The global spread of COVID-19 has generated numerous privacy and data protection issues. Read on to know more about it…
The global spread of COVID-19 has generated numerous privacy, data protection, security and compliance issues. The increased use of technology in personal and professional life due to the ongoing COVID-19 pandemic has also led to an increased need to ensure data protection and privacy. These challenges are driving the need for organizations to ensure their digital experience platforms are not only secure, but forward looking.
The Situation
Several government and private organizations are now storing and recording their employees’ medical and travel-related information. While it is fine to do so, it is also important to ensure that such data is collected after due cognizance of the Information Technology Rules and after following all data protection procedures and measures.
Certain state governments have started an initiative that requires medical professionals to go door to door in order to identify COVID-19 patients. This also requires the collection of medical data which must be used and disposed of in a proper manner and in consonance with the Information Technology Rules.
Given this increased level of disclosure of medical and travel records to employers and the government due to the COVID-19 pandemic, there is a heightened need to reopen the debate on data protection and procedures to secure such data.
Guidelines to be followed by Organizations for Collecting Personal Data
The following are some of the guidelines to be followed by organizations for collecting personal data
1.Legal Necessity: Sensitive personal data can only be collected for a lawful purpose connected with the functioning of the corporate body (defined in Section 43A IT Act) or its representative and that such collection is necessary for its purpose.
2.Citizens should be Informed: The data principal should be aware of the collection of the information, the intended purpose of the information, the intended recipients of the information and the name and address of the agencies collecting and retaining the information.
3.Obtain Consent: The corporate body or its representative must obtain consent from the provider of the sensitive information.
4.Protection against Misuse: The corporate body holding this sensitive data should use it for the intended purpose only, and should not retain the data for longer than is required for the intended lawful purpose.
The Road Ahead
The right to free movement is a fundamental constitutional right, which has been restricted in order to contain the coronavirus. Similarly, the government should be allowed to act in the best interests of its people, even if it means a temporary suspension of the right to privacy.
However, a pandemic need not mean a complete overhaul of fundamental rights. The government and organizations must do its best to retain as much of its people’s rights as is possible. Collecting and circulating patients’ personal information for achieving a legitimate goal is necessary; doing so without their consent and imposing penal sanctions is an unjustifiable infringement of their privacy. In its fight against COVID-19, the government and organizations need to take that extra step to ensure that it does not place under lockdown, the fundamental right to privacy.