What is The Health and Safety at Work Act?

The Health and Safety at Work Act 1974 is arguably one of the most definitive pieces of workplace legislation in the UK. But what does it do? Why is it so important? And who does it apply to?

Since the burgeoning days of the industrial revolution, health and safety law had played a vital role in the lives of working people across the UK. One of the most important pieces of legislation to emerge since is the Health and Safety at Work Act 1974, which has helped safeguard millions of workers across a wide variety of industries and sectors. However, as with many laws navigating health and safety legislation can often be a minefield of confusing acronyms and vague phrases. As a result, it can be difficult to know exactly what your role and responsibilities as an employer/employee really are.

To help you navigate the health and safety legal lingo, we put together a quick and easy summary to help you understand what the Act is, why it’s so important and how it affects you.

________________________________________________________________________________________________________

What is The Health and Safety at Work Act 1974

The Health and Safety at Work Act 1974 (alternately referred to as the HSWA, HASAWA or HSW Act, case in point) is a piece of health and safety legislation that governs health and safety in the workplace. It also defines the responsibilities of employers and employees, as well as the measures that can be taken by authorities to make sure the act is enforced.

The introduction of the Act was pivotal for a number of reasons. Where previous legislation had mainly focused on particular industries and environments, the HSWA was the first piece of workplace health and safety legislation for all industries to abide by on a national scale. As a result, it covers a wide variety of sectors, from nuclear energy and construction to office and retail spaces. It was also the first of its kind to clearly outline the responsibilities that employees and employers have to ensure workplace health and safety.

One of the key elements of the HSWA is its adaptability. The Act has been amended repeatedly over the course of its history to reflect the changing nature of industries and sectors across the country. These changes to legislation, known as statutory instruments, make sure that emerging health and safety concerns are addressed. Examples of statutory instruments include the Personal Protective Equipment (PPE) at Work Regulations 1992, the Management of Health and Safety at Work Regulations 1999, and the Control of Substances Hazardous to Health Regulations 2002 (COSHH).

Ultimately, the main goal of the Act is to ensure that health and safety measures are preventative rather than curative, encouraging organisations to develop a culture of awareness and accountability.

The Health and Safety Executive

The introduction of the Health and Safety at Work Act 1974 led to the creation of the Health and Safety Executive (HSE), an independent, non-governmental body that regulates health and safety in the UK. The Act gives the Hleath and Safety Executive authority to conduct research in health and safety, pursue concerns regarding dangerous or hazardous working conditions and investigate significant industrial incidents. In serious cases inspectors can shut down operations indefinitely and bring criminal charges against offenders.

 ________________________________________________________________________________________________________

Who does it apply to?

One of the most important functions of the Act is that it applies to all industries, meaning that workers from a wide variety of work environments fall under its jurisdiction. The Act applies to employers, such as managers, directors, employees, self-employed or contracted workers whether they are full-time or part-time workers. It also provides guidelines concerning the safety of non-workers such as guests, clients and the general public in instances where workplaces can overlap with public spaces.  

 ________________________________________________________________________________________________________

The Health and Safety At Work Act Summary  

The Health and Safety at Work Act 1974  is made up of four key sections (known as Parts) which are subsequently broken down into detailed sections. The roles and responsibilities or employers and employees can be found in Part I – Health, Safety and Welfare in Connection with Work, and Control of Dangerous Substances and Certain Emissions into the Atmosphere. It sounds like a lot, but we’ve broken down and summarized the  key sections you should know:

  • Sections 2-9 outline the general duties, roles and responsibilities of employees, self-employed, individuals, employers and manufacturers to ensure reasonable health and safety practices are maintained in the workplace.
  • Sections 10-14 outline the function of the Health and Safety Executive and its powers to conduct investigations and inquiries.
  • Sections 15-17 establish the codes of practice that the Health and Safety Executive must abide by in order to conduct investigations and inquiries.
  • Sections 18-26 detail enforcement guidelines, including relevant bodies of authority and the powers given to health and safety inspectors.
  • Sections 27-28 outline the procedures Health and Safety Executive and Enforcing Authorities must follow to request and obtain information.
  • Sections 33-42 concern offences, specifically what constitutes an offence, collection of evidence and prosecution procedures.   

In other words, Part I covers the who, what, why, and how of health and safety legislation. However ‘general duties’ is quite a vague term, especially when you want to know exactly what your role in maintaining health and safety should be. Don’t worry, we’ve broken it down even further with a summary detailing the responsibilities employers and employees have concerning health and safety in the workplace.

