COVID-19 Guidance and Resources

Image

Below, access a collection of privacy news, resources, guidance and tools covering the COVID-19 global outbreak.

Featured Resources

IAPP Resources for COVID-19

This infographic breaks down the major topics related to COVID-19 and privacy, while helping you locate tools, guidance and information to help you meet these complex challenges.
Read More

Vaccine credential systems: US employer guidance

This article brings US employers up to speed on what it will take to ensure vaccine credential systems comply with federal and state laws while also pointing out the inevitable privacy concerns that may be raised.
Read More

The ‘privacy soup’ of vaccine mandates

This article looks at the privacy conversations taking place around employer-mandated vaccines.
Read More


Latest News and Resources

DPA guidance on COVID-19

The IAPP has rounded up all COVID-19 guidance published by DPAs to date. The guidance linked below provides information and frequently asked questions pertaining to data processing and COVID-19. Read More

Study finds COVID-19 vaccine apps may compromise user privacy

Bleeping Computer reports a review of 40 digital COVID-19 "vaccine passport" applications found approximately two-thirds may be putting users’ privacy at risk. Symantec’s report notes many apps generate unencrypted QR codes, vulnerable transmission of health data from cloud-storage devices and concerns over external storage access permissions on Android devices. The report recommends users avoid unknown vendors and pay attention to an app’s requested permissions. Editor’s note: IAPP Staff Writer... Read More

Pandemic increases online privacy concerns, research shows

Center for Technology Innovation Nonresident Senior Fellow Niam Yaraghi and Center for Technology Innovation Research Assistant Samantha Lai write in a piece for Brookings that research found an increase in online traffic during the COVID-19 pandemic and advances in data analytics have enhanced consumer surveillance. An analysis of the top 1,000 U.S. websites found third-party sharing increased with online use throughout the pandemic. “This significantly elevates privacy concerns about consumer ... Read More

