During summer 2020, 21 privacy leaders from industry, government and academia graciously shared their views on the impact of COVID-19 on privacy priorities, practices and programs. Each participated in a 30-minute interview to inform the IAPP and EY’s joint research project on COVID-19 and privacy. We captured their experiences, challenges and recommendations in this five-part series.
Each of the five white papers in the series will be accessible below upon publication.
• Part 1: Introduction (Published 21 October, 2020)
• Part 2: Immediate Industry Response (Published 27 October, 2020)
• Part 3: The New Reality and Strategic Priorities (Published 4 November, 2020)
• Part 4: Surveillance and Data Sharing for the Public Good (Published 10 November, 2020)
• Part 5: Building Trust through Industry Action, Legislation and Enforcement
(Published 18 November, 2020)
Part one introduces the 21 leaders who shared their thoughts on the impact of COVID-19 on privacy priorities, practices and programs, and the key takeaways they offered. Their perspectives and priorities reflect their vantage points and the role each plays in shaping and responding to the new reality brought on by the pandemic.
Part two describes industry privacy leaders’ immediate response to the pandemic. As companies sought to operate amid government-mandated quarantines, social-distancing rules and contact-tracing efforts, they introduced new health safety protocols, shifted to remote work, increased virtual engagement, and supported government test and trace efforts. Amid the deluge, privacy leaders said employee health data collection and providing a secure and effective virtual work environment for employees and customers were their top priorities.
Part three presents privacy leaders’ views on the new reality brought on by the pandemic and its implications for privacy practices and programs. Across the board, privacy professionals expect that the future will be more virtual, privacy will remain a strategic priority, and as privacy budgets flatten amid increasing demand, companies will automate less-complex data protection tasks.
This final piece describes privacy leaders’ thoughts on how companies, legislators and regulators can build trust in data protection now and moving forward. Transparency, data ethics, purpose limitations, user-centric design and technical controls can all help, but industry cannot overcome the trust deficit alone. Policymakers and regulators shared their thoughts on the efficacy of current laws and enforcement regimes and the changes needed to protect privacy and combat the current or future pandemics.