Further to our earlier blog on the data protection aspects of responding to COVID-19, we note that the ICO have now issued guidance on the matter, answering some of the key questions for organisations, businesses and employers.

This is helpful guidance, issued under a statement aimed at public bodies and health practitioners, (so could easily be overlooked), but is very relevant to the issues and worth reading in full.

In summary, the guidance covers questions on:

  • Data protection compliance (there is an understanding that resources might be diverted from the usual compliance efforts at this time);
  • Contacting individuals (the sending of public health messages without consent);
  • Homeworking for staff (and security measures needed);
  • Telling staff that colleagues may have potentially contracted COVID-19 (you can, subject to safeguards – read on);
  • Collecting health data (you can, but read on for how best to do this); and
  • Sharing information with authorities (you can, if it is necessary).

The ICO has stated that the safety and security of the public is their primary concern, which is reassuring and sensible, whilst maintaining that data protection principles still apply.