Coronavirus - Community Groups and Data Sharing

A positive development to the otherwise unsettling situation is to see how people have come together to provide support and practical assistance within their communities.

A large amount of personal data is being shared, such as names, addresses, health concerns, pregnancy, prescription needs, and in many cases, by people less used to the online world. 

The Information Commissioner's Office (ICO) has written a blog piece aimed at those who have set up community groups in the recent weeks. The ICO emphasise that the data protection rules will not stop people from helping those in need. They remind groups to "keep it lawful" - and point out that sharing data in the current circumstances might just save someone's life.  

The ICO reminds those using other people's personal data to:

1. Use data how the person who gave it to you would expect, tell people why you need their data, what you will do with it and who you are going to share it with.
2. Keep it secure (either by keeping your device secure - both physically and in the cyber security sense).
3. When it is no longer needed, securely destroy the information.

The ICO have directed groups towards a privacy notice template and also asked groups to keep a record of how they are using data citing these as best practice. We very much doubt that the ICO will penalise any groups who do not put a record of processing or a privacy notice in place, however, if you think your group might become more of a permanent fixture or you think there might be issues, it could be a useful step to take.

New Ways of Meeting

With cyber security in mind, there have been reports that cloud meeting apps such as Zoom and Houseparty are being targeted by hackers or 'zoombombers' who are apparently exploiting the default settings to spread malware and send explicit content to un-expecting users. Some tips to bear in mind:

1. If you're using new apps, it is worth taking the time to check the default settings and understand what this means for your own data, where it is being shared and what the app has access to.
2. Make sure you update the app as soon as patches and upgrades are available.
3. If you are using new apps for business meetings, make sure its in-line with your company's privacy notice and IT acceptable use policy.
4. Update privacy notices to reflect new practices.
5. Supervise children's use and remind them of key online safety tips (Net-aware from NSPCC is a useful resource, which gives tips on changing default settings).
6. Update passwords and make them long but memorable.

If you suspect you might have been hacked or you receive unsolicited contact via meeting apps, you should report to the person responsible for data protection in your organisation (possibly a data protection officer) who can investigate and make any necessary reports.

As ever, if you have any questions about your data protection compliance, please feel free to contact a member of our Data Protection team, or complete the form below.