Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing. Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.
The ICO is a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency.
The safety and security of the public remains our primary concern. The ICO and our colleagues in the public sector have this at the forefront of our minds at this time. We are here to help our colleagues on the frontline. We can offer advice to make sure the law around data protection and direct marketing is clear. Information is available on our website or you can call our helpline on 0303 123 1113.
Data protection and coronavirus: what you need to know
We know you might need to share information quickly or adapt the way you work. Data protection will not stop you doing that.
- During the pandemic, we are worried that our data protection practices might not meet our usual standard or our response to information rights requests will be longer. Will the ICO take regulatory action against us?
No. We won’t penalise organisations that we know need to prioritise other areas or adapt their usual approach during this extraordinary period.
- As a healthcare organisation, can we contact individuals in relation to COVID-19 without having prior consent?
Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing.
- More of our staff will be homeworking during the pandemic. What kind of security measures should my organisation have in place for homeworking during this period?
Data protection is not a barrier to increased and different types of homeworking. During the pandemic, staff may work from home more frequently than usual and they can use their own device or communications equipment. Data protection law doesn’t prevent that, but you’ll need to consider the same kinds of security measures for homeworking that you’d use in normal circumstances.
- Can I tell my staff that a colleague may have potentially contracted COVID-19?
- Can I collect health data in relation to COVID-19 about employees or from visitors to my organisation? What about health information ahead of a conference, or an event?
You have an obligation to protect your employees’ health, but that doesn’t necessarily mean you need to gather lots of information about them.
It’s reasonable to ask people to tell you if they have visited a particular country, or are experiencing COVID-19 symptoms.
- Can I share employees’ health information to authorities for public health purposes?
For more information please visit, https://ico.org.uk/for-organisations/data-protection-and-coronavirus/