The UK Information Commissioner (ICO) has issued some advice for data controllers in recognition of the significant challenges being presented by the Coronavirus (COVID-19) pandemic.
Among other things, in a move that will no doubt come as a relief to many data controllers, the ICO has confirmed that, during the pandemic, it will refrain from taking regulatory action against organizations which may not meet their usual standards in relation to data protection if the ICO is aware that such organizations need to change their usual practices or focus on other issues during the crisis.
The advice also covers the following areas:
- the sending of public health messages regarding COVID-19 by healthcare organizations to individuals without prior consent;
- security measures to consider when staff work remotely;
- informing staff that co-workers may have contracted COVID-19;
- collection of health-related data regarding COVID-19 about visitors and employees; and
- the sharing of employees’ health information with authorities for the purposes of public health.
Among other things, the advice highlights the need for organizations to protect against serious threats to public health and ensure employees’ health and safety, while minimizing the collection and use of personal data and acting in an appropriate and proportionate way in response to the crisis.