Keep data in lockdown while tackling the virus crisis

Businesses processing personal data need to keep protection of customer and employee data at the front of continuity planning as they tackle the coronavirus threat.

Staff are likely to be working remotely or in different circumstances which could make customer information more vulnerable to data breaches, and cyber-criminals are ratcheting up their fraudulent scams. Alongside, data relating to employee health during the pandemic may be subject to special security requirements.

Businesses are implementing contingency planning, with staff working from home and using domestic internet and possibly personal devices to access cloud-based software and systems, making it more important than ever to keep data safe and secure, as fines for data breaches will still apply.

The General Data Protection Regulation (GDPR) provides strict operating boundaries for businesses processing personally identifiable information about individuals with a statutory obligation to notify the regulator of any breach which places an individual’s personally identifiable information at risk.  It also gives wide ranging power to the UK’s data regulator, the Information Commissioner’s Office (ICO), who can impose high penalties for breaches.

“Tackling the threat of coronavirus is taking us into unchartered territory,” explained Jane Crosby of Hart Brown Solicitors, “And while data protection law doesn’t stand in the way of homeworking, or the use of personal devices, it demands even greater attention to security measures, as the ones that you use in the office will need to be tailored to suit these new circumstances.

“The human element is often the reason for data breaches and without direct supervision and colleagues to consult, these may be more likely to happen.  Certainly, there are reports of a steep rise in attempted cyber fraud, with many more phishing emails, malware and social engineering, where fraudsters dupe staff into revealing information or making money transfers.”

The other major threat to data security during the crisis is the handling of individual information about staff and visitors who have travelled to high risk areas, symptoms, test results and when self-isolation has taken place.  This is personal data protected by GDPR, but where it concerns health it may be special category data under Article 9 of GDPR, which requires special security measures.

Such information should be collected and used only as absolutely necessary in managing risk and should not be retained unless essential, such as for an insurance claim.

Jane added: “Ideally the management and sharing of information is set out in a policy so you know who to tell and what information is shared with whom.  So, for example, the ICO has said that it is OK to inform other staff if someone tests positive, or is suspected of having contracted the virus, so as to protect the health and safety of all, but to avoid naming those individuals.”

The ICO has published advice to help organisations in facing up to the data management challenge and while they say they will be pragmatic about matters such as speed of response to information requests during the crisis, there is no suggestion that they will accept reduced standards of data security.

“Organisations will be struggling to keep pace in this fast-changing environment,” added Jane.  “It’s important to make sure you don’t drop the ball when it comes to data.  If you end up with a breach and compromised data when you come out the other end it will be a serious issue. The ICO has the power to impose fines of up to €20m or 4% of total worldwide turnover and the damage to corporate reputation can be immense.”

 

This is not legal advice; it is intended to provide information of general interest about current legal issues.

Share

Jane Crosby

Partner, Dispute Resolution & Accredited Mediator

Jane is an employment and commercial litigation solicitor of more than 15 years' experience. Prior to entering the legal profession, Jane was employed in the...

Partner, Dispute Resolution & Accredited Mediator

Jane Crosby

Jane is an employment and commercial litigation solicitor of more than 15 years' experience.

Prior to entering the legal profession, Jane was employed in the aviation industry. This experience is appreciated by many of Jane's clients who note that she is able to take a commercial and pragmatic approach to any legal issue that they face.

Jane acts for a wide range of individuals and businesses and her areas of specialism include aviation, property related industries and IT. Jane regularly advises on aspects of employment law, such as settlement agreements, employment contracts, policies and procedures, redundancies, equal pay, data protection, issues arising from TUPE and reorganisations, the calculation of holiday pay, bonus and commission payments, disciplinary and grievance issues, dismissal and termination issues, the protection of confidential information and the enforcement of restrictive covenants. Jane gets involved in GDPR training for her clients and she is able to deliver tailored employment law training sessions upon request.

As a commercial litigation lawyer, Jane also deals in shareholder and directors disputes, commercial contract disputes and the enforcement of restrictive covenants.

Jane has been involved in successful high value commercial litigation for clients in the High Courts, she is an accredited mediator and she is a member of the Employment Lawyers Association.

Jane is often asked to write for a number of well known publications, including The Daily Mail, The Telegraph and The Week and she has been interviewed on BBC Radio 4.

Here is small selection of the feedback that Jane has received:

“Jane, I cannot sincerely thank you enough for your wise counsel and am delighted to have made your acquaintance. If I am blessed with a new position somewhere I will hand over my contract in the first instance to you. Likewise, any of my friends, peers, romans and countrymen wanting advice, I will point them in your direction.”

“Jane, you have been most resilient on my behalf for which I sincerely thank you for all your endeavours. I have a tremendous working relationship with Hart Brown and you have undoubtedly compounded this further."

“I appreciated the clarity of advice given at a stressful time”.

“A sensitive and highly professional approach and efficient work in the interests of the client”.

“Your advice, conduct and assistance have been indeed outstanding and very professional but also – and most importantly – very humane”.

Head Office

Resolution House
Riverview
Walnut Tree Close
Guildford
Surrey
GU1 4UX

Your Local Office

Guildford - 01483 887766
Cobham - 01932 576789
Cranleigh - 01483 887515
Godalming - 01483 887766
Woking - 01483 887766

Hart Brown Solicitors is the trading name of Hart Brown LLP registered in England and Wales No. OC 425835 whose registered office is Resolution House, Riverview, Walnut Tree Close, Guildford, GU1 4UX and is authorised and regulated by the Solicitors Regulation Authority (SRA) No. 658593. Members: N Maud, T Pearce, D Knapp, R Campbell and P Grimwood, Partners: J Crosby, L Harrhy, J Jupp, J Lamont, T Mandelli, V McMurtrie, E Moore, S Osborne, S Powell and G Sanders.

Any reference to a partner in relation to Hart Brown LLP means a member or an employee with the title of Partner of Hart Brown LLP.

© Copyright Hart Brown LLP 2020 - All Rights Reserved. VAT registration no. 211372705