Last Updated: November 2020
During summer 2020, 21 privacy leaders from industry, government and academia graciously shared their views on the impact of COVID-19 on privacy priorities, practices and programs. Each participated in a 30-minute interview to inform the IAPP and EY’s joint research project on COVID-19 and privacy. We captured their experiences, challenges and recommendations in this five-part series.
Part 1: Introduction
Part one introduces the 21 leaders who shared their thoughts on the impact of COVID-19 on privacy priorities, practices and programs, and the key takeaways they offered. Their perspectives and priorities reflect their vantage points and the role each plays in shaping and responding to the new reality brought on by the pandemic.
Part 2: Immediate Industry Response
Part two describes industry privacy leaders’ immediate response to the pandemic. As companies sought to operate amid government-mandated quarantines, social-distancing rules and contact-tracing efforts, they introduced new health safety protocols, shifted to remote work, increased virtual engagement, and supported government test and trace efforts. Amid the deluge, privacy leaders said employee health data collection and providing a secure and effective virtual work environment for employees and customers were their top priorities.
Part 3: The New Reality and Strategic Priorities
Part three presents privacy leaders’ views on the new reality brought on by the pandemic and its implications for privacy practices and programs. Across the board, privacy professionals expect that the future will be more virtual, privacy will remain a strategic priority, and as privacy budgets flatten amid increasing demand, companies will automate less-complex data protection tasks.
Part 4: Surveillance and Data Sharing for the Public Good
Part 5: Building Trust through Industry Action, Legislation and Enforcement
This final piece describes privacy leaders’ thoughts on how companies, legislators and regulators can build trust in data protection now and moving forward. Transparency, data ethics, purpose limitations, user-centric design and technical controls can all help, but industry cannot overcome the trust deficit alone. Policymakers and regulators shared their thoughts on the efficacy of current laws and enforcement regimes and the changes needed to protect privacy and combat the current or future pandemics.
- Vivienne Artz, Chief privacy officer, Refinitiv
- Amit Ashkenazi, Head of the Legal Department, Israel National Cyber Directorate
- Andy Bloom, CIPP/E, CIPP/US, CIPM, CIPT, FIP, Vice President and Chief Privacy Officer, McGraw Hill
- Jared Bomberg, Senior Counsel, U.S. Senate Committee on Commerce, Science, and Transportation
- Rohit Chopra, Commissioner, U.S. Federal Trade Commission
- Lorrie Cranor, CIPT, Professor of Computer Science, Engineering & Public Policy and CyLab director, Carnegie Mellon University
- Elizabeth Denham, Commissioner, U.K. Information Commissioner Office
- Patrice Ettinger, CIPP/US, Chief Privacy Officer, Pfizer
- Eric Goldman, Professor of Law, Santa Clara University
- Tony Lam, Deputy Privacy Commissioner for Personal Data, Hong Kong, China
- Peter Lefkowitz, CIPP/US, Chief Privacy and Digital Risk Officer, Citrix
- Caroline Louveaux, CIPP/E, CIPM, Chief Privacy Officer, Mastercard
- Kirk Nahra, CIPP/US, Partner and co-chair of the Privacy and Cybersecurity Practice at WilmerHale, adjunct professor at Washington College of Law
- Timothy Noonan, Deputy Director for Health Information Privacy, Office for Civil Rights, U.S. Department of Health and Human Services
- Noah Phillips, Commissioner, U.S. Federal Trade Commission
- JoAnn Stonier, CIPM, Chief Data Officer, Mastercard
- Scott Taylor, Vice President of Privacy and Global Functions Compliance, Chief Privacy Officer, Merck
- Eduardo Ustaran, CIPP/E, Partner, Hogan Lovells
- Sophie i’nt Veld, European Parliamentarian
- Ruby Zefo, CIPP/US, CIPM, FIP, Chief Privacy Officer, Uber