The Health and Safety at Work Act Employer Responsibilities

One of the most important aspects of the Health & Safety at Work Act are Sections 2-6, which outline the responsibilities of employers, self-employed persons and manufacturers to provide and maintain a safe work environment. In short, employers are expected to:

  • Develop a written general policy regarding health and safety in the workplace and to update the policy with changes in legislation. 
  • Provide detailed information and instruction to employees regarding all duties in relation to their health and safety in the workplace.
  • Ensure the health and safety of all employees, visitors and the public in instances where the workplace shares accessible space.
  • Make sure that the workplace is effectively maintained and that access and egress into the work area is safe and without risk.
  • Consult with appropriate trade unions and industry authorities on health and safety matters.
  • Must provide Personal Protective Equipment (PPE) where it is required.

________________________________________________________________________________________________________ 

The Health and Safety at Work Act Employee Responsibilities 

With the nature of workplaces constantly changing year on year, employees should always be aware of their responsibilities in order to be compliant with health and safety regulations. As a result, Sections 7-9 of the act are dedicated to establishing the duties and responsibilities of employees in the workplace. Employees are expected to:

  • Take reasonable consideration for the health and safety of themselves and others who may be affected by their actions in the workplace.
  • Cooperate with the employer to make sure that all requirements and duties regarding health and safety are understood clearly and followed effectively.
  • Refrain from intentionally neglecting or undermining health and safety protocols that have been put in place by the employer.

In short, employees must do everything that is reasonably asked by their employer to ensure health and safety measures are followed.

________________________________________________________________________________________________________

The future of the Health and Safety at Work Act 1974

Undoubtedly the workplace of today exists in a state of constant change. With the rise of the digital revolution, organisations have begun to outsource work to freelancers and digital nomads, slowly moving away from the traditional workplace structure as a result. Additionally, many positions held by workers who interact with dangerous pieces of machine or chemicals have given way to automation, reducing the need for worker oversight. While the future of the contemporary workspace might be uncertain, The Health & Safety at Work Act 1974 continues to serve to help protect millions of workers in the UK from risk.

This article is purely for informational purposes and does not constitute legal advice. For more information regarding the HSWA in the UK visit:http://www.hse.gov.uk/

Insider trading and inside information policy template

What is considered inside information?

All non-public precise information relating to your company, which, if made public, would be likely to have a significant effect on the price of financial instruments relating to your company is considered to be inside information. The existence of inside information must always be reported as soon as possible to the Inside Information Committee (IIC) by any person that suspects that certain information may constitute inside information.

No inside information may be publicly disclosed by other means than official press releases in accordance with the rules. Disclosing inside information by means of sharing such information with other people, such as but not limited to: journalists, analysts, shareholders, employees or other similar persons is strictly prohibited and can constitute a crime. Inside information can only be shared with persons who need access to such information in order to fulfil their professional duties, and as long as they are bound by a duty of confidentiality and are included in the relevant insider list.

Insider trading and inside information policy

All inside information must be handled with care and strict confidentiality in order to avoid a breach. Any employee who suspects a violation of your organisation’s policy must speak up and raise the issue to their immediate manager, or follow the company’s whistleblowing procedures. VinciWorks’ insider trading and inside information policy template can easily be edited to include your business’ reporting procedures and relevant contact information.

Free download

Continue reading

Company Fined for Breaching Work at Height Regulations

Company Fined for Breaching Work at Height Regulations

A ground maintenance business based near Glasgow and a subcontractor have been fined £3,300 for conducting unsafe work at height, highlighting the importance of proper training and control measures.

Inex Works Civils Limited and subcontractor Colin Martin pleaded guilty to breaching work at height regulations during the incident in January 2017. Workers were observed carrying out roof repairs without the appropriate safety measures, throwing brushes and bags to each other between levels and failing to secure their safety harnesses to safe anchor points.

The ruling follows several similar incidents last year where fines ran into the tens of thousands of pounds on several occasions. Working at height is the biggest cause of fatal workplace accidents in the UK, so it makes sense that it’s treated so seriously.

Working at Height Safely

The primary legislation covering this area is the Work at Height Regulations 2005. The Health and Safety Executive (HSE) summed up its main principles for employers: “you must do all that is reasonably practicable to prevent anyone falling”.

Employers are responsible for conducting risk assessments, providing the right equipment and making sure their workers are properly trained to carry out the job. As the Inex Works Civils Limited and Colin Martin incident shows, employers’ duties extend to the subcontractors they hire to complete the work.

Work at Height Training from VinciWorks

Our Working at Height eLearning courses make it easy to deliver engaging training to all employees who are working at height, ensuring everyone is aware of what their responsibilities are and helping employers to avoid the repercussions of unsafe work at height.

