Search Hill Dickinson

Safety first; ICO confirms data protection laws do not stifle efforts to contain coronavirus

Details

On 12 March 2020, the ICO (Information Commissioner’s Office) issued a statement addressing concerns that data protection laws may impact on attempts to deal with the coronavirus.

The UK regulator confirmed ‘Data protection and electronic communication laws do not stop government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing. Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health’.

Further, the ICO emphasised that it is ‘reasonable and pragmatic’ and will ‘take into account the compelling public interest in the current health emergency’ on matters of compliance. That means:

  • The ICO is unlikely to take action against organisations unable to respond to data subject access requests within the statutory deadline while resources are limited or diverted elsewhere.
  • It is reasonable to seek and hold health information relevant to the coronavirus, such as countries visited or symptoms experienced. Organisations should still only collect the data they need and appropriate safeguards should be put in place.
  • Information of an employee’s actual or suspected case of coronavirus may be shared with an organisation’s wider workforce and/or public authorities, though it will often not be necessary or proportionate to name the individual in question.

(Specific considerations apply to healthcare providers sharing such information about patients - read our seperate FAQs for NHS organisations).

Data protection is also not a barrier to asking or requiring employees to work from home, which is likely to increase significantly during the pandemic, though the usual kinds of security measures ought to be taken (for example, passwords for devices, the encryption of personal data, the ability of an organisation to ‘remote wipe’ devices). Organisations should also ensure they have appropriate policies in place so that employees are clear on appropriate uses of personal data and the steps to take in the event of a data security breach.  

The ICO’s statement reflects the position adopted by regulators in other countries and will be welcome news for many businesses, who will be prioritising the welfare of their employees and business continuity during this challenging time.

For further updates and other articles discussing the impact of the coronavirus please view our coronavirus hub.

Dispute resolution

We can help you resolve business disputes through negotiation, mediation, arbitration or litigation. Our aim is to achieve resolution quickly and efficiently and to minimise the impact of a dispute on your day-to-day operations.

Where possible, we try to settle disputes without recourse to legal proceedings. However, when this is unavoidable, our very experienced and tenacious team will vigorously pursue a strategy set to achieve a successful outcome for you.

Clients in manufacturing, service industries, retail plcs, owner-managed businesses, accountants and other professionals rely on our clear, pragmatic advice, expert technical analysis and sound understanding of their business problems and commercial objectives.