COVID-19 Guidance and Resources
Below, access a collection of privacy news, resources, guidance and tools covering the COVID-19 global outbreak.
General News & Resources
Privacy in the Wake of COVID-19, Part 2: Privacy Challenges as the Pandemic Continues
The findings presented in this report are the result of a collaborative research project between the IAPP and EY studying the effects of the COVID-19 pandemic on privacy teams around the world. Read More
Privacy Leaders’ Views — The Impact of COVID-19 on Privacy Priorities, Practices and Programs
During summer 2020, 21 privacy leaders from industry, government and academia graciously shared their views on the impact of COVID-19 on privacy priorities, practices and programs. We captured their experiences, challenges and recommendations in this five-part series. Read More
The latest COVID-19 privacy updates from EU, Israel
Politico reports privacy advocates have come out against discussions in the EU regarding COVID-19 immunity passports. Greek Prime Minister Kyriakos Mitsotakis has formally pitched passports to the European Commission as a means to restore normalcy across the bloc. Israeli Prime Minister Benjamin Netanyahu revealed the Ministry of Health will share data on COVID-19 vaccinations with Pfizer as part of a vaccine distribution agreement, Haaretz reports. "The data is shared with the public on a d... Read More
How can homomorphic encryption address privacy in COVID-19 apps?
The avalanche of COVID-19 applications developed to manage the pandemic has caused debates over the balance of public interest and the basic human right to privacy. COVID-19 apps, such as digital contact-tracing apps and statistical data analysis tools that help identify patterns that could lead to cures or prevention measures, have understandably led to the mixed emotion of excitement and concern. There is an excitement that experts could process the data to identify ways to curb the virus and ... Read More
US Senate hearing covers COVID-19, the need for a federal privacy law and familiar roadblocks
The U.S. Senate Committee on Commerce, Science and Transportation held a hearing last December on what Congress should consider when crafting a federal privacy law. Nearly a year later, another hearing was held to revisit the topic, but in a world wholly unrecognizable from when the committee adjourned last year. It's an understatement to say the COVID-19 pandemic dramatically altered life as we knew before. Countless people are working from home, students have shifted to remote learning, and t... Read More
Artificial Intelligence
Navigating Artificial Intelligence and Consumer Protection laws in wake of the COVID-19 pandemic
This document, published by Holland & Knight, provides analysis on navigating artificial intelligence and consumer protection laws during the COVID-19 pandemic, as the U.S. Federal Trade Commission recently issued a statement on using AI and algorithms. Read More
AI camera detects COVID-19 fever
An Austin, Texas-based company’s artificial intelligence camera can detect those who may have a COVID-19-related fever, Fast Company reports. Athena Security’s camera system uses an AI model to view a subject’s inner eye, which can reflect body temperature. The thermal camera records an image of those with a fever. Athena CEO Lisa Falzone said the technology will be seen more in places like airports and hospitals where access depends on an individual’s temperature.Full Story... Read More
Facial recognition to monitor pedestrians at Texas border crossing
U.S. Customs and Border Protection will begin using biometric facial-comparison technology to monitor pedestrians traveling through the Brownsville, Texas, border crossing, Government Technology reports. The technology will photograph each pedestrian traveler entering the U.S. and compare that image to passport and ID photos stored in government records. Privacy advocates argue the program violates travelers’ privacy rights, adding CBP is not following an opt-out policy for U.S. citizens.Full St... Read More
CCPA
California attorney general's office: No delay on CCPA enforcement amid COVID-19
The COVID-19 pandemic has brought many things in life to a screeching halt. For many organizations, the outbreak has meant shuttering, limiting or digitalizing most, if not all, operations. Those types of transitions and subsequent hardships have led some in the privacy space to question whether it's right for California Attorney General Xavier Becerra to go forward with California Consumer Privacy Act enforcement July 1. A coalition of 35 advertising groups sent the attorney general a letter M... Read More
Ad groups call for delay of CCPA enforcement in wake of COVID-19
MediaPost reports the Association of National Advertisers, Interactive Advertising Bureau, American Association of Advertising Agencies and 32 other groups want the California attorney general to delay enforcement of the California Consumer Privacy Act due to the current COVID-19 outbreak. “Now is not the time to threaten business leaders with premature CCPA enforcement lawsuits,” the groups write. Meanwhile, DLA Piper has published its take on the third version of the California Consumer Privac... Read More
Fulfilling CCPA Training Obligations in the Face of COVID-19
This article from Sheppard Mullin gives advice to organizations on how to fulfill their California Consumer Privacy Act training obligations while moving away from in-person sessions to virtual training amid COVID-19 precautions. Read More
Cybersecurity
Cybersecurity Leadership Principles: Lessons learned during the COVID-19 pandemic to prepare for the new normal
This report, published by the World Economic Forum, outlines the key cybersecurity principles that the COVID-19 pandemic has taught organizations to prepare for the "new normal" of privacy operations. Read More
COVID-19 Exit Strategy: A Global Privacy and Cybersecurity Guide
As part of its "Privacy 2040" initiative, Hogan Lovells published a guide on balancing privacy and security with public health efforts as exit strategies are developed for the COVID-19 pandemic. Read More
COVID-19 Data Privacy & Security Survey
This guide from Baker McKenzie is designed to assist employers' assessments of certain data processing they may consider in light of COVID-19 and whether they are compliant with data privacy regulation. Read More
COVID-19 and Cybersecurity Scam Alert: Protecting Your Information and Assets
This article from Bennet Jones gives consumers tips on how to protect their information during the increase in scams. It lists common scams related to COVID-19 and offers practical advice on how to protect themselves. Read More
Work From Home Cybersecurity Basics: Sharing Devices With Family
This article from Bryan Cave Leighton Paisner addresses data privacy and security issues in a work-from-home environment specifically within the United States. Read More
Education and Virtual Learning
COVID-19, privacy, and school recordings
At the beginning of each school year, there are many papers to be signed. I agree I have (1) read the student handbook, (2) health forms, (3) appropriate use of technology at school, (4) photos of my children for promotional purposes, and so on. Then, this year out of the blue, a new consent shows up — a consent to record classes for operational purposes — and if I don’t sign it, it will significantly impact my child’s education. Wait … what? This doesn’t sound right. What exactly are opera... Read More
The Privacy Advisor Podcast: How do we protect kids' privacy during a COVID-dominated school year?
