Locks and Security News: your weekly locks and security industry newsletter
16th September 2020 Issue no. 525
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
MPs accuse government of privacy failings
On the news that a cross-party group of more than 20 MPs has accused the UK's privacy watchdog of failing to hold the government to account for its failures in the NHS test-and-trace programme and are demanding the government change the programme, Toni Vitale, Head of Data Protection at JMW Solicitors LLP, says:
"The Department of Health conceded last month that its initiative to trace contacts of people infected with Covid-19 was launched without carrying out an assessment of its impact on privacy. The failure to carry out a data protection impact assessment (DPIA) means the NHS and the government is in breach of the General Data Protection Regulation (GDPR) and Data Protection Act 2018. This type of audit is key for projects that process personal data, particularly sensitive data such as health and medical information.
"Under GDPR, failure to carry out a DPIA when required may leave the NHS open to enforcement action, including a fine of up to £10 million. The government said there is no evidence of data being used unlawfully or any risk to individuals, but they cannot possibly know that without carrying out a DPIA. Perhaps this is another example of one law for the government and another for the rest of us. It does not set a good example particularly as lots of organisations are now processing data about their employees and in some case customers, including new data about Covid-19 test results. Some of these organisations will need to perform a DPIA and the government / NHS should do so."
26th August 2020