If an employer violates the GDPR it may be liable to:
• Administrative fines equivalent to 4% of the annual global turnover or €20m whichever is the highest
• May also be sued for moral damages
13
14
12/06/2020
8
Anticipating the New Normal
Health & Safety - Employer Obligations
Employers must arrange for “the effective planning, organisation, control, monitoring and review of the preventive and protective measures” required.
General Provisions for Health and
Safety at Work Places Regulations
(SL 424.18)
15
16
12/06/2020
9
Potential Hazards
The law furthermore obliges employers to:
• “identify hazards at the place of work”
• “evaluate those risks to the health and safety of workers which cannot be avoided and shall combat them at the source”; and
• “adapt the work to the individual”
Risk Assessments
• A risk assessment will, quite literally, assess your risks
• Ask yourself the following:• How many people do you employ? Any vulnerable persons?
• How much of your business is client-oriented, if at all?• Do your staff move around a lot, or is their work sedentary?
• What is the average footfall in your premises?
• How are your cleaning procedures split?
• Have you already taken action since the pandemic crisis began?
17
18
12/06/2020
10
Risk Assessments
• Risk assessments will serve as evidence of your attempts to recognise the problems and risks present
• Risk assessments are live documents - they should be consulted, checked and updated regularly.
• If your assessment concludes that certain action needs to be taken, ensure that you follow-up on that. Otherwise, the purpose of the assessment is defeated.
Transparency
• Employers are legally obliged to inform their employees on best practices to be adopted.
• Employees must be informed on what new measures are being adopted, especially if they are rather stringent in nature.
• Remember, the law clearly states that it is up to YOU to ensure your employees follow the adopted standards, so you must always be prepared to prove that you have done all that can be reasonably expected of you.
19
20
12/06/2020
11
Transparency
Employer’s obbligation when processing personal data
“Where personal data relating to a data subject are collected from the
data subject, the controller shall, at the time when personal data are
obtained, provide the data subject with all of the following information:
[...]
(c) the purposes of the processing for which the personal data are
intended as well as the legal basis for the processing”
Art 13(1)
Transparency
Employer’s obbligation when processing personal data
“the period for which the personal data will be stored, or
if that is not possible, the criteria used to determine that
period;”
Art 13(2)(a)
21
22
12/06/2020
12
Vulnerable Persons
• Will you ask vulnerable persons to inform you if they fall within this category? - This cannot be obligatory. The privileges allowed to vulnerable persons are optional, not mandatory.
• Will you inform employees over 65 years of age, or whose vulnerable conditions you are aware of, that they may not come to work?
• If vulnerable persons opt to not come to work, will you ask to keep a copy of the official letter issued to them?• Are you justified in making such a request?• For how long would you keep it on file?
Teleworking Employees
• Throughout the past weeks, you may have made arrangements for employees to telework. Now that business is returning to normal, make the following considerations:• Can they return to work now?
• Do they need to return to work?
• Do they wish to return to work?
• Are they teleworking because they are vulnerable persons/parents caring for their children?
23
24
12/06/2020
13
Teleworking Employees
• If you will commence/continue teleworking practices, you should have a Teleworking Policy in place
• The Policy shoud also regulate the teleworking relationship and what is expected of the employee.
• You may even make more specific and individualised agreements if you have specific requirements/are making particular arrangements for certain employees.
Teleworking Employees
• The Teleworking Policy shoud also regulate • monitoring procedures,
• equipment and connection use
• access
• data privacy implications
• If your employees would be using their own devices (ex. laptops, phones etc.) from home, make sure you have a Bring Your Own Device (BYOD) Policy in place.
25
26
12/06/2020
14
Online Meetings
• Find a safe and reputable platform to hold them on.
• Avoid sharing personal data via such platforms and as much as possible continue using your regular platforms to do so.
• Employees are made aware that they should only use the employer-approved and licensed online meeting platform.
• Attendees should be informed if meetings are being recorded, they should be informed on purpose and retention period aswell among other things
Health & Safety - Employer Obligations
Employers are also obliged to train employees on any action taken in terms of compliance with health & safety legislation.
General Provisions for Health and
Safety at Work Places Regulations
(SL 424.18)
27
28
12/06/2020
15
Training
Training sessions should be organised, covering various aspects such as:
• Sanitation practices
• Where necessary, how to correctly wear/remove masks and gloves
• How to recognise viral symptoms
• What to do in case of viral symptoms
• Reporting procedures
• Enhanced cleaning routines, for cleaning staff
• Disciplinary action in the case of misdemeanours
Make sure that training is segregated and not organised for huge numbers without providing adequate space between attendees.
Cleaning & Sanitation
• Employers are obliged to ensure that employees are aware of the sanitary standards expected of them. Ensure that clear, concise instructions are set out in writing.
