The key takeaway for public authorities is that organisations must be able to work together to combat the pandemic:
"The top line here is a recognition of the importance of organisations being able to work together to respond to this pandemic. Data protection law will not stop this happening."
This suggests that the ICO will prioritise public health over strict compliance, and that data protection should not be a barrier to effective working with other organisations. In practice, this will mean that public authorities should be considering effective, but limited, data sharing with other organisations where this is essential to get help to those in need. It also means prioritising the health of your staff. Home working should be permitted as far as possible, although this will present some challenges in terms of data protection compliance.
Whilst the ICO appears to be taking a relaxed approach to some areas of compliance, for example statutory deadlines for responding to requests for information, we anticipate that this will not extend to all areas of compliance. Most notably, in relation to information security practices, and the current situation will not be a valid excuse if there is a data breach caused by lax security measures. It will be difficult (but not impossible) for public authorities to maintain information security standards for home workers.
Therefore, we suggest that you ensure:
Another area of concern is how much information can be shared with colleagues about the health of their fellow workers. It is the view of the ICO that you may tell staff if a colleague has caught coronavirus but that you "probably don’t need to name individuals and you shouldn't provide more information than necessary". We therefore recommend that staff are kept updated on a need-to-know basis, and that information sharing is limited to that which is strictly necessary.
The ICO has produced a Q&A section on its website which contains further detail on the points outlined above.