An icon for a calendar

Published March 28, 2020

Times They Are-A-Changin

COVID - 19 Rules - Since the current pandemic was first discussed the population of the western world has been stocking up on everything from toilet paper to pasta, and retailers

Are supermarkets about to break data regulation and privacy laws due to Corona Virus?

COVID – 19 Rules – Since the current pandemic was first discussed the population of the western world has been stocking up on everything from toilet paper to pasta, and retailers have been trying incredibly hard to manage this massive surge in their supply-chain logistics.

Since the need to social distance was added this pattern of buying has moved on-line. I challenge you to place an online order for groceries and try and get a delivery window within two weeks. For many people all their normally available choices for online grocery shopping don’t have a single available delivery window on their full published calendars.

And this is a problem, because some groups of the population have no choice but to order online. People in high risk groups such as the elderly or those with serious medical conditions have been advised to stay at home. For these people online shopping isn’t a luxury, it’s the only way they can get supplies without risking their lives.

To try and help, retailers (mainly in the UK and Europe) have started to update their policies to start to include giving preference to high risk people. But to do this they need to verify if someone is high risk. And to do this they need to ask them for information on what makes them high risk. Questions like their age, and details of their medical history.

But these are private medical information data points that normally would only be provided to a organization that is subject to strict privacy and security regulations, not your local supermarkets website. I believe in the UK this validation is being handled by a link to a government website. But whatever process is delivered needs careful planning, development and deployment.

How will these organizations ensure that they keep this private information private? Do they have controls on their data and storage systems to ensure that only people with the right access rights can see the data? Do they have a way of reporting on who has accessed this data?

These are not easy times, and these are not easy questions.

Every single business today is having to think about things differently.