There are some things in life which we ‘need’ rather than ‘want’ and I would hazard a guess that Privacy Policies fall into that category. But in a world where so much is conducted virtually, and where a lot is going to depend on the ability of the authorities to Trace and Test for Covid-19, this is something we need to either think about again. Or maybe address for the first time.
So here is a brief checklist of what you might need to think about in the context of the COVID-19:
- Are you a business which didn’t previously keep details – but do now need to? If so you should look at preparing a policy and putting it on your website and direct people to it in simple notices in your premises.
- Add some wording to your existing policy to explain why the information is needed.
- Explain the lawful basis for keeping the information and the fact you will be revealing it.
- If you are a faith-based organisation remember you need explicit consent because by visiting faith-based buildings or visiting religious websites you may have revealed your religious beliefs. As this is a protected characteristic explicit consent is needed.
- Think about how long you will keep the data for. You should keep data for the shortest reasonable time given the use it is being put to.
- As you may use the data for other purposes such as marketing, if you haven’t previously kept marketing lists think about the other uses you might put the information to and make that explicit.
- Don’t forget to check that any health or other tests you are asking staff to take / reveal also need dealing with.
- Check you have updated the purposes to include public health disclosure and updated the third parties to whom you may disclose data to include health authorities and agencies.