Any thoughts supermarkets had of adding the data they have received on vulnerable patients to their own marketing databases have been scotched by the Information Commissioner’s Office, which has demanded that all information is deleted as soon as the crisis is over.
While the NHS has identified 1.5 million people as “extremely clinically vulnerable”, including transplant recipients, people with cystic fibrosis, severe asthma, and cancer sufferers, so far the supermarkets has been sent details on just 110,000.
Tesco chief executive Dave Lewis said that the supermarket giant had matched the information to 75,000 people on its own database. However, Sainsbury’s has gone one further by identifying more than 450,000 elderly or vulnerable customers, through a mixture of pre-existing data, calls to its customer helpline, and the NHS data.
The retailers will this week begin contacting customers on the NHS file, whose details can be kept and used to help prioritise deliveries to those most in need. The data has been shared under measures in the Data Protection Act 2018 – and GDPR – that allow the processing of sensitive private information when it is in the interest of public health.
However, the ICO has warned against data retention practices. A spokesperson said: “Data protection law enables organisations to share personal data when it is appropriate to do so. In a national emergency such as the Covid-19 pandemic, sharing information between organisations can make a real difference to protecting vulnerable individuals.
“Where it’s necessary, public authorities are able to share relevant information to help provide essential support services, as long as they share only the minimum amount of information required and ensure that it is not retained for longer than needed.
“Data sharing can be done in accordance with the law, including putting the appropriate safeguards in place so people’s information is handled responsibly.”
EU data cop calls for single app to combat coronavirus
Regulator gives the green light for mobile data tracking
ICO pledges ‘light touch’ over coronavirus privacy fears
Mail blames the ICO for blocking coronavirus warnings