2020-03-20
Legal Articles

Data protection in light of coronavirus

Home / Knowledge base / Data protection in light of coronavirus

Posted by Claire Halle-Smith on 20 March 2020

A statement recently published by the ICO confirms its understanding that the processing of personal data may be affected by the needs of an organisation when addressing the impact, and attempting to limit the spread, of the coronavirus (Covid-19) pandemic.

This will give some comfort to organisations who may need to share information quickly, where, for example, employers need to share information with healthcare authorities or to enable remote working, or within the healthcare sector where the timely sharing of information is required to administer treatment and to maintain open communications during this challenging time. 

Public health messages can be sent using electronic means without them constituting direct marketing, and other technologies can be used to facilitate consultations and diagnoses. It is also reasonable for organisations to request information as to a country a person has visited, or if a person is displaying any Covid-19 symptoms.

Keep staff informed

Health and safety obligations enable an employer to keep staff informed about cases or potential cases of Covid-19 within its organisation provided it does not disclose employee names or provide more information than is necessary.

Security measures

In all cases, organisations must be mindful of collecting more information than required and ensuring appropriate security measures are implemented with respect to such processing.

Proportionality, therefore, continues to be the prevalent consideration in any processing activity, the message from the ICO being that ‘if something feels excessive from the public’s point of view, then it probably is’.

As to other processing activity, a delay in complying with, say, responding to an individual’s rights request, is unlikely to attract any penalties where there is a need for the organisation to prioritise other areas, although statutory timescales will not be relaxed.

Conclusion

The concluding message is that data protection legislation will not prevent an organisation managing the impact of Covid-19 on its business, but it should continue to bear in mind the principles under the legislation and pay particular attention to the security of the data concerned.

About the author

Claire Halle-Smith

Senior Associate

Claire is a senior associate with extensive in-house commercial experience within the social care sector. Claire acts for a wide range of clients, from individuals and small businesses to larger, multi-national organisations.

Claire Halle-Smith

Claire is a senior associate with extensive in-house commercial experience within the social care sector. Claire acts for a wide range of clients, from individuals and small businesses to larger, multi-national organisations.

Recent articles

29 May 2020 Return to the workplace risk assessments

Following recent Government announcements, the time has come to consider a phased return to places of work. Obviously, given the unprecedented nature of Covid-19, such a process will be riddled with confusion for both employers and employees – how will the return to work operate?

Read article
28 May 2020 Guide to restrictive covenants

Employment and consultancy contracts often contain clauses restricting an individual’s working activity when they leave a business. These clauses, ‘post termination restrictive covenants’, typically restrict the ex-staff member’s ability to work in competing businesses, to deal with clients, to try to win business from them, or to poach other staff members.

Read article
28 May 2020 Could COVID 19 bring the end of high rise and cramped living?

On 14 June it will be three years since the Grenfell tower tragedy, global warming is adversely affecting the environment causing floods and other natural disasters, and the country is on lockdown because of coronavirus.

Read article
Contact
How can we help?
01926 732512
CALL BACK