



The UK Information Commissioner’s Office (ICO) said on Monday that it will rebuke and review how and whether government business practices should use the messaging service after it discovered the widespread and potentially dangerous use of private email, WhatsApp and other messaging tools by government officials. urged that From the Department of Health and Social Welfare (DHSC).

The action ordered by the ICO comes after a year-long investigation into whether DHSC has complied with the UK General Data Protection Regulation (GDPR), UK Data Protection Act 2018 and Freedom of Information Act 2000 during the COVID-19 pandemic.

The investigation began in July 2021 when complaints were made that communication practices using tools not controlled by the department could result in loss of information from public records.

According to the ICO report [PDF]The confidentiality and security of personal data is at risk using communication tools operated by individuals.

Information Commissioner John Edwards said, “This investigation found that DHSC was not complying with both its transparency and privacy obligations.”

The ICO declared “extensive use of private communication channels by ministers and staff employed by the DHSC. Evidence more widely available in the public sphere suggests that this practice is common in most of the rest of governments and pre-pandemic” . An online summary of the report’s findings.

The next review of our practices will identify more coherent approaches to systemic risks, areas for improvement, and interdepartmental communication. It also includes investigations into issues that may have been specific to the pandemic.

The ICO said it had ordered the DHSC to “improve the management of requests for freedom of information and to resolve discrepancies in existing FOI guidelines”.

reprimand [PDF] This document issued to DHSC instructs departments to improve data processing processes and procedures in accordance with the requirements of the UK GDPR. It is stated that DHSC has violated processing operations relating to storage restrictions, integrity and confidentiality, processing security, etc.

Although ICOs take a strong stance against the use of informal communication, they recognize that ICOs, which are slowly spreading in public services, can only reflect the times.

In the ICO’s rebuke to DHSC, Director Steve Eckersley said, “It is important to emphasize that ICOs do not take the view that DHSC and public institutions in general should not send information containing personal data over private communication channels. do,” he said. He went on to explain that communications with personal data must comply with UK data protection laws.

Eckersley said the use of private communication channels during a pandemic is understandable, but the inherent lack of oversight in communication methods poses risks.

“The pandemic has placed extreme demands and stresses on our public services,” Edwards said in an official report. . However, Edwards also said that new or alternative communication technologies do not alleviate data security and transparency obligations.

“This is not only a product of the pandemic emergency, it is a continuation of the trend across governments in the years preceding the pandemic to adopt new ways of working without adequate consideration of the risks and issues that may appear in information management.”

