Data Privacy & Security Considerations During the COVID-19 Pandemic

It’s critical to remember, though, that during this time of “social distancing,” data protection remains paramount.

The following are just a few things to keep in mind:

• Business obligations to safeguard personal and confidential information remain in place. The U.S. Department of Health and Human Services has issued guidance on the use of protected health information during the COVID-19 pandemic. For more information, see HERE and HERE . If your organization is governed by the GDPR, guidance has been issued by various data-protection authorities. For example, Italy, France, and Germany have all partially suspended data protection under the GDPR for public health reasons.
• In the rush to allow employees to “work from home,” policies and procedures should be tailored to keep sensitive information protected – at a minimum, make sure that such information is encrypted at rest and in transit. Remind employees that downloading sensitive information to their personal computers; using personal Google Drive, Dropbox, or other cloud-storage solutions; or “emailing a copy” of a file their personal email account may result in a violation of corporate policy and/or legal obligations. Use VPNs for workplace connections wherever possible and check remote computers for viruses and vulnerabilities before connecting. Note that some VPN providers are currently offering free (temporary) licenses to employers.
• While many coffee shops and other public locations are currently closed, employees should be reminded that public WiFi is not secure.
• Remember that the ability to access your network remotely relies on your IT staff and proper management of your company network. Make sure your IT department has the resources they need to keep your network running and secured.
• Be vigilant. While a crisis can sometimes bring out the best in people, it can also bring out the worst. Scam artists are already taking advantage of the pandemic and have engaged in phishing attacks related to everything from requests for medical assistance to offering miracle “cures” or “vaccines.” Some may even claim to have extra toilet paper!

To properly address individualized issues that arise, you should contact your Kerr Russell attorney.

Jeffrey A. May practices in the areas of general business law, intellectual property, and litigation with a focus on the increasingly important area of Cybersecurity and Data Privacy Law. He is credentialed as a Certified Information Privacy Professional/United States (CIPP/US). He has prior experience owning and operating a technology-based business. His experience and education allow him to assist clients with a wide range of business issues and litigation matters. Jeffrey helps clients identify and mitigate risks related to data security incidents and breaches. He also helps with information technology policies and practices, and data sharing arrangements with third parties.

Other posts to consider:

• COVID-19: Immigration Impact
• Families First Coronavirus Response Act
• COVID-19 Outbreak Prompts Flexibility In Unemployment Insurance Benefits