ARTICLE
29 April 2022

UK Data Privacy Regulator Publishes Guidance Following Relaxation Of COVID Measures

LM
Littler Mendelson

Contributor

Littler Mendelson logo
With more than 1,800 labor and employment attorneys in offices around the world, Littler provides workplace solutions that are local, everywhere. Our diverse team and proprietary technology foster a culture that celebrates original thinking, delivering groundbreaking innovation that prepares employers for what’s happening today, and what’s likely to happen tomorrow
Explore Firm Details
In response to the government's relaxation on COVID-19 restrictions, the UK's data protection regulator, the Information Commissioner's Office (the ICO), ...
United Kingdom Privacy
Darren Isaacs and Deborah Margolis
Your Author LinkedIn Connections

In response to the government's relaxation on COVID-19 restrictions, the UK's data protection regulator, the Information Commissioner's Office (the ICO), has published guidance for employers on their data protection obligations.

By way of summary, the guidance makes the following recommendations to employers:

  • That they consider the emergency practices that they put in place during COVID-19 and decide whether the data they collect is still necessary. They should review their approach and ensure that it is still reasonable, fair and proportionate to the current circumstances, taking the latest government guidance into account.
  • That they assess any additional information which was collected and kept during the pandemic and if it is no longer required, that it should be confidentiality destroyed.
  • If they are still collecting vaccination information, they should be clear about what they are trying to achieve and how asking people for their vaccination status helps to achieve this objective. Employers' use of this data must be fair, relevant and necessary for a specific purpose and there must be a compelling reason to collect this information. The ICO also reminded employers that their reason for checking or recording vaccination status must be necessary and transparent. If employers cannot specify a use for this information and are checking it on a "just in case" basis, or if they can achieve their goal without collecting this data, they are unlikely to be able to justify collecting it.
  • That the existing data protection compliance requirements apply to collection of COVID-19 data, such as identifying a legal basis and conducting a risk assessment where data is likely to be a high risk to individuals.
  • Although they will need to manage positive cases in the workforce and will need to keep staff informed, they should avoid naming individuals wherever possible and should not provide more information than is necessary.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Darren Isaacs
Darren Isaacs
Photo of Deborah Margolis
Deborah Margolis
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More