Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Public Health England to keep contact-tracing data for 20 years

Written by  May 27, 2020

Public Health England (PHE) will retain the personal data of British citizens gathered through the NHS’s Covid-19 coronavirus Test and Trace programme until the year 2040, it has emerged.

The programme, which launched recently despite being mired in alleged IT problems and minus the controversial contact-tracing app, is intended to help bring the UK out of lockdown by tracking down the personal contacts of those who test positive for Covid-19, which has now likely killed more than 60,000 people in the UK at the rate of 891 per million, which may be one of the highest death rates in the world.

As of today, those who receive a positive test result must share information about their recent contacts, defined as household members or anybody they have been in direct contact with – or within two metres of – for a period of more than 15 minutes. These people will then be instructed to self-isolate for two weeks even if they do not have symptoms themselves.

To do this, PHE will be gathering names, dates of birth, home postcodes and telephone numbers and email addresses.

According to a privacy notice posted to PHE’s website, the data will be held in a “secure cloud environment, which is kept up-to-date to protect it from viruses and hacking”.

PHE said the data could only be seen by those with a “specific and legitimate role in the response” and who are working on the programme, all of whom have been trained. It added that all the data will be held in the UK, and that no personally identifiable information (PII) from the dataset will be published externally, although it may be shared within the NHS if needed.

However, the notice said: “The personal identifiable information collected by the NHS Test and Trace on people with coronavirus or who have symptoms will be kept for 20 years.

“The personal identifiable information collected on the contacts of people with coronavirus, including those who are showing symptoms, will be kept for five years.

“The information needs to be kept for this long as it may be needed to help control the spread of coronavirus, both currently and possibly in the future,” said PHE.

People do have certain rights pertaining to this data as set out in the privacy notice, however there is no absolute right to ask for the data held on you to be deleted.

PHE’s data collection operation is covered under Articles 6(1)(e) and 9(2)(i) of the General Data Protection Regulation (GDPR), which state that the data can be used if data processing is necessary to perform a task in the public interest or to exercise official authority vested in the controller, and if data processing is necessary for reasons of public interest relating to public health.

The organisation has also received permission from the Department for Health and Social Care to use PII without consent if it is in the public interest, under Section 251 of the NHS Act 2006.

FireEye’s Europe, Middle East and Africa (EMEA) chief technology officer (CTO), David Grout, said that both the length of time the data will be stored for and the lack of control over how it is used and kept were bound to cause privacy concerns.

“This might not be too much of a headache for the government while manual tracking is the norm, it is hard for the public to opt out of that, but it will become more of an issue when NHSX’s contact-tracing app is launched as this will rely on the public opting in for the project to work,” said Grout.

Grout went on to explain that concerns about data usage in the app, and how long the data is stored for, could affect the number of people willing to download it onto their smartphones, which needs to be high in order for Test and Trace to be a success.

“Moreover, any reservations around how long data is stored are legitimate – the longer sensitive data is held for, the more risk there is for the data to be accessed and exploited,” he warned.

“If the government could assure the public that the data is not being collected indefinitely and is being stored securely, it could encourage greater adoption and, more importantly, ensure the data is not misused in the future.”

Peter Flynn

Creator and director of IT Security Centre UK.

I have worked in the IT industry for many years and developed my IT security skills in particular. As this area has always been of interest to me and is more important now than ever.


We would like to invite IT Security Professionals from the UK to join our other contributors in providing high quality articles for our website.

To enhance IT Security Centres credentials and to offer an opportunity for other IT Professionals and IT Companies to share their work, information and ideas.

We are always happy to hear from other IT Security Professionals and look forward to your incite. please contact us for more information.

Popular News

Jun 13, 2020 IT Security News

Microsoft announces major issue in Windows 10 June 2020 updates

On 9th June, 2020, Microsoft released cumulative updates for supported versions of Windows 10 including version 2004, ve...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

Jun 12, 2020 IT Security News

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-bas...

Jul 23, 2020 Cyber Security

Many cyber attacks on UK sports industry says report

At large percentage of sporting institutions, organisations and teams in the UK have suffered a security incident in the...

Jun 09, 2020 IT Security News

Self-employed targeted by hackers with HMRC SMS phishing scam

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-e...

Jun 25, 2020 IT Security News

NCSC catch a million phish

The National Cyber Security Centre has received the millionth submission to its Suspicious Email Reporting Service. ...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Jun 11, 2020 IT Security News

UK government still can’t decide how NHS contact tracing app should work

A new report today says that the UK government still hasn’t decided exactly how its NHS contact tracing app should wor...

Jun 10, 2020 IT Security News

Is your boss spying on you whilst you are homeworking?

The recent worldwide move to working from home has caused concern amongst employers.

Jun 27, 2020 IT Security News

Apple devices to get encrypted DNS

Apple this year will boldly go where its peers have gone before by implementing support for encrypted DNS in iOS and mac...

Jun 16, 2020 Internet of Things

Ripple20 Bug Exposes Millions of IoT Devices

Exactly how many of the devices that include Ripple20 bugs are directly hackable via the internet remains far from clear...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Jun 08, 2020 Data Security

IBM data encryption is progressing

IBM is making a move forward with its homomorphic encryption (FHE) solution, providing encryption for in-use and shared ...

Jun 11, 2020 Cyber Security

UK government to fund nine cyber security projects

The government is to invest £10m through March 2024 from various sources to fund nine academic cyber security projects ...

Jun 12, 2020 IT Security News

Good reasons to use a proxy server

A proxy server – is a computer on the internet which acts as a middle-man between your computer and the website or ser...

Symantec Home 120x60