The privacy concerns of finding a COVID-19 proof of vaccination app
(IAPP, November 2021)
Evaluating the trade-off between privacy, public health safety and digital security in a pandemic
(Cambridge University Press, October 2021)
New Android malware pretends to offer COVID-19 info
(IAPP, September 2021)
OAIC, NZ OPC publish COVID-19 privacy guidance
(IAPP, September 2021)
ICO guidance: Collecting customer and visitor details for contact tracing
(UK ICO, August 2021)
Private vaccine passport apps raise data sharing concerns
(IAPP, July 2021)
Why a US privacy law is needed for vaccine passports
(IAPP, June 2021)
Survey: 56% of Americans don’t trust vaccine passports to protect data
(IAPP, June 2021)
Review finds state COVID-19 websites with highest numbers of user trackers
(IAPP, May 2021)
Privacy and the Pandemic — Lessons from Cisco’s Experience and Research
(IAPP, May 2021)
Keynote: ‘The Recovery Phase: The Role of Tech and Impact of COVID-19 on Privacy’
(IAPP, April 2021)
Will contact tracing and vaccine passports be storytelling launchpads? Time will tell
(IAPP, April 2011)
Technology, data, trust play key role in COVID-19 response
(IAPP, April 2021)
Web Conference: The New Normal: Managing Privacy and Contact Tracing in the COVID-19 Era
(IAPP, April 2021)
Web Conference: The World After Pandemic: A Privacy Look Based on Worldwide Legislations
(IAPP, April 2021)
Web Conference: Is Privacy Another Casualty of Coronavirus?
(IAPP, February 2021)
Web Conference: Building Trust — Charting the Path Forward for Privacy in a Post-COVID-19 World
(IAPP, January 2021)
Privacy in the Wake of COVID-19, Part 2
(IAPP, January 2021)
How can homomorphic encryption address privacy in COVID-19 apps?
(IAPP, December 2020)
Privacy Leaders’ Views – The Impact of COVID-19 on Privacy Priorities, Practices and Programs
(IAPP, October 2020)
US Senate hearing covers COVID-19, the need for a federal privacy law and familiar roadblocks
(IAPP, September 2020)
What’s next for data privacy: What the current pandemic has revealed about data privacy
(IAPP, September 2020)
COVID-19, privacy, and school recordings
(IAPP, September 2020)
GPA COVID-19 Response Task Force aims to protect data subjects ‘now more than ever’
(IAPP, August 2020)
The Privacy Advisor Podcast: Are COVID-19 apps doing privacy well?
(IAPP, July 2020)
Google, Apple outline privacy considerations for Exposure Notification System
(IAPP, June 2020)
Defining a ‘new normal’ for data privacy in the wake of COVID-19
(IAPP, June 2020)
Google, Apple outline privacy considerations for Exposure Notification System
(IAPP, June 2020)
GDPR enforcement amid COVID-19: Will DPAs be ‘strong’ enough?
(IAPP, June 2020)
Privacy in pandemic like ‘fixing a plane while flying’
(IAPP, June 2020)
Manual contact tracers and privacy: Building trust is a local effort
(IAPP, June 2020)
Defining a ‘new normal’ for data privacy in the wake of COVID-19
(IAPP, June 2020)
OSHA revises guidance on tracking COVID-19 in the workplace
(IAPP, June 2020)
Vendor seeks to balance workplace safety, employee privacy during COVID-19 pandemic
(IAPP, June 2020)
With COVID-19, privacy is more central than ever before
(IAPP, May 2020)
Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing
(IAPP, May 2020)
Despite economic downturn, privacy jobs seem to be (mostly) safe
(IAPP, May 2020)
White Paper — ‘Privacy Risks to Individuals in the Wake of COVID-19’
(IAPP, May 2020)
Deja vu? The politics of privacy legislation during COVID-19
(IAPP, May 2020)
Privacy questions for COVID-19 testing and health monitoring
(IAPP, May 2020)
Contact tracing apps: Why tech solutionism and privacy by design are not enough
(IAPP, May 2020)
2020 and data protection: Not only COVID-19
(IAPP, May 2020)
Web Conference: Streamlining Challenging Aspects of Consumer Rights Requests during COVID-19
(IAPP, May 2020)
The pandemic and the evolution of health care privacy
(IAPP, May 2020)
Geolocation and other personal data used in the fight against COVID-19
(IAPP, May 2020)
Virtual justice and privacy: What does COVID-19 mean for due process?
(IAPP, May 2020)
Striking the right balance: Government contact tracing powers and the right to privacy
(IAPP, May 2020)
Why it’s important to be mindful of digital footprints during the COVID-19 pandemic
(IAPP, May 2020)
With COVID-19, privacy is more central than ever before
(IAPP, May 2020)
Aggregated data provides a false sense of security
(IAPP, April 2020)
Sharing COVID-19 data with government authorities: Guidance from DPAs
(IAPP, April 2020)
Checklist: Expedited Vendor Privacy and Security Assessment
(IAPP, April 2020)
Web Conference: Saving Direct Marketing in the Post-Pandemic Economic Recovery
(IAPP, April 2020)
The Privacy Advisor Podcast: Should we give up our data to help the herd?
(IAPP, April 2020)
Here are the contact tracing apps being deployed around the world
(IAPP, April 2020)
Aggregated data provides a false sense of security
(IAPP, April 2020)
Centralized vs. decentralized: EU’s contact tracing privacy conundrum
(IAPP, April 2020)
How to employ privacy by design in the fight against COVID-19
(IAPP, April 2020)
How to comply with data localization regulations amid COVID-19’s impact
(IAPP, April 2020)
Shift to online learning ignites student privacy concerns
(IAPP, April 2020)
The privacy issues for EU, UK and US employers during COVID-19
(IAPP, April 2020)
COVtech in India: Privacy considerations amid COVID-19
(IAPP, April 2020)
Infographic: COVID-19 Testing and Health Monitoring
(IAPP, April 2020)
How is COVID-19 affecting privacy programs? A call for research action
(IAPP, April 2020)
LinkedIn Live: Caitlin Fennessy discusses COVID-19 Privacy Challenges
(IAPP, April 2020)
The Privacy Advisor Podcast: What happens to data privacy in a pandemic?
(IAPP, March 2020)
Web Conference: COVID-19 Privacy and Security Issues: An Expert Discussion
(IAPP, March 2020)
Pandemic incites concerns about data-sharing overreach
(IAPP, March 2020)
On balancing personal privacy with public interest
(IAPP, March 2020)
COVID-19 response and data protection law in the EU and US
(IAPP, March 2020)
Request for Assurance from Critical Vendors of Operational Preparedness to Address COVID-19 (Template)
(Troutman Sanders, April 2020)
COVID-19 Planning and Response Guidance for State CIOs
(National Association of State Chief Information Officers, March 2020)
Unintended and Unexpected Consequences from COVID-19 on the US Privacy Job Market
(IAPP, March 2020)
Making COVID-19 Apps Data Protection Compliant
(Hogan Lovells, March 2020)
Privacy & Pandemics: The Role of Mobile Apps
(Future of Privacy Forum, March 2020)
View More Resources