Anti-money laundering portal with Omnitrack

In October, it was revealed that banker Howard Wilkinson blew the whistle on Danske Bank in 2013, beginning a five year investigation on the bank. The concerns raised by Wilkinson helped uncover an alarming €200 billion in suspicious payments being made through Danske’s Estonian branch between 2007 and 2015.

The scandal, representing money laundering on a huge scale, threw a spotlight on European banks and their efforts to protect against fraud and precipitated renewed considerations of the effectiveness of regulators’ defenses. Further, the revelation challenged businesses to up their game in installing a culture whereby whistleblowing on suspicious or illegal activity is encouraged, with clear procedures for doing so in place.

The role of anti-money laundering whistleblowers

Whistleblowers are defined as those who expose information or activities deemed illegal or unethical. They have historically played an important role in helping banks protect the economic interests of the UK and clampdown on wrongdoing in the financial services industry.  Whistleblowers who report suspicions of money laundering often have inside knowledge which is vital for fighting such crimes. However, blowing the whistle on such activities can often put them in a vulnerable position; they often know the subject, or subjects, of the allegations personally through their work and are put under pressure to remain silent on the information they hold that can incriminate their colleagues. While whistleblowers are protected by the Public Interest Disclosure Act 1998, making them immune from any repercussions, many feel at risk of personal retribution when making the report.

Continue reading

Asbestos in the News – and the Importance of Risk Assessments

Asbestos in the News – and the Importance of Risk Assessments

A school in Aberdeen was recently criticised for their poor response to the discovery of asbestos in their building.

What could have been done differently? And how could the school have handled the asbestos incident more effectively?

Asbestos in the school building

During work to move a doorway, an apprentice joiner removed a board using a hammer and chisel, but suspected the material contained asbestos, and alerted his supervisor. While the board was wrapped in plastic, and the in-situ board covered over, no action was taken to deal with contamination of the area or to protect people on site.

In fact, 25 people were allowed into the school after the incident. It was only after the risk control team was notified that the correct action was taken. The Unite union’s Tommy Campbell described the procedures put in place as “woeful”.

Thousands of tonnes of asbestos still in place

While asbestos use has been outlawed since 2000, it was widely used as a fire-retardant building material for decades. This versatile material comes in many forms, which is why it remains so prevalent in schools, offices, factories and warehouses – on walls, floors, ceilings and external surfaces.

Forms of asbestos include:

  • Lagging
  • Insulating boards
  • Limpet (sprayed asbestos)
  • Coatings
  • Liquid
  • Cement

Asbestos was used in such a wide range of materials that it may be safer to assume that it is included in a material, unless you have evidence that it does not.

The dangers of asbestos

Breathing asbestos fibres can lead to serious diseases which can take many years to develop. In many cases, once a disease is diagnosed, it is too late to treat the condition.

Asbestos fibres can cause:

  • Asbestosis
  • Mesothelioma
  • Pleural thickening
  • Asbestos-related lung cancer

Your duty to manage asbestos

You have a duty to protect your employees and visitors, whether you own or rent a building. Under the Control of Asbestos Regulations 2012, you have a duty to:

  • Take reasonable steps to identify any materials containing asbestos
  • Presume that materials contain asbestos unless you have evidence that they do not
  • Keep records of the location and condition of asbestos-containing materials
  • Assess the risk of people being exposed to asbestos fibres
  • Create and implement a plan for managing asbestos risks
  • Review and update your asbestos risk plan
  • Notify people who work on, or disturb, asbestos materials in your workplace.

Asbestos awareness training

The Control of Asbestos Regulations make it clear that employers have a duty to raise awareness of asbestos risks. Without this awareness, employees and visitors can be put at risk.

Delivering regular awareness training can be costly and time-consuming. That’s why we created eLearning programmes to cover asbestos awareness, and other key health and safety topics, such as risk assessments and working safely. Our eLearning courses can be delivered on your premises, and the content can be tailored to your organisation, or you can choose off-the-shelf solutions.

The Biggest Data Breaches in 2018 – and what they Teach us about Data Security

Every week we get news of another massive data breach. While some commentators are suggesting that this is the new normal, and that data leaks and hacks are an inevitable part of our connected world, it’s worth looking at the largest data breaches to see what they have in common – and what they can teach us about data security for 2019.

1: Aadhaar (1.1 billion)

Who?

India’s national personal identity card system contains information on Indian residents, including biometric data, names and information on connected services, such as bank accounts.

How?

A state-owned utility company called Indane was tapping into the Aadhaar database using an unsecured API. Hackers cracked the API and gained access to more than a billion records.

