It has now been over a year since Chinese authorities reported the first case of Covid-19 to the World Health Organisation. This year has brought tragedy for the many people who have lost loved ones. It’s also brought difficulties for all, with restrictions on our daily life that haven’t been seen since the 1940s.
Mental wellbeing and Data Protection?
We’ve had months of lockdown, daily emergency briefings reinforcing the gloomy outlook. We live under more tiers than a wedding cake, and enough Government U-Turns to make a driving instructor pale. Many of us are feeling long term fatigue even though our physical activity levels have dropped.
This is because we have all been facing the stress of COVID-19. When we face psychological stress, our bodies enter ‘fight or flight’ mode. Your heart rate goes up and raises blood pressure, whilst suppressing non-essential functions like digestion and your immune system.
This response is ideal if you’re being chased by a bear. However, with a long-term stressor like COVID-19 you’re on high alert for long periods. This takes a toll on your energy levels and leaves you at risk to the normal coughs and colds that are still circulating.
This chronic stress takes its greatest toll on our mental wellbeing. Poor sleep, depression, anxiety, and a loss of concentration are common results. A study by the ONS found that 1 in 5 adults reported depression, compared to 1 in 10 before the pandemic. Symptoms for those with pre-existing conditions have worsened and many have reported feelings of stress and anxiety.
What does this have to do with data protection?
It might seem strange that an opinion piece on GDPR is delving into the pandemic’s impact on mental health. However, poor mental wellbeing might put a strain on your data protection measures.
Several studies have found that sleep loss and fatigue can lead to increased risk taking, poorer reaction times, and lower levels of neural and data processing. Fatigued people are simply more likely to make a mistake. When handling personal data this can result in a data breach.
A higher risk of data breaches is concerning at any time, but it is even more worrying in current circumstances. Schools and colleges are providing education in a very difficult environment.
Just over a month ago, the UK government announced that secondary schools and colleges had the chance to set up mass asymptomatic testing of pupils and staff. Since the announcement, there has been a flurry of activity from the DfE, Teachers unions and the MHRA (Medicines and Healthcare products Regulatory Agency). While education leaders have been calling for testing for a long time, there have been understandable levels of apprehension.
Unlike pilot schemes, schools and colleges are to provide their own staff to assist with testing, cleaning, and administration. Of course, in the latest U-Turn, the government dropped repeated daily testing for students who had contact with a positive case.
The Secretary of State for Education confirmed that regular mass testing for staff and eventually returning pupils will continue. It is also likely to be extended to all settings. Unlike Test and Trace, schools will be responsible for processing test data. A totally novel process, schools and colleges will be processing and storing hundreds of items of special category data. That data will be held internally on pre-existing systems, not specifically designed for this process. Furthermore, schools will need to inform individuals who test positive. It is a veritable nightmare of new data protection risks.
Combine this with everything we’ve said about the increased risk of error, and maybe it makes more sense that a Data Protection company is talking about mental health in the pandemic.
Protecting yourself from Breaches
Unfortunately, there is no quick fix. Each day brings more vaccinations, and with it more hope for normality, but this has always been a marathon rather than a sprint. The best we can do is be aware of increased risk and put additional safety nets in place. For instance, a quick guide for test administrators, that they can refer to should they become unsure, might reduce mistakes in administration, or in contacting individuals.
When writing procedures for test administration, building in checking stages can help as well. Making a double check part of the routine, will help staff catch mistakes they might make on the first run.
Even taking a few minutes to check in on your staff can make a huge difference. Just talking about a worry can reduce anxiety. It also gives you an opportunity to assess where additional support might be needed to prevent data protection problems.
We are all working hard to simply manage our daily lives while the landscape shifts every minute. This fatigue is understandable and normal. We just have to be aware of it, so we can try to minimise mistakes, and save ourselves from even more stress.