Artificial Intelligence

South Korea pilot program tests AI, facial recognition to track COVID-19

A pilot program is launching in the city of Bucheon, South Korea, using artificial intelligence, facial recognition and surveillance to track COVID-19 cases, Reuters reports. Under the system, AI algorithms and biometric technology will analyze footage compiled by over 10,820 CCTV cameras, tracking a person’s movements, those they came into contact with, and whether they were wearing a mask. Human rights advocates and lawmakers have raised privacy and data collection concerns, questioning whethe... Read More

AI camera detects COVID-19 fever

An Austin, Texas-based company’s artificial intelligence camera can detect those who may have a COVID-19-related fever, Fast Company reports. Athena Security’s camera system uses an AI model to view a subject’s inner eye, which can reflect body temperature. The thermal camera records an image of those with a fever. Athena CEO Lisa Falzone said the technology will be seen more in places like airports and hospitals where access depends on an individual’s temperature.Full Story... Read More

Facial recognition to monitor pedestrians at Texas border crossing

U.S. Customs and Border Protection will begin using biometric facial-comparison technology to monitor pedestrians traveling through the Brownsville, Texas, border crossing, Government Technology reports. The technology will photograph each pedestrian traveler entering the U.S. and compare that image to passport and ID photos stored in government records. Privacy advocates argue the program violates travelers’ privacy rights, adding CBP is not following an opt-out policy for U.S. citizens.Full St... Read More

CCPA and CPRA

California attorney general's office: No delay on CCPA enforcement amid COVID-19

The COVID-19 pandemic has brought many things in life to a screeching halt. For many organizations, the outbreak has meant shuttering, limiting or digitalizing most, if not all, operations. Those types of transitions and subsequent hardships have led some in the privacy space to question whether it's right for California Attorney General Xavier Becerra to go forward with California Consumer Privacy Act enforcement July 1. A coalition of 35 advertising groups sent the attorney general a letter M... Read More

Ad groups call for delay of CCPA enforcement in wake of COVID-19

MediaPost reports the Association of National Advertisers, Interactive Advertising Bureau, American Association of Advertising Agencies and 32 other groups want the California attorney general to delay enforcement of the California Consumer Privacy Act due to the current COVID-19 outbreak. “Now is not the time to threaten business leaders with premature CCPA enforcement lawsuits,” the groups write. Meanwhile, DLA Piper has published its take on the third version of the California Consumer Privac... Read More

Cybersecurity

Phishing scams, spam rise during COVID-19 outbreak

Phishing scams and spam attacks are on the rise during the COVID-19 outbreak, CNBC reports. Thirty-six percent of executives on the CNBC Technology Executive Council said cyberthreats have increased as the majority of their employees work from home. “Businesses should anticipate that bad actors will assume that people aren’t manning the gates, providing them with an opening,” Nationwide Chief Technology Officer Jim Fowler said.Full Story... Read More

Web Conference: COVID-19 Privacy and Security Issues: An Expert Discussion

Original broadcast date: March 31, 2020 Join us for this educational web conference to hear from legal and privacy operations leaders and government officials in the health care and employment field. They’ll discuss with you their best current thinking about these new and emerging challenges and their potential resolutions. Practical considerations will be discussed, as well as open and settled legal questions. Read More

Education and Virtual Learning

COVID-19, privacy, and school recordings

At the beginning of each school year, there are many papers to be signed. I agree I have (1) read the student handbook, (2) health forms, (3) appropriate use of technology at school, (4) photos of my children for promotional purposes, and so on. Then, this year out of the blue, a new consent shows up — a consent to record classes for operational purposes — and if I don’t sign it, it will significantly impact my child’s education. Wait … what?  This doesn’t sound right. What exactly are opera... Read More

