Several codes of practice and guidance materials have been published and could affect your business.
From the Information Commissioner's Office (ICO):
From the Equality and Human Rights Commission:
A person about whom you hold personal data (e.g. a customer or employee) can make a DSAR to exercise their right to access that information. They can ask you to reveal what data you hold on them and why.
You must respond to the DSAR within a month of receiving it. The old guidance gave 3 situations when this timescale could be 'paused'.
One of these was where you need more information about the request so you can respond, e.g. asking the requester why, or the dates when, the data may have been processed. The new guidance removes this as an acceptable pausing situation.
Age appropriate design code of practice
This code outlines how online services should and shouldn't use children's (under 18) personal data. It contains 15 standards about processing such data that should be built into the design of the services.
An online service includes any service that's likely to be accessed by children, not just those designed specifically for them. It can include apps, web-connected toys, search engines, social media platforms, messaging services, gaming and streaming services, and educational websites.
The code will be laid before Parliament and once in force (possibly autumn 2021), you'll have 12 months to comply.
Direct marketing code of practice
This will replace the ICO's current guidance and is currently in draft form for public consultation. The code, among other things, considers areas not currently covered, such as online advertising, including social media, subscription TV, on-demand services, facial recognition/detection and in-game ads. It's relevant if your business engages in direct marketing.
The consultation is open until 4 March 2020. After that a final draft will go before Parliament, which will have 40 days to reject or approve it. If approved, it'll come into force 21 days after the ICO issues the code.
Sexual harassment and harassment at work: technical guidance
This new guidance is likely to become a statutory code of conduct and includes:
The guidance about DSARs is actually not all that new – it was released last August, but wasn't widely commented on, so you may have missed it. If you did, it's important to know your obligations.
If your business is likely to be affected by the new codes of practice on age appropriate design and direct marketing, make sure you understand the potential impact on your current practices and processes in order to stay compliant with data protection law. Once in force, the ICO will rely on them when considering complaints, likely meaning fines and other penalties for non-compliance.
Familiarise yourself with the new harassment guidance and ensure your business meets its responsibilities. If it does become a statutory code of conduct, employment tribunals will look at whether or not you've followed it before reaching their decision.
We have a Privacy Notice for employers that sets out what information you hold on a person working for you, how you'll use it and for what purpose. It also tells them about their privacy rights and how the law protects them.
Our Employee handbook sets out the duties and responsibilities of employees and includes policies on harassment and equal opportunities.
Given the widespread publicity it received, there's a good chance you've already read about the recent employment tribunal ruling on ethical veganism. For the first time, a tribunal decided that ethical veganism can be a philosophical belief under discrimination laws.
An employee told his employer that its pension fund investments included companies that carried out animal testing, going against his vegan beliefs. The employer took no action, so he alerted colleagues and was then dismissed for gross misconduct. He claimed his dismissal was because of his philosophical belief in veganism and was therefore discrimination. The employer said he was dismissed for disobeying a management instruction and inappropriately trying to influence staff pension choices. That issue hasn't yet been settled by the tribunal – they first had to decide if ethical veganism can be a 'philosophical belief' under the Equality Act. They decided it was.
The tribunal came to this decision because they felt that, in this case, all the following applied to ethical veganism:
There are several points worth noting from this.
Ethical veganism is more than just a vegan diet – it's also about trying to avoid any contact with anything that involves animal exploitation. It's unlikely someone who simply eats a plant-based diet would get the same result at a tribunal. Nor is it likely to be enough for someone to simply say they're an ethical vegan – a tribunal would need evidence of their lifestyle in order to be satisfied that their belief can be classed as a philosophical belief.
The employment tribunal didn't change the law, it applied it to a new and common belief. However, their judgments don't have to be followed by other employment tribunals, or courts. This tribunal made its decision based on the facts and evidence available. If this issue comes up again, it's possible the result could be different.
This ruling shows how it's possible for other beliefs to potentially come under the Equality Act's protection. Another recent ruling did just that for an employee's belief in Scottish independence. Other beliefs can qualify if, when brought to a court or tribunal, they satisfy certain criteria like those listed above.
You shouldn't ignore this decision. There are some obvious precautions to take if you employ anyone who is an ethical vegan, or, arguably, anyone who holds a strong belief that influences their lifestyle: make sure other staff aren't harassing or victimising them by making offensive jokes or remarks about it, as this could be direct discrimination.
Other implications are less obvious. It's possible that failing to provide vegan canteen options, vegan-friendly bathroom toiletries, or even non-leather desk chairs could all be indirect discrimination if you can't justify why.
We'll continue to monitor this and other similar issues and keep you updated of any developments.
Our Employee handbook includes policies on harassment, equal opportunities and dismissal. We also have a suite of Disciplinary letters that deals with each step in the process.
The Health and Safety Executive (HSE) has released a summary of the latest annual statistics for Great Britain. We've set out some of the key information below; the full report is available here.
While the statistics are broadly in line with the previous year's, 1.4 million work-related illness sufferers is a big number and the cost to employers is in the region of £3 billion. You can minimise risks and hazards in the workplace by completing a health and safety review. You can use our health and safety documents to do this this:
Along with our detailed health and safety law guide, these should help you keep your staff safe and your business compliant with the law.