The ICO's Q&A do not disappoint, as their characteristic pragmatism and solution focused approach is evidenced by their attitude to privacy compliance data during this crisis.
To confirm the points we have highlighted in our Privacy do's and don'ts, the ICO confirms the following:
- Cutting some slack: The ICO understand companies may not be at the top of their privacy game right now, they don't plan to start fining companies for prioritising other things in this extraordinary period;
- It's all about security: Make sure that your security is up to scratch, especially with everyone working from home;
- Health and safety: You should keep staff informed about cases in your organisation. Remember, you probably don’t need to name individuals and you shouldn’t provide more information than necessary;
- Collect only the data you need: You have an obligation to protect your employees’ health, but that doesn’t necessarily mean you need to gather lots of information about them; and
- You can share data with health authorities: If, and only if, it's absolutely necessary.
During the pandemic, we are worried that our data protection practices might not meet our usual standard or our response to information rights requests will be longer. Will the ICO take regulatory action against us? No. We understand that resources, whether they are finances or people, might be diverted away from usual compliance or information governance work.