2: Marriott Starwood (500 million)

Who?

Marriott is the world’s largest hotel chain. Their Starwood brand operates a rewards scheme, and this database was accessed by hackers. While the breach was reported in 2018, it is believed to be a long-running data leak, stretching back to 2014.

How?

While details of the hack have not been released, the US government has laid the blame at the door of Chinese state hackers.

3: Exactis (340 million)

Who?

Exactis is a marketing and data aggregation firm. They hold comprehensive data on most US citizens, including information about preferences, interests and family connections.

How?

Exactis was storing more than 2 terabytes of personal data on a publicly accessible server. The exposed data was detected by a security researcher, who notified the FBI and Exactis, who have since protected the database. The researcher found the open database by using a scanning tool to find unshielded ElasticSearch instances.

4: MyFitnessPal (150 million)

Who?

MyFitnessPal is a fitness and diet-tracking app owned by Under Armour, the athletic clothing company.

How?

Details are lacking. The company has only said that an unauthorised person accessed data. While some user passwords were stolen in the hack, they were encrypted with a hashing function called bcrypt, which means the information is protected.

5: Quora (100 million)

Who?

Quora is a hugely popular question-and-answer site, with millions of active users.

How?

The company has not released details yet, and have only stated that an unauthorised person accessed user records. Quora also stated that they are engaging a forensic technologist to help them trace the cause of the breach and prevent future hacks.

6: MyHeritage (92 million)

Who?

MyHeritage is an online genealogy and DNA testing service.

How?

They don’t know. One of the firm’s security team found a trove of MyHeritage data on an external server. The database includes 92 million records, including names, email addresses and hashed passwords. MyHeritage has engaged an external security consultant to identify the source of the breach.

7: Cambridge Analytica (87 million)

Who?

A Facebook game called ThisIsYourDigitalLife passed user data to several third parties, including Cambridge Analytica, a data analytics company that worked with the Trump presidential campaign to target ads to swing voters.

How?

Because of Facebook permission settings at the time, the game allowed the developer to harvest information on their users, and their users’ friends and contacts. This meant that only 270,000 people installed the app, but the developer was able to pass data on millions of people to Cambridge Analytica.

8: Google+ (52 million)

Who?

Google+ is a social network. In March, Google announced that some Google+ app developers had accidentally been given access to user data. In December, Google announced that a second data breach, which they may have tried to hide, affected 52.5 million users.

How?

The Google+ hack seems to have been caused by a glitch that made user profile information available to app developers. Google is now planning to close their social network.

9: Chegg (40 million)

Who?

Chegg is an online store offering textbooks, tutors and online study support.

How?

An unauthorised third party was able to access a company database that included customer data for Chegg and some of their other brands.

10: Facebook (29 million)

Who?

The world’s largest social network was hacked, exposing sensitive user data including contact information, searches and usage history.

How?

Hackers exploited vulnerabilities in Facebook’s code to get access tokens, which then gave them full access to users’ details.

How can you avoid a data breach?

There are a few patterns in the top 10 data breaches of 2018:

Weak software. Many of these breaches were caused by vulnerabilities or weaknesses in the systems used.

Glitches. Hackers have a keen eye for glitches in software that have unintended consequences. These are ruthlessly exploited to access data that is usually hidden.

Mystery losses. A worrying trend from the top 10 is the number of ‘unknowns’. At the time of reporting, a number of companies have been unable to confirm how the hack was perpetrated.

The main lesson to learn from these examples is that hackers are creative and flexible, and that data leaks from organisations in many different ways.

Internal agents, external criminals, weak software, outdated software connections and APIs, weak passwords, clumsy security practices, social engineering – these are all common components of data breaches.

This suggests that organisations have a lot of work to do to protect every corner of their castle. Hackers look for weak spots in many different areas, and so organisations must address every aspect of their security: software, hardware, people, processes and culture.

Cyber security breaches register with Omnitrack

Image of a cyber security attack

Businesses large and small are continuing to have sensitive data held at ransom and suffer from cyber security breaches. As a result, millions of individuals’ personal data has been compromised, costing businesses billions. For example, 50 million Facebook user accounts were compromised, FIFA documents were leaked, pointing to serious corruption, and around 380,000 British Airways transactions were breached. In many cases, breaches occur a long time before the target is aware or affected users are notified, meaning a lot of damage is done before the issue can be dealt with. For example, in 2013 and 2014, a suspected 3 billion Yahoo users’ accounts were compromised in a breach that was not reported until 2016. Clear reporting procedures are therefore needed to allow all staff to easily report any cyber attacks or suspicions of a breach.

