Client Advice Blog – Covid19
Considering current events and the advice from the UK government for businesses to operate remotely, where possible, this has highlighted some data protection concerns amongst some of our clients.
We would like to reassure our clients and the public that our business will continue to provide remote services. We are ready and available to provide our usual range of services, which include (but are not limited to) general business continuity planning and assisting with subject access requests.
The Information Commissioner’s Office (ICO) have deemed the current situation as an ‘extraordinary period’ and provided reassurances that the handling of data protection matters will be in manner that is reasonable and pragmatic. The ICO’s advice is to ensure that data protection practices such as security measures are applied to homeworking. For more information on this, click here to visit the ICO’s website.
The welfare of our clients, employees and the public are important to us therefore, we ask that you keep yourself informed and up to date by checking the government’s advice regarding Covid19 by regularly checking the NHS’s website for the latest information.
We advise the following general information concerning data protection:
- If an employee or a customer have reported to you that they are in self-isolation for suspected or a confirmed of Covid19, this is considered special category personal data and therefore, warrants extra protection when handling this information.
- In order to protect your employees, staff, volunteers or contractors, any reported self-isolation circumstances or confirmed cases should be raised with those individuals who will or may have encounter the suspected/confirmed customer(s). Your organisation has an obligation under Health and Safety Laws to protect such individuals. For more information, please click here for the Health and Safety at Work Act 1974 and The Management of Health and Safety at Work Regulation 1999. There may be other legislation/law/regulation that may be applicable in the given situation, but this is something that you’ll need to seek advice from your legal team or research.
- The lawfulness of processing or sharing any special category personal data or personal data will vary depending on the purposes and uses. Please reach out to [email protected] who can assist with establishing the most appropriate basis.
- Where you operate frontline customer service or contact centre, we would advise that training is provided to employees on how to recognise and react to such reported sensitive matters from customers, tenants or public.
- We would advise that you run some form of communication campaign to provide advice to your employees and customers on the given situation along with any recommendations or advice for them.
- If your organisation is issuing portable media devices such as phones or laptops, please ensure that appropriate security controls have been applied to protect your organisation’s data in the device is lost or stolen.
- If your organisation has authorised individuals to use their personal devices to access data, please ensure that IT practices, Data Protection Policies and Acceptable Use or similar policies are enforced.
- We recommend that you remind employees or other individuals of their obligation to protect data and apply the same security and data protection controls when homeworking or remotely.
- When reviewing your business continuity plan please ensure that data protection controls are considered and embedded by design and default.
We will continue to keep our clients and yourselves updated with any advice applicable.
Please contact us if you have any questions or would like any data protection support.