Covid results emails may breach GDPR
Posted April 12, 2021
- Free, rapid lateral flow tests for coronavirus are now available in England, but the government notifications confirming the results appear to contravene several articles of the GDPR.
- As well as general coronavirus advice like the importance of social distancing, each Notify email contains the user’s name, date of birth and NHS number.
- Email is, at its heart, an insecure medium, too easy to hack or intercept – or even read over someone’s shoulder. The personal details are included to prove that an email is from official government channels, which was common in the analogue (i.e. paper-based) past; but in a world of digital identity theft, such practices must be reviewed.
- While the layperson may not be put off, data-conscious individuals might think twice about reporting their test results (which is not, currently, a legal requirement), to lower the risk of data and identity theft – with knock-on effects on NHS data collection and virus tracking.
– Tom Allen | April 12, 2021