The Government of Jersey now requires organisations whose activities have the potential for people to be within 2 metres of each other for longer than 15 minutes, to ask for contact information from patrons, for the purposes of supporting its contact-tracing efforts. It is important to note that patrons have the option to refuse to provide that information, and organisations cannot deny service to patrons who do not provide this information.
While many organisations already collect similar information for other purposes, in complying with this new requirement, organisations will be collecting the personal information of patrons for a different purpose and may collect more than they are currently collecting. In assisting with the Government of Jersey’s contact-tracing efforts, organisations must remember to comply with the Data Protection (Jersey) Law 2018 (the Law).
Organisations that have concerns or questions about how to collect and store personal data under the Law, or individuals who have questions about what is happening to their personal information and how to exercise their individual rights under the Law, should contact the Jersey Office of the Information Commissioner (JOIC) team via firstname.lastname@example.org or by calling the JOIC office on 01534 716530.
The purpose of this checklist is to help organisations to navigate their legal responsibilities when collecting personal data in these circumstances to support the contact-tracing effort. The Law covers all personal data, which is any data relating to a data subject (so, any information relating to a living, identifiable individual).
The Law requires organisations to process personal data lawfully, fairly and in a transparent manner. This means that patrons should know exactly what information organisations are collecting as part of the contact-tracing scheme and to whom the information will be disclosed and how it will be protected.
Further data protection guidance is also available at https://www.jerseyoic.org/resource-room/