The Information Commissioner's Office (ICO) has published further data protection advice for organisations during the recovery phase of the coronavirus pandemic as lockdown restrictions start to ease. The advice is broken into four sections covering: 

  • the ICO's regulatory approach during the pandemic and the recovery phase
  • testing – this section contains guidance for employers and organisations that are planning on asking people if they have experienced coronavirus symptoms or are planning to introduce testing
  • surveillance – this section contains guidance for employers and organisations that are planning on using CCTV, thermal cameras or other surveillance methods as part of testing or ongoing monitoring of staff
  • individual rights – this section explains people’s rights in relation to their personal data and how employers and organisations can comply.

It also incorporates guidance previously issued, for example on workplace testing.

In addition, the ICO has published six data protection steps for organisations, setting out the key principles they need to consider around the use of personal data.  The six key steps are:

  1. Only collect and use what is necessary.
  2. Keep it to a minimum.
  3. Be clear, open and honest with staff about their data.
  4. Treat people fairly.
  5. Keep people’s information secure.
  6. Staff must be able to exercise their information rights.

In publishing the new advice and six key steps, the Information Commissioner stated that “Data protection does not stop you asking employees whether they are experiencing any COVID-19 symptoms or introducing appropriate testing, as long as the principles of the law – transparency, fairness and proportionality – are applied”.

Source: New feed