• Employees should be obliged to sign (acknowledge) that they have read such instructions & guidance.
• Where possible, put up notices - hand washing guide near sinks, reminders to use sanitisers where necessary, notices to maintain social distance, etc.
29
30
12/06/2020
16
Back to Work - What Now?
Social Distancing
• The pillar of contagion prevention has always been and will remain social distancing.
• Employers are responsible to ensure that they are taking all necessary precautions to ensure that their employees and visitors have all the necessary knowledge and amenities to practice social distancing.
• This applies to desk placing, client interaction, lunch breaks, etc.
31
32
12/06/2020
17
Personal Protective Equipment (PPE)
• Consider what kind of PPE is required, if any, for your employees - masks, body suits, gloves etc. (depends on your industry).
• If you oblige employees to make use of some kind of PPE, even if by wearing masks, you must justify why this is being done, and teach them the proper use, removal and disposal of the PPE used.
• Objections to wearing PPE must be assessed subjectively:• Why is the employee refusing to wear the PPE?• Why is the employer obliging the use of the PPE?• What may the effects of non-compliance be on the other
employees?
Entering Work Premises
If employee temperatures are checked upon entry, there will be entrance clogging.• Is it a possibility for you to consider segregating employee
arrival times?• Can you group employees up to use separate entrances
instead?
Temperature readings need not be retained, but may be automatically deleted once taken. The person taking the readings decides there and then that a person should not be allowed entry due to high temperature.
33
34
12/06/2020
18
Entering Work Premises
How do you record employees time & attendance?• palm/fingerprint reader• signing• face recognition• access card
You might need to consider:• suspending• changing• allowing for temporary removal of PPE• enforce sanitization before and after
Face-to-Face Meetings
• While face-to-face meetings should be avoided as much as possible, if they occur, then adequate distancing must be maintained between attendees.
• Records of meeting times, locations and attendees must be kept:• Establish a method (preferably electronic) for recording such data
• Appoint a person to collect and maintain a database of this data
• If attendees are not employees, make sure contact details are kept
• Ensure that all persons are informed of the reason why such data is being collected and retained
35
36
12/06/2020
19
CCTV & Thermal Cameras
• Surveillance cameras at the workplace may be installed. Justifications for this data processing must be made clear and in writing (DPIA).
• A retention period must be set according to authoritative guidance.
• If cameras are being installed for disciplinary purposes, this must be made clear to all employees. The employer must consequently also explain that in the case of an investigation, the recordings may be kept until a conclusion is reached.
• Before deciding to use thermal cameras, learn their technical abilities and what data they collect.
Visitors
• If there is a reported case at the workplace, contact tracing will have to be made, and this will include any visitors to the premises
• If possible, put in place a system to record:• visitor arrival and exit times• who they will be interacting with (or have interacted with, if
possible)• Contact details
• Inform them of the period of retention (recommended: 3 weeks) and the reason why this data is being held
37
38
12/06/2020
20
Collecting Employees Data
• Changes to existing Employees’ Privacy Notice*
• Include COVID-19 data processing notices in the Back to Work Policy
* You may also need to update candidates’ & clients privacy notices
Data Retention
For how long do you need to retain any data collected for the reasons discussed during this presentation (or any other reason relating to infection prevention and adherence to the law)?
39
40
12/06/2020
21
Disciplinary Action
• Adherence to health & safety guidelines and procedures is crucial and employees must be made aware of this.
• They must also be made aware that breaches of such rules may result in disciplinary action. Having such an notice in writing (together with acknowledgement that employees have read it) is essential to protect yourself.
Back to Work Policy
What would such a policy cover?
• Information on the pandemic situation at hand
• Plans for phased returns
• New measures to be adopted
• What hygienic standards are expected of employees
• Treatment of visitors
• What happens in the case of an infection detection
• Privacy Notices
41
42
12/06/2020
22
Back to Work Policy
What would such a policy cover?
• Preparing for what is to come• Employees testing positive
• Antibody screening• Vaccine
• Travelling for work
• Travelling for pleasure
Your COVID-19 File
Having all evidence on file is necessary to prove that you have taken all necessary health & safety precautions in the case of any inspections or claims. You should retain evidence of:
• Risk Assessment & actions taken on conclusions
• Re-opening plans
• Guidance given to employees on new H&S practices
• Action in the case of detected infection (plans, reports of actual detection, action taken by the authorities, conclusions and recommendations)
• Necessary data privacy notices
43
44
12/06/2020
23
Your COVID-19 File
Question Time
• The Legal Implications
• PrivacyImplications
• Infection Prevention
45
46
12/06/2020
24
• Risk Assessment
• Back to Work Policy
• 30 minute on demand employees’ training
47
48
Top Related