Recently, the ICO published a statement about the use of mobile phone tracking during the COVID-19 crisis. The statement provided that generalised location data, where properly anonymised and aggregated, does not fall under the remit of data protection laws. In addition to this statement, the government has now set out further information on how it intends to use data during the pandemic.
Continue Reading The UK Government Sets Out How it Will Use Data During the Pandemic
ICO’s Data Protection and Coronavirus Information Hub
The ICO has created an information hub for organisations and individuals with guidance on how to tackle data protection issues in their response to COVID-19. The ICO’s main message is that the data protection law will not stop organisations in responding to the crisis.
The hub contains several sections dedicated to organisations, individuals concerned about their personal data, community groups assisting the vulnerable, and healthcare professionals.
In a section dedicated to data controllers, the ICO has published responses to FAQs reflecting the questions its helpline has received in the past few weeks, including guidance on the following:
Continue Reading ICO’s Data Protection and Coronavirus Information Hub
Protecting Data During the Covid-19 Crisis
The Covid-19 virus has forced substantially increased numbers of employees to work from home, potentially for an extended period of time. Against an already cluttered landscape of other business-critical issues they have to deal with, businesses also need to be mindful of the increased risk to cyber, and other types of data security, that this presents. This risk is amplified where employees are required to use personal devices to access business information, due to the limited supply of work devices.
Continue Reading Protecting Data During the Covid-19 Crisis
Business in the time of COVID-19: US Cybersecurity and Privacy Issues for You to Consider
The current COVID-19 pandemic raises some significant issues and risks relating to cybersecurity and data privacy in the US that should be considered carefully and addressed appropriately. Concerns range from cybercriminals targeting a newly-remote workforce with clever phishing scams that prey on the environment of uncertainty, to worries that the crisis will give cover to expanded and potentially problematic uses of technologies such as geolocation and facial recognition. Many businesses are unsure of whether and how to collect and disclose their employees’ health information under applicable privacy laws during an outbreak of infectious disease such as we are experiencing. This article addresses these and other data protection-related issues businesses are facing and offers some helpful guidance on mitigating such issues.
Continue Reading Business in the time of COVID-19: US Cybersecurity and Privacy Issues for You to Consider
Further Update from ICO on COVID-19 and Individuals
The ICO has updated its own blog with more helpful information, this time for individuals who may be worried about the increased processing of their own personal data and sensitive information, in light of the ongoing COVID-19 crisis.
Of interest to businesses and employers, is the recognition that whilst employees might think requests for information
Recommendations by the CNIL in the Context of COVID-19
On March 6, 2020, the CNIL published recommendations on the collection of personal data in the context of COVID-19. Health data is particularly protected within the framework of a series of regulations (notably GDPR, French Data Protection Act and French Public Health Code).
Restrictions
The CNIL insists that employers cannot take measures likely to impair the privacy of the data subjects, in particular, by collecting health data that would go beyond the management of suspected exposure to the virus.
For example, employers must refrain from collecting in a systematic and generalized manner, or through individual inquiries and requests, information relating to the search for possible symptoms presented by an employee/agent and their relatives. It is, therefore, not possible to implement, for example:
Continue Reading Recommendations by the CNIL in the Context of COVID-19
Update – ICO Issues Guidance on Data Protection and Coronavirus (COVID-19)
Further to our earlier blog on the data protection aspects of responding to COVID-19, we note that the ICO have now issued guidance on the matter, answering some of the key questions for organisations, businesses and employers.
This is helpful guidance, issued under a statement aimed at public bodies and health practitioners, (so could easily
Data Protection Issues Raised by Guidance and Efforts to Prevent the Spread of COVID-19
As government agencies and businesses attempt to deal with the ramifications of Covid-19, the potential impact on privacy rights should not be overlooked. Certain measures that are under consideration to help combat the threat of the Covid-19 virus raise a number of questions about the practical impact of current guidance and efforts to prevent the spread of infection. Clearly, in light of the serious global threat posed by this virus, application of the data protection must be proportionate. We examine the two questions frequently asked questions from our clients:
- Can you ask employees about their travel plans (either before or after a holiday abroad)?
- Can you require employees to undergo a medical examination or submit to tests to check their temperature?