View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Policy
March 17, 2020

ICO Vows “Reasonable and Pragmatic” Flexibility on Data Protection, During Outbreak

"Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health"

By CBR Staff Writer

The UK’s data watchdog has acknowledged that COVID-19 is causing massive disruption to the way organisations are operating, and suggested that it will take a soft-touch approach towards organisations unable to meet statutory data protection requirements during the outbreak.

The ICO also said that it will not “penalise” organisations that are unable to handle information or data requests in a timely manner — welcome news as many firms’ ability to process and action GDPR requests will be severely limited as resources are diverted to ensuring newly remote workforces are bedding in to working from home.

Under GDPR organisations have one month from receiving a data request to respond. In special circumstance a two-month extension can be granted. If data compliance officers are working from home they may be unable to access any records that are not stored digitally in accessible systems, thus hampering their ability to respond.

The ICO stated: “We can’t extend statutory timescales, but we will tell people through our own communications channels that they may experience understandable delays when making information rights requests during the pandemic.”

In comments directed at those querying the actions of public health organisations, it added: “Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health… Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing.”

Looking after the Workforce

The ICO is also informing organisations that if a member of their staff is suspected of contracting COVID-19 then they are fully able to pass this information onto that person’s colleagues. Employers have an obligation and a duty of care to the greater workforce in situations like this. However, disclosing the person’s identity should be avoided if possible to help protect that persons personal data.

The Irish data authority, meanwhile, is advising that “disclosure of this information may be required by the public health authorities in order to carry out their functions.”

Content from our partners
Signs your accounting software is no longer fit for your growing business
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion

When it comes to a company’s employees and their health the data authorities stress that just because you are concerned about workers health doesn’t mean you should start collecting unnecessarily amounts of health data from them.

Yet, it is “reasonable” to ask employees and visitors if they have visited a country that is experiencing the worst of the COVID-19 pandemic.

ICO stated on the pandemic that it is a “reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency.”

See Also:  Google Fined, Clashes with Data Protection Authority over Right to Be Forgotten

Topics in this article: , , , ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU