The Information Commissioner’s Office has recently updated its Data protection and coronavirus information hub with useful questions and answers around customers, employees and CCTV recordings.
Examples of questions that may be relevant to your business include:
- Can I use CCTV or other forms of surveillance to monitor whether my employees are observing health and safety measures to respond to the COVID-19 pandemic?
- Can I use recorded CCTV footage to monitor who an individual has been in contact with, if they are subsequently diagnosed with COVID-19 or suffer symptoms?
- When they return to work, I want to carry out tests to check whether my staff have symptoms of COVID-19 or the virus itself. Do I need to consider data protection law?
- Can I share the fact that someone has tested positive with other employees? What do I need to consider if I am planning to disclose this information to third parties?
- Can we collect children’s contact details for contact tracing purposes?
- If we become aware that someone who has tested positive for COVID-19, should we report them to a contact tracing scheme?
Read the ICO article here.
In other ICO news, there have been several recent cases where monetary penalties and enforcement notices have been issued as a result of breaches of the rules around direct marketing.
In one example a company has been fined £100k for instigating the transmission of 21,166,574 unsolicited communications by email between 1 March 2017 and 31 March 2018.
In another example the company was fined £80k for making 270,774 unsolicited direct marketing calls to subscribers on the TPS register without valid consent between 1 January 2018 and 29 November 2018.
This is a reminder that you should carefully apply the data protection rules in your communications with your client base. If you are unsure, contact the legal advice line to discuss your scenario.
More information can be found here.