Privacy in a Pandemic

  • Posted

The current times are testing not just for individuals and organisation but also for privacy laws and the way in which organisations and authorities deal with the new challenges.

COVID19 Data

All organisations are collecting a new special category of personal data i.e. health information of their employees and possibly their family members or even visitors (in some cases). You may also be collecting data relating to individual’s travel history. Processing and collection of this data does not require consent and the processing is permitted under article 9 of GDPR – being necessary to protect “against serious cross-border threats to health”.

However, if you are collecting and processing such data, all other requirements of GDPR will still apply. These include conducting an impact assessment, data minimisation, purpose limitation and data security.

It is acknowledged that privacy laws are not designed to get in the way of efforts to safeguard public health and public interest at large. However, the way we all deal with data in the current circumstances will determine the privacy law for future unforeseen events.

The Information Commissioners Office [ICO] in the UK, and other authorities, has published guidance for organisation in these uncertain times. It is acknowledged by the ICO that businesses may need to change and adopt new policies at such a fast pace that their data protection practices may not meet usual standards. There is also an acknowledgement that businesses may struggle with resources in the time of lockdown – financial, human or otherwise.

The organisations should also consider and plan what they will be doing with the additional data collected during this period once the pandemic is over. Again, the principals of data minimisation and purpose limitation will apply, and you will need to consider a policy to deal with this new set of data collected.

Homeworking and privacy

Currently a large section of the workforce is working from home across the country and most organisations have had to adapt to complete remote working overnight. It is worth considering the impact on data privacy and general confidentiality measures and communicate them to staff. Providing practical advice to staff working from home is essential. This should cover issues such as saving any personal data on encrypted devices only and not on personal devices and using the CRM as far as possible rather than creating new excel spreadsheets of contact database.

Organisations should consider putting in place an appropriate remote working policy, providing guidance and clarity to staff and demonstrates compliance.

Contact our Corporate and Commercial team today

If you want to discuss any concerns relating to privacy laws in your business, please do not hesitate to contact our commercial team members on 03456 381381 or email corporate@ibblaw.co.uk