View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
May 6, 2020

ICO Warns It Will Punish Those Abusing Data During COVID-19 Outbreak

“We are identifying and taking action against those seeking to use or obtain personal data unlawfully or inappropriately during COVID-19"

By CBR Staff Writer

The Information Commissioner’s Office has tweaked its approach to the changing data environment that the COVID-19 pandemic is causing, as the data watchdog warns that it has narrowed its focus on the data risks created by efforts to tackle the COVID-19 outbreak.

Information Commissioner Elizabeth Denham commented that: “My office’s role is to be both an enabler and a protector. We must reflect the requirements and reality of those we regulate, and engage on how data protection can enable innovation that can respond to the pandemic. And the onus is on us to provide that expertise and input at pace.”

When it comes to a company’s employees and their health the data authorities stress that just because you are concerned about workers health doesn’t mean you should start collecting unnecessarily amounts of health data from them.

The ICO has warned that: “We are identifying and taking action against those seeking to use or obtain personal data unlawfully or inappropriately during COVID-19 so that the public and businesses feel confident that the ICO is protecting them at this time when they may be especially vulnerable to financial or other loss.”

ICO Will Go Easy on Late Submissions

The ICO informed organisation at the start of the pandemic that it would be understanding of the limitations that smaller firms were under and that they may not be able to process data requests on time.

The ICO also said that it will not “penalise” organisations that are unable to handle information or data requests in a timely manner — welcome news as many firms’ ability to process and action GDPR requests will be severely limited as resources are diverted to ensuring newly remote workforces are bedding in to working from home.

Under GDPR organisations have one month from receiving a data request to respond. In special circumstance a two-month extension can be granted. If data compliance officers are working from home they may be unable to access any records that are not stored digitally in accessible systems, thus hampering their ability to respond.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The ICO stated: “We can’t extend statutory timescales, but we will tell people through our own communications channels that they may experience understandable delays when making information rights requests during the pandemic.”

In comments directed at those querying the actions of public health organisations, it added: “Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health… Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing.”

See Also: Domain Registrar GoDaddy Admits to a Data Breach From October

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.