Business going online – Data Protection and COVID-19

  • Posted

With many businesses moving to working from home in the wake of COVID-19, Data Protection could be uncharted territory for some of them.

The Information Commissioner’s Office (ICO) has said that it understands the importance of public bodies and health practitioners to be able to communicate with people.

Communications by the Government, the NHS or any other health professionals of public health messages do not require consent as they do not constitute direct marketing.  Similarly, statutory bodies are also able to collect and share more personal data via new technology which will help enable them to protect the public.

What about businesses and their employees?

The ICO has provided information to answer some key questions, including on home working and sharing information about staff who may have caught the virus.

  • Security Measures for Home Workers – Businesses should aim for the same kind of security measures to apply to home workers as to those in the office:  it will be appropriate to extend the same anti-virus software and encrypted messaging facilities to all communications involving home workers.
  • Informing Staff of COVID-19 cases ­- Businesses should keep staff informed about cases of COVID-19 within the organisation but it is not necessary to share the name of any person, except, perhaps, in order to inform their immediate colleagues who may need to self-isolate.
  • Employee Health Data – In collecting data about employees’ health, businesses need to be considerate about how much and what type of data they are collecting.  Anything which might seem excessive to a member of the public would probably be seen as such by ICO.  It is not unreasonable to ask staff, clients or customers whether they have travelled abroad recently or been in contact with anyone with COVID-19 symptoms, but any health data which is collected should be processed with appropriate safeguards.
  • Sharing Health Data with Authorities – In the unlikely event that a business is asked to share the data which it holds on employees’ health in relation to COVID 19, this can be disclosed to the NHS and other statutory authorities on the grounds of public interest. 

As ever, the ICO’s website is an extremely helpful resource and is well worth setting as a “favourite” on your website browser.

Author: Polly Taylor, Commercial Team