Security News > 2020 > July > UK.gov admits it has not performed legally required data protection checks for COVID-19 tracing system
The UK government has admitted it deployed the COVID-19 Test and Trace programme without a Data Protection Impact Assessment required by law, according to privacy campaigners the Open Rights Group.
The ORG said the Department of Health and Social Care had confirmed in writing that the impact assessment had not been carried out following its legal complaint to data protection watchdog the Information Commissioner's Office.
"An ICO spokesperson said:"It is an organisation's responsibility to complete a data protection impact assessment as a way of identifying and addressing key privacy questions.
"We recognise the urgency in rolling out the test and trace service during a health emergency, but for the public to have trust and confidence to hand over their data and that of their friends and families, there is also work needed to ensure the risks to that personal data are properly and transparently mitigated. People need to understand how their data will be safeguarded and how it will be used."
"If what you've done is designed your entire system and you're ready to go, and suddenly think, 'I haven't done my data protection impact assessment', and then you're trying to write it in a way that shows but the solution you found is completely compliant with the law: that could take longer," Brown said.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/07/20/uk_test_trace_data_protection/