Covid-19 Q&A

We have put together this area to answer some questions we have received that may be of use to you, if you have a question please email enquiries@odpa.gg.

Up-to-date States of Guernsey advice can be accessed at https://www.gov.gg/coronavirus

Please get in touch if you are facing new data challenges resulting from the evolving public health situation, or see our Information Hub


Q. I’m wondering if the ODPA is taking a more ‘relaxed’ approach to enforcement activities during the current public health situation? [March 2020] 
A. We would like to reassure local organisations that we are taking a realistic and pragmatic approach to regulatory activities during the Bailiwick’s ‘lockdown’.

Q. I’m a health professional, can I use video messaging services to assess patients remotely? [March 2020]
A. We all share the same concerns about the spread of the COVID-19 virus. The need for public bodies and health practitioners to be able to communicate directly with people when dealing with this type of health emergency has never been greater.

Data protection law does not stop the States of Guernsey or any health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing. Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Further, certain public bodies may require additional collection and sharing of personal data to protect against serious and present threats to public health.

The safety and security of our community remains our primary concern and we will continue to regulate in a realistic and pragmatic manner taking into account the compelling public interest in the current health emergency

Q. I’m working from home at the moment, what steps should I take to protect personal data? [March 2020] 
A. We have published these 8 common-sense steps you could take.

Q. I’m an employer, am I allowed to tell staff that a colleague has potentially contracted COVID-19? [March 2020] 
A. Yes. You should keep staff informed about specific cases in your organisation as you have an obligation to ensure the health and safety of your employees, as well as a duty of care. Data protection doesn’t prevent you doing this, but you need to make your own decision as an employer about what you think is appropriate, necessary and ethical in terms of what details you share with colleagues. You need to balance the evolving public health situation with your staff’s privacy and dignity, and only disclose what you think is right.

Q. I’m a local business collecting contact tracing information from people who visit my premises [during Phase 4], what do I need to think about in terms of data protection? [May 2020] 
A.  We published this statement on 30 May 2020 in response to media queries about this issue.

Q. I’m confused, what does Covid-19 have to do with data protection? [June 2020] 
A. Data is of critical importance during a public health emergency. Many jurisdictions around the world, including the Bailiwick, are using personal data (i.e. who has been where, who has met who, and what their health status may be) to contain the spread of positive cases. For this ‘contact tracing’ strategy to be effective, people need to have trust and confidence that the organisations collecting their data are doing so accurately, looking after it securely, using it only for the purpose intended and so on. Data protection legislation exists to facilitate personal data being used in a way that benefits us all, and takes account of individual’s fundamental right to privacy.

So, does public health trump privacy during a pandemic? Read this case study Covid-19 meets Privacy: A case study for Accountability (published by the Centre for Information Policy Leadership [CIPL], April 2020) which argues for both public health and privacy.

You may also find this CIPL observation (June 2020) of interest: Looking Beyond COVID-19: Future Impacts on Data Protection and the Role of the Data Protection Authorities of interest as it explores “the main impacts, challenges and opportunities of the COVID-19 crisis on organisations, data protection authorities and individuals through the lens of data protection in the post-COVID-19 world.” Good data governance does not prevent effective and valuable use of data, it makes it possible.