Employee Monitoring

Infographic: COVID-19 Testing and Health Monitoring

Published: April 2020Click To View (PDF) The IAPP created an infographic outlining the privacy-related questions surrounding COVID-19 testing and health monitoring. As economies reopen, the scope and scale of health data collection, use and sharing will only increase. Employers and businesses are conducting testing, temperature checks and health screenings. This data collection raises novel privacy issues because of its scale, the non-traditional methods and reasons for its collection, and th... Read More

Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing

The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More

OSHA revises guidance on tracking COVID-19 in the workplace

The U.S. Occupational Safety and Health Administration revised guidelines May 19 that require employers to determine whether employees who have contracted COVID-19 did so in the workplace.  According to OSHA's recordkeeping requirements, employers are required to conduct investigations about the cause of an employee's infection with certain parameters. In the revised guidelines, which went into effect May 26, "employers should be taking action to determine whether employee COVID-19 illnesses ar... Read More

PwC develops facial recognition tool for employee monitoring

Global accounting firm PricewaterhouseCoopers created a facial recognition tool to help financial institutions track employees as they work from home, Personnel Today reports. The software taps into employees' webcams to capture face images and detects when employees are not in front of their screens during work hours. PwC said the technology aims to help traders abide by regulations "in the least intrusive, pragmatic way." Meanwhile, Amazon plans to deploy artificial intelligence tracking syste... Read More

Privacy questions to ask when testing, monitoring for COVID-19

Diagnostic and antibody testing for COVID-19 is increasing significantly as governments and health authorities look for data to inform decisions about how to safely end lockdowns and restart economies. While public health and safety concerns are paramount, there are numerous privacy questions worth asking when testing and health monitoring for COVID-19. IAPP Legal Research Fellow Cathy Cosgrove explores some of those issues and questions in this piece for The Privacy Advisor.Full Story Infograp... Read More

GDPR

GDPR enforcement amid COVID-19: Will DPAs be 'strong' enough?

The COVID-19 pandemic has affected both EU data protection authorities and the organizations they oversee, finding themselves in uncharted territory. DPAs have been left to choose how they'll go about handling their enforcement work in an unparalleled time of hardship and technological uptake for companies — all while the pressure's on for critics who say DPA's enforcement of the EU General Data Protection Regulation has been weak to date. Where DPAs stand on enforcement DPAs from France, Germ... Read More

Is it necessary to suspend GDPR in the fight against COVID-19?

Over the last few months, we have seen organizations impose various obligations on their employees, visitors and customers to combat the spread of COVID-19. The underlying measures first began with completed health questionnaires, moved to requiring temperature checks of people entering buildings, along with the installation of thermal cameras at office entrances, and now there are regular blood tests for employees whose presence is essential for business continuity. How did the Hungarian gover... Read More

Hungary halts some GDPR rights amid COVID-19

Euractiv reports the Hungarian government intends to suspend certain rights and protections provided by the EU General Data Protection Regulation until the COVID-19 outbreak subsides. Under the new measures, citizens will see a pause on their right to data access and erasure, while any legal actions pertaining to alleged GDPR violations will also be delayed. Opposition politician Bernadett Szél plans to challenge the suspension of rights in the Constitutional Court of Hungary, claiming that "res... Read More

Government Data Collection

Australia ends mass data collection through COVIDSafe app

Australia’s Minister for Health and Aged Care decided the country’s COVIDSafe application would no longer be used as of Aug. 16. Under the Privacy Act 1988, the government developed a legal framework for citizens to provide personal data through the app to help authorities “prevent or control” the spread of COVID-19. The National COVIDSafe Data Store administrator is now required to no longer collect data through the app and remove the app from stores for download. All personal data will be dele... Read More

Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing

The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More

Striking the right balance: Government contact tracing powers and the right to privacy

