Elizabeth is a Solicitor who works in the Commercial team.
She advises clients on all aspects…View Profile View all
As an organisation, you may find that you need to share information quickly, but how does this work in these uncertain times? Is there any flexibility with the rules?
The Information Commissioner’s Office (ICO) has issued guidance on its expectations on compliance with data protection laws during the current coronavirus pandemic.
Data protection laws still apply as usual, albeit, the ICO will take into account the compelling public interest in the current circumstances.
Points to note from the ICO guidance include:
Collection of specific health data
The ICO accepts that whilst your organisation has an obligation to protect its employees’ health, this does not mean that you can gather an excessive amount of information about your employees. The ICO have advised that:
Under data protection laws, information relating to health is “special category data” and is subject to a higher degree of protection than other types of personal data. As such, if processing health data, an organisation must ensure that it continues to adhere to the additional legal requirements for processing the same.
Notification to Employees
Organisations should keep employees informed of potential coronavirus cases within the organisation; however, specific individuals should not be named, nor should more information be provided than is necessary.
Meeting statutory deadlines
The ICO has confirmed that although it is unable to extend statutory timescales, it will not penalise organisations that need to prioritise other areas or adapt its usual approach to data handling, as a result of coronavirus. This is important in the context of responding to subject access requests and other requests from individuals to exercise their rights under data protection law. Given that the statutory deadlines still apply as usual however, we advise exercising a cautious approach and adhering to usual strategies for meeting those deadlines.
Working from home
The ICO acknowledges that data protection is not a barrier to homeworking. Despite the increase of homeworking and use of personal devices for work, your organisation must still ensure adequate security measures are in place and that policies are followed. Network security and the safeguarding of personal data should not be overlooked.
Advice to organisations
In current circumstances, we understand that you may have questions and concerns around the use and disclosure of personal data, and meeting statutory deadlines. Our team are happy to provide advice and support.
To discuss this article, or for further guidance in relation to data protection matters, please contact Elizabeth Tovey, a solicitor in our commercial team. Phone 0113 849 4049 or email email@example.com.