Coronavirus and Data Protection

[HappyHacker]

With some neighbours we have distributed leaflets throughout our village (300 homes) to offer assistance and ask for volunteers to help provide assistance to those in need.

One of the residents helpfully pointed out that our leaflets were in breech of the data protection laws! In addition we should make sure that we were compliant with all the provisions of the DP regulations.

I got in contact with the Information Commissioners Office ICO and they confirmed that we needed to comply with the legislation. They pointed me to the web page that explains the relation of the rules for the current crisis, but I have already read them and they do not appear to relax anything at all just words.

So the outcome is we need to have processes for the handling of any personal data we collect, Name Address, Phone number and help required. Tell people we are collecting that data, and be able to give people copies of any data we hold on them. Keep the data secure and destroy it when it is no longer needed.

We also have to pay the ICO £40 for the privilege from our own pockets

I did try to send the saga to the Daily mail so they could inform people but their email appeared to forward the tips email address to a journalist that did not exist and sent the whole lot back to me.

The BBC does not have a contact email address for News.

So sent it to my MP.

So a great help when you are trying to help in a crisis you can get prosecuted for not complying with Data Protection regulations!

We have had some great responses from the residents however!

 

[ScaredyCat]

I think one of your neighbours needs a hobby.


.

 

[Cheshirechappie]

One of the residents helpfully pointed out that our leaflets were in breech of the data protection laws! In addition we should make sure that we were compliant with all the provisions of the DP regulations.

There's always one, isn't there?

I'm not surprised that the majority of the locals were positive (one aside) though - and good on you for doing something positive in the face of crisis.

 

[Irish Rover]

I did try to send the saga to the Daily mail so they could inform people

I think you also need to give your head a little wobble.

 

[ColeyS1]

I think one of your neighbours needs a hobby.


.

Or to go hungry for a few days

Sent from my SM-G960F using Tapatalk

 

[Phil Pascoe]

I think one of your neighbours needs a hobby.

amongst other things.

 

[novocaine]

Are you doing this as a business or charitable organisation?

if not, then you are doing it as a concerned neighbor and the ICO can go coco. Data protection does not apply between friends (I hope).

from the title of the document itself "The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government."

are you any of those three? if not, mr busy body can shove it, he gets no help.
as to the ICO telling you otherwise, it would help if they knew their own regulations, alas, the poor folks on the end of the phone have little to no training beyond what is written on the screen in front of them, if you don't fit in to the little boxes they have then they can't give you any real advice so they fob you off with some bullpoop.

you don't have to pay the ICO for anything, if you are worried about it still then a quick mail shoot to state what information you retain, for how long and how you will ensure that information is secure (password protected excel spreadsheet for example). along with that, state that you will destroy all information after x months.

or I could be completely wrong, I'm just some bloke on the internet after all.

 

[doctor Bob]

Crikey, they won't be worrying about that, I won't be paying the government anything for the next year, vat, NI, CIS, PAYE, rates ................... what ever it takes.

 

[Student]

There’s always one isn’t there. Like others, I’m don't profess to be an expert but had to deal with the GDPR for both our local Neighbourhood Watch group (NHW) and an arts group to which I belong. In my limited knowledge, despite what novocaine says, I think it might be difficult to state that what you are doing is just between friends. One way around the problem might be to set up a NHW as then you would be covered by the police set-up provided you follow their guidelines. Even if you don’t, this is the guidance that was issued by Avon & Somerset Constabulary when the GDPR was first implemented as the checklist is quite useful.

https://www.avonandsomerset.police.uk/m ... onsent.pdf

The first thing we did when setting up our two e-mail systems was to issue an e-mail which included wording similar to the following:

“In setting up this e-mail system, there are a few items of which you should be made aware.
Firstly, it has been assumed that, as you have already given us your e-mail address on your application form, you are happy for us to use it for our purposes.

Secondly, we can confirm that we will only use your details in accordance with our legitimate activities and your information will not be passed to any third party without your consent.

Should you now, or in the future, wish to stop receiving e-mails from us, please let us know and you will be deleted from our e-mail list and will receive no further e-mails from us.”

You are presumably going to ensure that all e-mails go out as bcc and that any spreadsheet that contains any data is password protected. In addition, are you going to set up a dedicated Outlook or gmail account as this will make life easier than sending e-mails out from your own account?

If you end up with having problems in sending out a whole load of e-mails at one time, as some systems such as Outlook can restrict the maximum number at one time, you might consider setting up a Mailchimp account which is free for groups with less than 500 members.