A first-of-its-kind judicial decision sets out the rules for lawful tracking in an epidemic outbreak situation. The Israeli Supreme Court strikes a balance between COVID-19-related contact tracing technology and the right to privacy in a landmark decision about the government’s limits of power and the rights to privacy and dignity. The Israeli government enforces the isolation of confirmed patients and people who came in close contact with them in an effort to contain the spread of the COVID-19... Read More

Sharing COVID-19 data with government authorities: Guidance from DPAs

There are several reasons public health authorities may seek to collect COVID-19 data from private companies, including hospitals and health care providers. One of the top reasons is to track the spread of the virus and monitor the emergence of new clusters of infections so resources can be directed to areas most in need. Another reason is to send information to people who may have come into contact with someone who was diagnosed with or is suspected to have COVID-19. Given this reality, let's ... Read More

A timely resource: Updated guide to US government data sharing

Now, perhaps more than ever before, it is critical to understand how governments around the world protect the personal information they exchange with each other. In their just-released third edition of "The Guide to U.S. Government Practice on Global Sharing of Personal Information," Onfido Director of Privacy Neal Cohen, CIPP/E, CIPP/US, and Northrop Grumman Corporation John Kropf, CIPP/E, CIPP/G, CIPP/US, help us do just that. Cohen and Kropf’s guide walks readers through existing accords tha... Read More

Health Care

Web Conference: The Uncertainty of OSHA & CMS Regulations – What You Need to Know Today

Original broadcast date: 30 November 2021 As OSHA and CMS released their COVID-19 Vaccination regulations for businesses, with it came a great deal of uncertainty. As these regulations are challenged, evolve, and come to fruition, we want to be a source of information for you so that you can understand and comply when the time comes. In this web conference panelists will discuss what they know about the OSHA ETS and CMS regulations and how you can start preparing today. Read More

Private vaccine passport apps raise data sharing concerns

Newsweek reports American Airlines, United and digital health nonprofit The Commons Project Foundation created their own vaccine passport applications. Brookings Institution Nonresident Senior Fellow John B. Morris Jr. expressed concern over the sharing of health information and increased cybersecurity risk to personal healthcare data being stored. It is “critical” for private entities offering such applications to ensure “that it’s not marketing the data for other purposes, and that the only pu... Read More

Survey: 56% of Americans don't trust vaccine passports to protect data

A survey conducted by Help Net Security gauged Americans' attitude toward the security measures implemented by vaccine passports. Of the 3,000 Americans polled, 56% said they do not trust vaccine passports to keep their data secure. The study also found 58.5% of respondents said vaccine passports should not be required to attend sporting events, schools or other areas and events. Editor’s note: IAPP Staff Writer Jennifer Bryant reported for The Privacy Advisor on the privacy considerations surro... Read More

HHS News & Guidance

HHS: Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency

This notification, published by the U.S. Department of Health & Human Services, announces that the Office for Civil Rights (OCR) will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency, effective immediately. Read More

HHS relaxes privacy requirements for COVID-19 community testing sites

The U.S. Department of Health and Human Services is relaxing the Health Insurance Portability and Accountability Act privacy and security requirements for COVID-19 community-based testing sites to make it easier to collect patient data, Nextgov reports. The HHS Office for Civil Rights said in a notice other health care providers still have to fully comply with HIPAA. Meanwhile, the Hamburg Commissioner for Data Protection and Freedom of Information published guidance on data processing during th... Read More

HHS notice on telehealth penalties raises privacy concerns

The U.S. government just eased the path for doctors and nurses to do video chats with patients by lifting privacy and security compliance penalties and enforcement action against health care providers. The Office for Civil Rights at the U.S Department of Health and Human Services Tuesday said it will allow health care providers to use technology, such as Apple FaceTime, Facebook Messenger video chat or other video platforms, to communicate with patients. But, while federal response to the COVID... Read More

Legal requirements

COVID-19 response and data protection law in the EU and US

Managing the COVID-19 outbreak and stopping its spread is now a global challenge. In addition to the significant health and medical responses underway around the world, governments and public health officials are focused on how to monitor, understand and prevent the spread of the virus. Data protection and privacy laws, including the EU General Data Protection Regulation and various U.S. laws, are informing these responses. One major response to limiting the spread of infection is contact traci... Read More

