The government of the UK has failed to meet a crucial General Data Protection Regulation requirement in its COVID-19 Test and Trace program, risking people’s privacy rights, as per the Open Rights Group (ORG).
This is followed by the UK’s Department of Health admission to the group that it has yet not conducted a data protection impact assessment (DPIA) – a GDPR mandate to identify and mitigate the data protection risks in projects processing personal information.
Test and Trace got introduced in England on May 28 as part of the government’s strategy to ease COVID-19 lockdown restrictions. Under this initiative, the National Health Service (NHS) attempts to trace down the close of recent contacts of anyone who turns to be positive for the virus, and if necessary, informs them about self-isolation. This involves people being questioned to provide sensitive data, including their date of birth, name, postcode, who they live with, and places they visited recently, leading to privacy fears.
In this private sector, firms are expected to ensure that data protection and privacy controls as a part of their business as usual processes, nothing that is revisited in hindsight.
To Read More: Infosecurity