News & Resources

The ICO issues advice on data protection during the coronavirus outbreak

  • Posted on

The UK's data protection regulator - the Information Commissioner's Office (ICO) - has provided some information on how preventing the spread of the COVID-19 virus interacts with data protection law.

In summary, the regulator has raised the following key points.

Organisations must work together to respond to the pandemic

Data sharing between bodies is regulated by data protection law. And, the ICO recognises that:

"The need for public bodies and health practitioners to be able to communicate directly with people when dealing with this type of health emergency has never been greater".

The regulator provides assurances to those working on the frontline that data protection law does not stop this happening:

"Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing. Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.

"The ICO is a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency".

Organisations that require support to share public data while remaining compliant can call the ICO's helpline on 0303 123 1113. There is alsoadvice for community groupson how to handle the data they need responsibly.

Data innovation will be of crucial importance

The ICO also stated its support of innovative uses of personal data for public benefit. However, this doesn't mean that data protection laws can or should be flouted. Instead, the ICO said that a "sound understanding of the principles of data protection can encourage innovation, rather than stand in its way".

At Hayes Connor, we share the ICO's view. Commenting on how apps and other technology is being used at this time, our managing director and data breach and cybercrime specialist Kingsley Hayes, said:

"Technological innovation during this unprecedented period of crisis may help official health organisations learn more about the coronavirus contributing to the global effort to contain and tackle the disease.

"Caution should be taken however, in relation to how personal information such as gender, age, medical information and location will be stored, processed and shared. At a time of crisis, these and other developments will be introduced quickly and will likely be adopted rapidly by the general public as we all come to terms with significant disruption.

"The organisations behind the apps should be transparent about how the collected confidential data will be used, stored and shared both during the pandemic and after.

"While technological advancements mean that some have been able to respond quickly to the crisis by introducing apps which may prove helpful, protecting confidential data - even in times of crisis - should remain a priority."

Working from home will be challenging for data protection

The ICO recognises this is a difficult time for many people, and that working from home can bring practical challenges. Again, this is something that Hayes Connor has spoken about over the last week or so. Commenting on this, Kingsley said:

"Technology facilitates the ease with which many businesses can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind."

To help organisations move to a homeworking model, the ICO's helpline remains open, and its website continues to provide a wealth of information on topics like cybersecurity for remote working.

Ways of working may have to change

Organisations must educate themselves to ensure data protection. And, the ICO has highlighted a range of helpful resources to help them remain data-safe at this challenging time. This includes:

People might have to answer some sensitive questions

The ICO has created a blog post to explain how organisations may need to handle your information. For example, your employer might ask for details about sensitive health conditions and recent travel. However, they shouldn't be asking for more information than is necessary, and if you are concerned, you should speak to the organisation involved.

You can read more about this here.

Personal information breaches can be devastating

As organisations navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is paramount.

Not least because, at Hayes Connor, we are already hearing about some serious and worrying data protection failures as a result of the pandemic. And, at a time when coronavirus is already having an impact on mental health, in some cases, the additional worry is proving devastating to victims.

Contact us