Allen & Overy LLP

Covid-19: CJRS extended until March 2021

The Coronavirus Job Retention Scheme (CJRS) has been extended until March 2021 (meaning the Job Support Scheme did not begin on 1 November) – the government had earlier announced that the CJRS would be extended by a month, before deciding to extend it until March next year. 

Full guidance on the latest CJRS extension is due to be published on 10 November, with some details currently available in this policy paper. Employers will be able to fully furlough employees, or use flexible furlough. For claims between 1 November 2020 and 31 January 2021, employers will be able to claim a grant for 80% of usual wages (capped at £2,500 per month and proportionate to the hours not worked) per employee for the time the employee spends on furlough. Employers will not be able to claim for employer national insurance contributions or pension contributions, and will need to pay these contributions in line with scheme rules. Employers may choose to top up employee wages above the maximum salary threshold at their own expense. 

The government will conduct a review in January to decide whether employers should contribute more under the scheme.

Prior to the latest announcement, the Pensions Regulator (TPR) had updated its Covid-19 guidance on autoenrolment contributions and technical guidance for large employers to reflect the Kickstart programme, and the one-month extension of the CJRS (and postponement of the Job Support Scheme).

ICO fines Marriott £18.4m

The Information Commissioner's Office (ICO) has fined Marriott International Inc £18.4 million for failing to keep the personal data of millions of customers secure. In July 2019, the ICO announced that it intended to fine Marriott over £99 million, but has decided to impose a lower fine (partly due to the economic impact of Covid-19). 

In 2016, Marriott acquired a company (Starwood). In 2014, Starwood’s IT systems had been compromised by an unknown attacker, but this was not identified until September 2018. The ICO’s penalty notice reflects the ICO’s finding that Marriott failed to put appropriate technical or organisational measures in place in the Starwood systems to protect personal data and relates to the period after the General Data Protection Regulation came into force in May 2018. In particular, the ICO noted four principal failures: insufficient monitoring of privileged accounts; insufficient monitoring of databases; inadequate control of critical systems; and a lack of encryption in some cases. The penalty notice mentions some of the measures that Marriott could have used.

This is the second largest fine imposed by the ICO to date, following the recently announced fine for British Airways (WNTW, 26 October 2020). 

Pension Schemes Bill update

The Pension Schemes Bill has completed its Committee stage in the House of Commons (updated Bill here); the remaining Commons stages of the Bill are scheduled for 16 November 2020. 

No changes were made to the proposed new TPR powers or the high-profile new criminal offences at Committee stage. Restrictions on statutory transfer rights (via a regulation-making power) are going ahead unchanged, after the withdrawal of a proposed amendment; the Work and Pensions Committee has published further correspondence with the Pensions Minister on this issue. Non-government amendments made in the Lords have been removed – these related to collective DC schemes, pensions dashboards, and requirements for future regulations on scheme funding (to ensure that open DB schemes would be treated differently to closed schemes).