02:39 GMT14 August 2020
Listen Live
    UK
    Get short URL
    121
    Subscribe

    Government lawyers accepted it was legally required to have a completed data privacy impact assessment (DPIA) at the time Test and Trace launched 28th May, and revealed it still hasn’t been completed as of 20th July, although it’s being worked on.

    The UK government has admitted its contact tracing programme is unlawful in a legal letter confirming it’s been running in breach of data protection laws since launch in May.

    According to the letter, sent in response to a legal challenge brought by Open Rights Group (ORG) against the government for failing to confirm whether it’d met the required safeguards for the programme, Whitehall didn’t conduct a DPIA, required to ensure breaches of patients' information don't take place.

    ​A spokesperson for the Department of Health and Social Care told Sky News there was a clear distinction between the programme itself being unlawful versus the way it was handling NHS patient data being unlawful, and the latter hadn’t happened. They also claimed the programme was developed quickly due to the public health emergency caused by the pandemic.

    "NHS Test and Trace is committed to the highest ethical and data governance standards - collecting, using, and retaining data to fight the virus and save lives, while taking full account of all relevant legal obligations," they added.

    Adding to Whitehall’s woes, Sky News has revealed contractors working for NHS Test and Trace have been told they may be fired following reports of dozens of staff sharing patients' confidential data on social media – the outlet has seen internal communications from NHS Test and Trace warning contractors "patient identifiable information must never be posted" on social media, and “any such examples which come to light will be dealt with through the appropriate employment processes”.

    ​This message was first circulated to workers 13th July before being repeated three days later.

    Jim Killock, executive director of ORG, described the government as "reckless" in "ignoring a vital and legally required safety step".

    "A crucial element in the fight against the pandemic is mutual trust between the public and the government, which is undermined by their operating the programme without basic privacy safeguards. The Information Commissioner's Office and Parliament must ensure Test and Trace is operating safely and lawfully. As we have already seen individual contractors sharing patient data on social media platforms, emergency remedial steps will need to be taken," he added.

    Related:

    Boris Johnson Grilled as Germany Beats UK to a Coronavirus Contact Tracing App
    Google, Apple Approach Indian Gov’t to Link New COVID-19 Tracing API With Arogya Setu - Reports
    WiFi at Pubs and Restaurants is Ideal for UK Government's COVID-19 Track and Trace, Tech Firm Says
    Campaigns Officer: Only 15% of People Believe That SERCO Should Be in Charge of UK Contact Tracing
    Tags:
    personal data breach, patients' personal data, personal data, data
    Community standardsDiscussion