Government launches a consultation on sexual harassment in the workplace

Under the Equality Act 2010, employers can be held legally responsible for sexual harassment of their staff at work, if the harassment is carried out by a colleague and the employer did not take all steps they could to prevent the harassment from happening.

Whilst the government considers this law effective, it has recognised the issues and deficiencies highlighted by the #MeToo movement in recent years.

The government has launched a consultation which includes both a technical review of the law and calls for responses from individual members of the public. The consultation will explore:

  • How to ensure employers take all steps necessary
  • Whether employers should be responsible for third party harassment, such as from customers and clients
  • Whether there are temporary staff, such as interns, who are not currently protected by the law
  • How to manage protections for volunteers
  • Whether the three-month time limit for bringing an equality claim to an employment tribunal is denying people justice

Separately, the government recently consulted on the use of non-disclosure agreements and wider confidentiality clauses in sexual harassment cases and plans to publish its plans in that area in due course.

An important aspect the government has noted is that harassment can relate to any protected characteristic (excluding pregnancy and marriage), so any strengthening of the laws against sexual harassment would likely apply to harassment and discrimination against other protected characteristics such as race, religion and LGBTQ people.

What are the government’s plans?

Along with the consultation, the government is already planning and reviewing a number of steps to support compliance with the law. This includes:

  • A statutory Code of Practice on sexual harassment at work which will outline ‘all reasonable steps’ employers must take to prevent harassment. This will likely include mandatory training for all staff. 
  • A new mandatory duty on employers to protect workers from harassment in the workplace. This would shift employer liability from after the incident of harassment to a pro-active duty to prevent it before unlawful conduct has taken place, and send a strong signal to employers that they must prioritise prevention.
  • Allowing enforcement of the new duty by individuals, and not just the Equality and Human Rights Commission (EHRC). This could allow employees to raise legal action against their employer for failing to take ‘all reasonable steps’ to prevent harassment, even if they themselves have not been harassed. 
  • Employers having to publish a board-level report including the rates of harassment complaints and the number of staff citing problems with harassment or the wider workplace culture. 
  • Explicit protections in the Equality Act against third party harassment, making the employer liable for third party harassment where they ‘ought to know’ about an incident, with having taken ‘all reasonable steps’ as a defense.
  • Extending Equality Act protections to all volunteers and interns.
  • Extending time limits for bringing Equality Act cases to an Employment Tribunal from three months to six months.
  • How confidentiality clauses and non-disclosure agreements can be reformed.

What your organisation can do

Gif showing new Diversity and inclusion course
MyStory: Diversity and inclusion at work is best completed with headphones in so users can listen to impactful accounts of workplace discrimination

The consultation is open until 2 October 2019, but it is not too early to start preparing for your corporate response now:

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.