2020-03-20
Legal Articles

Data protection in light of coronavirus

Home / Knowledge base / Data protection in light of coronavirus

Posted by Claire Halle-Smith on 20 March 2020

A statement recently published by the ICO confirms its understanding that the processing of personal data may be affected by the needs of an organisation when addressing the impact, and attempting to limit the spread, of the coronavirus (Covid-19) pandemic.

This will give some comfort to organisations who may need to share information quickly, where, for example, employers need to share information with healthcare authorities or to enable remote working, or within the healthcare sector where the timely sharing of information is required to administer treatment and to maintain open communications during this challenging time. 

Public health messages can be sent using electronic means without them constituting direct marketing, and other technologies can be used to facilitate consultations and diagnoses. It is also reasonable for organisations to request information as to a country a person has visited, or if a person is displaying any Covid-19 symptoms.

Keep staff informed

Health and safety obligations enable an employer to keep staff informed about cases or potential cases of Covid-19 within its organisation provided it does not disclose employee names or provide more information than is necessary.

Security measures

In all cases, organisations must be mindful of collecting more information than required and ensuring appropriate security measures are implemented with respect to such processing.

Proportionality, therefore, continues to be the prevalent consideration in any processing activity, the message from the ICO being that ‘if something feels excessive from the public’s point of view, then it probably is’.

As to other processing activity, a delay in complying with, say, responding to an individual’s rights request, is unlikely to attract any penalties where there is a need for the organisation to prioritise other areas, although statutory timescales will not be relaxed.

Conclusion

The concluding message is that data protection legislation will not prevent an organisation managing the impact of Covid-19 on its business, but it should continue to bear in mind the principles under the legislation and pay particular attention to the security of the data concerned.

About the author

Claire Halle-Smith

Senior Associate

Claire’s experience in-house coupled with her ten plus years’ advising on data privacy matters enables her to identify those key issues facing an organisation and to provide practical, solutions-based advice.

Claire Halle-Smith

Claire’s experience in-house coupled with her ten plus years’ advising on data privacy matters enables her to identify those key issues facing an organisation and to provide practical, solutions-based advice.

Recent articles

11 August 2020 Medical negligence; pressure sores

Pressure sores are painful debilitating injuries which should not occur if you or your loved one is being cared for and nursed in the most supportive way.

Read article
07 August 2020 Protecting your chances of getting paid; retention of title clauses

A retention of title clause is a term within a contract for the sale of goods which states that the seller retains ownership of the goods until specified obligations are fulfilled by the buyer.

Read article
05 August 2020 Privilege: Protecting your business communications

Privilege can entitle a party involved in court proceedings to withhold a document from their opponent or to deny access to regulators and enforcement agencies.

Read article
Contact
How can we help?
01926 732512
CALL BACK