Legislation

US lawmakers propose bipartisan contact tracing bill

U.S. Senate lawmakers proposed a bipartisan bill to regulate contact tracing apps, The Washington Post reports. The Exposure Notification Privacy Act would ensure those who do not want to use the apps are not tracked and prohibit any data that is collected by the apps to be used for commercial purposes. “The important thing we wanted to get done, as people started to look at this, is make sure the privacy protections are in place,” said Sen. Maria Cantwell, D-Wash.Full Story... Read More

Deja vu? The politics of privacy legislation during COVID-19

While the COVID-19 outbreak has brought about numerous changes to our daily lives, it has not brought U.S. Congress any closer to bridging the partisan divide over the shape and scope of federal privacy legislation. Although both Democrats and Republicans in Congress have introduced privacy legislation related to the ongoing COVID-19 pandemic in recent weeks, lawmakers from either side of the aisle remain at odds over at least two key provisions: a private right of action and preemption of state... Read More

Location Privacy and Contact Tracing

Will contact tracing and vaccine passports be storytelling launchpads? Time will tell

I recently received my second COVID-19 vaccination in an abandoned Sears building attached to a local mall. After the jab, I sat in a chair for the allotted 15 minutes they want you to in case the 5G signals aren't kicking in. To pass the time, I listened to the second half of David Bowie's "Low," which has some of my all-time favorite instrumental tracks. When I left, a wave of different feelings gradually hit me over the next couple of days. First came the feeling of relief. The whole process... Read More

A Closer Look at Location Data: Privacy and Pandemics
(Future of Privacy Forum, December 2020)
Colleges, employers using wearable tracking technology to fight COVID-19
(IAPP, November 2020)
Trackers detected on European Parliament’s COVID-19 test webpage
(IAPP, October 2020)
Scotland launches contact-tracing app
(IAPP, September 2020)
Manual contact tracers and privacy: Building trust is a local effort
(IAPP, June 2020)
Illusions of consent and COVID-19-tracking apps
(IAPP, May 2020)
Protecting privacy on COVID-19 surveillance apps
(IAPP, May 2020)
CDT Report: Use of Aggregated Location Information and COVID-19
(Center for Democracy and Technology, March 2020)
Telecommunications data and COVID-19: A primer
(Privacy International, March 2020)
Privacy considerations when contact tracing
(Simply Privacy, March 2020)
Contact tracing apps: Why tech solutionism and privacy by design are not enough
(IAPP, May 2020)
Geolocation and other personal data used in the fight against COVID-19
(IAPP, May 2020)
Here are the contact tracing apps being deployed around the world
(IAPP, April 2020)
Centralized vs. decentralized: EU’s contact tracing privacy conundrum
(IAPP, April 2020)
Google, Apple prepping release of COVID-19 contact tracing app
(IAPP, April 2020)
French government asks Apple to remove tech limitations for its COVID-19 app
(IAPP, April 2020)
White House task force seeks national COVID-19 surveillance system
(IAPP, April 2020)
Facebook launches COVID-19 tracking map for US counties
(IAPP, April 2020)
Apple, Google debut COVID-19 contact tracing technology
(IAPP, April 2020)
ICO lists privacy considerations for COVID-19 tracking tech
(IAPP, April 2020)
Federal, provincial officials consider COVID-19 contract tracing methods
(IAPP, April 2020)
Senate holds ‘paper hearing’ on tracking consumers to fight pandemic
(IAPP, April 2020)
Privacy advocates emphasize safeguards in potential COVID-19 tracking
(IAPP, March 2020)
Privacy concerns stirred over potential COVID-19 tracking
(IAPP, March 2020)
Trudeau: Canada will not use location data to track COVID-19 for now
(IAPP, March 2020)
US government exploring location data tracking for COVID-19
(IAPP, March 2020)
German, Austrian telecoms disclose location data for COVID-19 tracking
(IAPP, March 2020)
Israel plans COVID-19 tracking through phone data
(IAPP, March 2020)
View More Resources

Personal Data Protection

PCPD – Security Measures of Restaurants Collecting Customer Information during COVID-19