Finally, may I suggest that the nosy neighbour is designated your Data Protection Officer and ensure that he is responsible for making the system work!

 

[Cheshirechappie]

Student - I'm not in any way trying to 'have a go' at you, what you posted contains much of value. However, I think there's a flaw. My mum, for example, has no computer or mobile phone. Keeping in touch with her means letter, landline or physically going round to see her, and I think many older folks are in much the same boat. It's easy to forget how fast technology has come upon us; mum was in receipt of her pension before the internet was a widespread thing.

For anyone setting up a local Coronavirus support network, especially if older people need support, a fair bit of flexibility will be needed with contact methods. May be even more of a GDPR nightmare - or maybe Novocaine has a point. In times of real emergency, overbearing legislation like GDPR, however well-meaning it might be, just gets in the way of simple neighbourliness.

 

[Trainee neophyte]

Finally, may I suggest that the nosy neighbour is designated your Data Protection Officer and ensure that he is responsible for making the system work!

Now that is how to find a solution to a challenge.

In other news, I was told that a mask and gloves were all I needed to go to the supermarket. It was a lie! Everyone else wore clothes, too! (joke via the wife's Facebook - not my fault)

 

[FatmanG]

Damned if you do damned if you don't. I can only speak as i fall into the don't come out for months group and I'd be most grateful of support and couldn't give 2 hairy toenails about data protection
Good on ya fella
FG

 

[Student]

CC – thanks for pointing out the flaw in my comments above. As you rightly point out, it’s more than possible that those most in need of help are those that are not computer savvy.

Amongst our arts group membership, about 450 members in all, there are about 35 who don’t have an e-mail address. What we do for them is have a “telephone tree” operated by Committee members to advise them of what’s going on. Perhaps Happy Hacker could organise something similar by way of a helpline if needed. However, to cover their rear ends, it might be an idea to get any resident that only has telephone contact to sign a form to confirm that they are happy to be contacted by telephone and provide them with some advice as to how to stay safe if anyone suspicious calls them i.e. spam calls.

When setting up our NHW, 175 households, we did identify some residents that needed to be looked out for and, in their cases, we got near neighbours who knew them to act as go-betweens. In a couple of isolated cases, the resident gave us the e-mail of a family member who we could contact and ask them to pass on the message to the person we were trying to contact.

As FatmanG says, good on you for taking this initiative.

 

[CHJ]

Our local community has circulated a list of 'Help' Contacts for the 5 nearest communities/Parishes that we have normal contact with (local Luncheon Club, walking groups, WI etc.)

With Contact names for each area (8 in all) and relevant 'phone no's, an email point of contact for information updates if we wish to add our contact details to the list.

And a list of very local produce suppliers and cooked food and drinks deliveries if needed.

 

[HappyHacker]

The guy who sent the email is an expert on data protection and was genuinely trying to help. I had the same negative thought as many of you when I first read it but when I thought about it for a few minutes I realised he was right and we could end up in a lot of trouble if personal data that we should not be holding about someone we were helping was made public. It has made us stop and think. He and his wife have also volunteered to help. Unfortunately there are people out there who would try to take advantage of any mistake we might make even if we were trying to help them.

What really annoyed (read any prohibited words you would like to insert) me was the ICO who want to make a charge and have not prepared some simple process to help people like us ensure that we know what we need to tell our volunteers and self isolators given the current situation.

 

[HappyHacker]

Also some good ideas from CHJ, I will try to implement some of them.

And thanks to the many helpful tips from others

Kevin

 

[profchris]

There are two kinds of experts on data protection:

1. Those who protect organisations from breaking the law. They demand strict compliance, for obvious reasons. I think your neighbour is one of those. Data protection law does apply to individuals.

2. Experts like me (I was part of the consultation on the 1984 Data Protection Act) who take, shall we say, a more pragmatic approach.

My local help group is imply asking people for their consent to store data (phone numbers, what they can offer). My take on this is as follows:

• * First, there is an exception in data protection law. The GDPR explains it as follows: "This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities." How wide this exception is, academics and regulators debate at length. But, in the current circumstances, I think no court would refuse to apply this to local help groups.
  * Second, the UK regulator (the Information Commissioner) has much more important people to chase than such groups. So the risk of action on a complaint is tiny.

On that basis I think my local group can just go ahead. If it is in breach of the law (which I doubt) we will never find out.