Employment & Pensions Blog: ICO guidance for mental health emergencies at work

The Information Commissioner’s Office (ICO) has published new guidance designed to give employers greater certainty when sharing information about their employees during a mental health emergency at work. 

The law allows employers to share personal information in an emergency to help prevent loss of life or serious physical, emotional or mental harm. However, this does not give employers carte blanch to share whatever information they want. This guidance from the ICO is intended to help employers prepare for and navigate information sharing during a mental health emergency.   

What is a mental health emergency?

The guidance recognises that mental health emergencies are more difficult to recognise, particularly as the symptoms of them will vary from person to person. However, for the purposes of the guidance, a mental health emergency is defined as “a situation in which you believe that someone is at risk of serious harm to themselves, or others, because of their mental health.” 

It will be up to employers to judge the situation and whether it meets this definition. However, it seems clear that if there is no risk of harm, the ICO does not believe it qualifies as a mental health emergency. 

Sharing personal information in a mental health emergency

In a mental health emergency where there is a risk of serious harm, the guidance makes clear that employers:

• must consider what their lawful basis is for sharing the information. 
• should focus on sharing information with the right people to protect the person involved, or others from serious harm. For example, notifying emergency services, health professionals or the employee’s point of emergency contact. 
• should only share information which is necessary and proportionate. Employers will need to use their best judgement as to what information is necessary and proportionate to share. The guidance gives the example of it being more necessary and proportionate to give the emergency services a full account of what is happening, and to give the employee’s emergency contact more limited details. 
• should consider whether their ability to share health information is subject to other legal constraints outside of data protection. For example, health information, where a duty of confidence may apply and the employee expects confidentiality.

Plan ahead

Medical emergencies are by their very nature unexpected and are often quick moving situations. The best advice for employers is always to plan ahead so they have a procedure in place to help them make quick and informed decisions. In implementing a plan, employers should consider:

• Putting a policy in place setting out the type of information that might be shared in a mental health emergency, who it will be shared with, and how it will be shared securely. 
• The policy should also set out what the employer’s lawful basis is for sharing the information, and given that health information is classed as special category data, the policy should identify a special category condition. The ICO’s guidance sets out the lawful basis and special category conditions that are most likely to apply in a mental health emergency.
• Making sure employees are aware of the policy, to ensure there is complete transparency in how their personal information can be used. 
• Training managers, mental health first-aiders and key personnel in how to handle personal information in a mental health emergency. 
• Ensuring employees keep the details for their emergency contact/next of kin up to date. Given health information is more sensitive than other types of information, employers could go one step further and give employees the option of having one point of contact for general emergencies, and another point of contact for mental health emergencies. 

Comment

The ICO’s confirmation that data protection does not prevent employers from sharing information during a mental health emergency will be welcomed by employers, as will the guidance more broadly, as it will help them navigate what would be a very challenging situation.

Whilst the guidance is helpful, employers still have to use their reasonable judgement in assessing whether it is a genuine emergency, and in ensuring that the information they share is necessary and proportionate. As ever, planning ahead will help businesses better manage the situation, and it will minimise the possibility of (despite having the best of intentions in trying to help someone) accidentally breaching data protection. 

If you need any advice on managing your data protection obligations during mental health emergencies, or otherwise - please contact a member of our Employment team.