Hong Kong's Privacy Commission for Personal Data published an investigation report on its findings related to complaints against 14 restaurants over their mandated COVID-19 contact-tracing data collection and storage. The PCPD found the restaurants were compliant with data retention rules as outlined in both the Personal Data (Privacy) Ordinance and Hong Kong's Restaurant Entry Requirement. However, 11 restaurants were in violation of the ordinance's rules on data security related to collection ... Read More

Google and Apple’s joint COVID-19 Exposure Notifications System shows privacy is important to consumers and marketers

Over the past few months, millions received the option to receive "Exposure Notifications " through Apple or Google. The technology took off: millions of individuals downloaded applications or opted-in to exposure notifications. The Bluetooth Low Energy technology that powers the system, the privacy-by-design of the system and the increase in privacy-centric marketing demonstrate how the COVID-19 pandemic has increased awareness of potential privacy harms while providing a roadmap for the rollou... Read More

2020 and data protection: Not only COVID-19

It is only May, but 2020 is already shaping up to be a crucial year for data protection. At least in Europe where the data protection authorities’ enforcement engine is starting to warm up. In Italy, for example, the Italian DPA, the Garante, started the year by handing down some very important fines. Beginning with provisions no. 231 and no. 232 issued Dec. 11, 2019, and published Jan. 17, 2020, against one of the global leading oil companies and with provision no. 7 issued Jan. 15, 2020, again... Read More

How function creep may cripple app-based contact tracing

The U.S. is in the throes of a pandemic caused by the SARS-CoV-2 virus, COVID-19. Realizing that long-term lockdowns are not sustainable, governments are seeking alternative methods of controlling the pandemic. “Testing and tracing” has been touted as a way to reopen economies with the pandemic still raging. While testing has its own set of privacy challenges, the methods discussed to accomplish contact tracing are rife with problems. In simple terms, contact tracing involves determining who ha... Read More

Privacy Programs

ICO publishes data protection steps for businesses as COVID-19 measures ease

The U.K. Information Commissioner's Office has published six data protection steps businesses can follow as lockdown measures begin to ease during the COVID-19 pandemic. The ICO recommends businesses only collect information as needed, to be transparent about what data they gather from staff and to keep all data secure. The agency also answers questions on its pandemic regulatory approach and COVID-19 testing.Full Story... Read More

How to employ privacy by design in the fight against COVID-19

As COVID-19 is rapidly spreading around the world, public health authorities are eagerly searching for effective measures to flatten the curve and decrease the rate of contamination. Among others, many governments are using or considering using surveillance technology to track the movements of people infected by COVID-19 and notify those who may have been exposed to the virus. Naturally, the use of such measures on a wide scale raises serious privacy concerns. In Israel, for example, there is a ... Read More

Regional

DPA guidance on COVID-19

The IAPP has rounded up all COVID-19 guidance published by DPAs to date. The guidance linked below provides information and frequently asked questions pertaining to data processing and COVID-19. Read More

Australia ends mass data collection through COVIDSafe app

Australia’s Minister for Health and Aged Care decided the country’s COVIDSafe application would no longer be used as of Aug. 16. Under the Privacy Act 1988, the government developed a legal framework for citizens to provide personal data through the app to help authorities “prevent or control” the spread of COVID-19. The National COVIDSafe Data Store administrator is now required to no longer collect data through the app and remove the app from stores for download. All personal data will be dele... Read More

Workplace Privacy & Remote Workforce

The IAPP Resource Center also includes a “Workplace Privacy” topic page, which can be accessed here.

Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing

The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More

Web Conference: The New Normal: Navigating Work-from-Home Privacy and Cybersecurity Risks

Original broadcast date: May 8, 2020  Join us to gain insight into how some large multinational organizations are handling this challenging new employer/employee environment. Real-world situations will be discussed through hypothetical scenarios, challenges and priorities drawn out by experienced privacy leaders from organizations operating globally, and practical takeaways will be shared. Read More

CNIL publishes guidance on collecting employee data during COVID-19

France's data protection authority, the Commission nationale de l'informatique et des libertés, published guidance on the principles employers should follow when potentially collecting employee data to monitor COVID-19 symptoms or for contact-tracing purposes. The CNIL recapped the processing of health data under the EU General Data Protection Regulation and offered updates on certain practices, such as monitoring employees' temperatures as they enter the building and carrying out surveys to gau... Read More