Continue reading

Whitepaper: The California Consumer Privacy Act

California Bill No. 375, also known as the California Consumer Privacy Act, was
approved and passed on the 28th of June 2018. While it won’t come into effect until
January 1st, 2020, it is necessary for all organizations involved to have a comprehensive understanding of the law’s requirements and what is expected of them. The Act is applicable to any business, partnership, company, corporation, or legal entity that operates for the purpose of profiting as well as collects consumer’s personal information from the state of California. While The Act has certain similarities to the EU’s General Data Protection Regulation (GDPR), it’s conditions are somewhat different.

VinciWorks has published a whitepaper that explains the California Consumer Privacy Act and gives guidance on how businesses can comply with The Act.

Download whitepaper

Continue reading

Hand Arm Vibration and How to Protect your Workers from HAVS

Using powerful, vibrating tools can lead to several short-term and long-term health issues – some of which can be irreversible.

If your colleagues are exposed to vibration risks, it’s essential that your company has a plan for protecting colleagues.

Before we look at ways to minimise the risk of hand arm vibration syndrome (HAVS), let’s explore why vibrations are a risk for workers.

What is hand arm vibration?

When vibrations are transmitted into workers’ hands and arms, they can suffer injuries as a result. The vibration typically comes from handheld power tools, hand-guided machines, or by holding materials that are being fed into machines.

Why is hand arm vibration a problem?

If people use vibrating tools (or are exposed to vibration from another source) regularly or frequently, then the vibration can cause two health complaints:

  • Carpal tunnel syndrome
  • Hand arm vibration syndrome (HAVS)

Symptoms of hand arm vibration syndrome (HAVS)

Hand-arm vibration syndrome typically starts with numbness or tingling in the fingers and hands. This can develop into impaired dexterity and pain.

If HAVS develops further, it can lead to significant disability, and sufferers may struggle to grip things, manipulate small objects and may be prone to dropping things. Basic tasks like eating with cutlery can become impossible.

The effects of HAVS may be irreversible – which is why prevention is crucial.

Other effects of vibration

Repeated exposure to vibration can damage the blood vessels in the hands and arms, and also cause musculoskeletal injuries such as arthritis and tendonitis.

Vibration Regulations

It is your duty as an employer to minimise exposure to the risk of vibration. Under the Vibration Regulations you must:

  • Control risks from vibrations
  • Provide information and training to employees on the risks of vibration
  • Monitor health and safety risks.

The Vibration Regulations specify the maximum amount of exposure that is acceptable for your employees, with an exposure action value (EAV) and an exposure limit value (ELV):

  • Daily EAV of 2.5 m/sA(8)
  • Daily ELV of 5 m/sA(8)

Preventing hand-arm vibration injuries

In addition to ensuring that the exposure level does not exceed the limit stated above, it is also your duty to minimise exposure as much as possible.

If your employees are exposed to vibration risks, how can their exposure be reduced? Are there other ways to achieve the same result?

If some risk is unavoidable, ensure that the limits are within the legal threshold, and try to give employees frequent breaks and opportunities to change their work.

Monitor employees for signs of HAVS or carpal tunnel syndrome, and ensure any incidents of vibration-related injuries are reported to the Health and Safety Executive (HSE), in accordance with RIDDOR (reporting of injuries, diseases and dangerous occurrences regulations).

Hand-arm vibration training

Do you have a consistent system for training your colleagues about the dangers of vibrations?

Our eLearning course provides an easy, affordable way to keep your colleagues aware of the dangers and safe from harm.

What should be on your compliance agenda in 2019?

Combination lock showing 2019

This time last year, GDPR dominated the compliance agenda for 2018. Like many promised cliff edges, the data protection ravine many feared business would collapse into didn’t quite materialise. While some websites are still blocking users from the EU due to alleged ‘GDPR’ issues, the shift to a new data protection regime seemed to go not too badly. This isn’t because GDPR isn’t being taken seriously, quite the opposite. The promise of eye-watering fines and enforcement action spurred a multi-industry push to get GDPR compliance right.

For that reason, GDPR stays in the lead of our top compliance trends for 2019.

1. Moving from GDPR compliance to best practice

As GDPR day on 25 May 2018 approached, businesses big and small rushed to get their privacy notices updated and flooded all of our inboxes asking us to accept their new terms of re-give consent. Most of this was pointless and unnecessary, not to mention greatly annoying to us all. Plus it exposed a rather gaping failure to grasp the six conditions for processing data under GDPR and the myth that consent is always the best or strongest condition.

Continue reading