ICO seeks to review data protection practices of senior civil servants handling sensitive information during the pandemic.

The ICO has called for a government review into the use of private emails and social media channels during the pandemic following concerns detailed in the ICO report “Behind the screens – maintaining government transparency and data security in the age of messaging apps”.

The report follows an investigation into the Department of Health and Social Care (DHSC) during the pandemic and concluded that there were shortcomings in the controls employed by the department in tracking data, within its systems and the increased use of messaging app and technologies like WhatsApp by Ministers and senior government officials. By utilising technologies in this way, these practices risked a data breach where important information was shared without the requisite security embedded in its systems.

The government are not alone here. Across the UK, many businesses and organisations have modified practices and stated polices to respond to business and operational needs during the pandemic. The UK GDPR requires organisations to map its data so that it can put in place organisational and technical measures to ensure information security. This is particularly challenging when it does not have visibility on the ways in which data is shared. This presents a real risk to the transparency and accountability principles underpinning the UK’s data protection legislation.

Businesses, public authorities and government need to recognise that a review of their current practices and calibration to align these with policies will be necessary, to ensure security of information and resilience to cyber threats going forward.

If you have any questions regarding this article, please feel free to contact Louise Weatherhead, a data protection lawyer, by email at Louise.weatherhead@sintons.co.uk, on Twitter @LNWdataprotect, or by telephone on 0191 2263699.