UK’s data protection authority releases data protection guidelines for organizations in the context of COVID-19

The Information Commissioner’s Office (ICO), the UK’s data protection authority, has detailed the key steps organizations need to consider around the use of personal information in the context of the ‘COVID-19 recovery’. The six key data protection steps are: Only collect and use what’s necessary; Keep it to a minimum; Be clear, open and honest with staff about their data; Treat people fairly; Keep people’s information secure; Staff must be able to exercise their information rights. Information Commissioner Elizabeth Denham said: “Data protection does not stop you asking employees whether they are experiencing any COVID-19 symptoms or introducing appropriate testing, as long as the principles of the law – transparency, fairness and proportionality – are applied. The further guidance we have published today will help you comply with these principles, so people’s data is handled with care as we all continue our journey back to normality.”