Confirmation the programme breaches privacy regulations follows reports of patients’ confidential data being shared online.
By Rowland Manthorpe, technology correspondent, and Alexander Martin, technology reporter
The government has admitted its contact tracing programme is unlawful in a legal letter which confirms it has been running in breach of data protection laws since it was launched in May.
Confirmation the programme failed to adhere to privacy regulations comes as Sky News can reveal that contractors working for NHS Test and Trace have been told they may be fired following reports of dozens of staff sharing patients’ confidential data on social media.
According to the legal letter, the government did not conduct a data privacy impact assessment (DPIA) which is required to ensure that breaches of patients’ information don’t take place.
The letter was sent in response to a legal challenge brought by Open Rights Group (ORG) against the government for failing to confirm whether it had met the required safeguards for the programme.The inside story of how the government failed to develop a contact-tracing app
In the letter, which has been seen by Sky News, the government’s lawyers accept that the government was legally required to have a completed DPIA at the time Test and Trace launched on 28 May.
The lawyers add that a single one covering the whole of the project has still not been completed, but was being worked on, and that a number of DPIAs covering different parts of it were in place.
A spokesperson for the Department of Health and Social Care drew a distinction between the programme itself being unlawful versus the way it was handling NHS patients’ data being unlawful, claiming: “There is no evidence of data being used unlawfully.”