Experts discuss how we can protect children's privacy during the COVID-19 epidemic and as they head back to school. Read More
FIPPA and online learning during the COVID-19 pandemic
This document, published by the Office of the Information and Privacy Commissioner for British Colombia, provides guidance for educators in choosing online learning tools in compliance with British Colombia's Freedom of Information on Protection of Privacy Act. Read More
An open letter to policymakers, data protection authorities, and providers worldwide, regarding rapid technology adoption for educational aims
Privacy International published this open letter regarding the risks of rushed technology adoption for educational purposes, with an estimated 90% of the global student population being affected by COVID-19. Read More
Homeschooling and COVID-19: Parents as Chief Information and Privacy Officers
This article from the Center for Democracy & Technology offers guidance for parents navigating the various education technology applications available for homeschooling their children during COVID-19. Read More
![]() |
FTC: COPPA Guidance for Ed Tech Companies and Schools during the Coronavirus (FTC, February 2020) |
![]() |
Shift to online learning ignites student privacy concerns (IAPP, April 2020) |
![]() |
Warren, Markey question Zoom over student data protection (IAPP, April 2020) |
![]() |
Op-ed: Student privacy at risk with e-learning shift (IAPP, March 2020) |
![]() |
US Dept. of Education on FERPA procedures amidst crisis (IAPP, March 2020) |
![]() |
Student Privacy during the COVID-19 Pandemic (The School Superintendents Association and the Future of Privacy Forum, March 2020) |
Employee Health Monitoring
Infographic: COVID-19 Testing and Health Monitoring
The IAPP created an infographic outlining the privacy-related questions surrounding COVID-19 testing and health monitoring. As economies reopen, the scope and scale of health data collection, use and sharing will only increase. Employers and businesses are conducting testing, temperature checks and health screenings. This data collection raises novel privacy issues because of its scale, the non-traditional methods and reasons for its collection, and the benefits and risks to sharing the data w... Read More
Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing
The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More
OSHA revises guidance on tracking COVID-19 in the workplace
The U.S. Occupational Safety and Health Administration revised guidelines May 19 that require employers to determine whether employees who have contracted COVID-19 did so in the workplace. According to OSHA's recordkeeping requirements, employers are required to conduct investigations about the cause of an employee's infection with certain parameters. In the revised guidelines, which went into effect May 26, "employers should be taking action to determine whether employee COVID-19 illnesses ar... Read More
PwC develops facial recognition tool for employee monitoring
Global accounting firm PricewaterhouseCoopers created a facial recognition tool to help financial institutions track employees as they work from home, Personnel Today reports. The software taps into employees' webcams to capture face images and detects when employees are not in front of their screens during work hours. PwC said the technology aims to help traders abide by regulations "in the least intrusive, pragmatic way." Meanwhile, Amazon plans to deploy artificial intelligence tracking syste... Read More
Privacy questions to ask when testing, monitoring for COVID-19
Diagnostic and antibody testing for COVID-19 is increasing significantly as governments and health authorities look for data to inform decisions about how to safely end lockdowns and restart economies. While public health and safety concerns are paramount, there are numerous privacy questions worth asking when testing and health monitoring for COVID-19. IAPP Legal Research Fellow Cathy Cosgrove explores some of those issues and questions in this piece for The Privacy Advisor.Full Story Infograp... Read More
![]() |
Employee COVID-19 screening technologies draw privacy concerns (IAPP, May 2020) |
![]() |
The Next Normal: Returning to Work – Privacy and Data Security Implications of Employee Screening (Littler, March 2020) |
![]() |
The risks of online employee monitoring during the COVID-19 crisis (Bennett Jones, March 2020) |
![]() |
Privacy Considerations when COVID-19 Screening (Bennet Jones, March 2020) |
![]() |
The privacy issues for EU, UK and US employers during COVID-19 (IAPP, April 2020) |
![]() |
Maintaining Employees’ Privacy During a Public Health Crisis (National Law Review, April 2020) |
![]() |
Confidentiality and COVID-19: Balancing Privacy and Protection (Zenefits, April 2020) |
![]() |
Pandemic incites concerns about data-sharing overreach (IAPP, March 2020) |
![]() |
Notice to Employers: Remember Privacy Basics When Addressing COVID-19 (Troutman Sanders, March 2020) |
GDPR
Is it necessary to suspend GDPR in the fight against COVID-19?
Over the last few months, we have seen organizations impose various obligations on their employees, visitors and customers to combat the spread of COVID-19. The underlying measures first began with completed health questionnaires, moved to requiring temperature checks of people entering buildings, along with the installation of thermal cameras at office entrances, and now there are regular blood tests for employees whose presence is essential for business continuity. How did the Hungarian gover... Read More
Coronavirus and the GDPR — Keep calm and carry on?
This article from Fieldfisher gives guidance on how to remain compliant with the EU General Data Protection Regulation while also handling data during the COVID-19 pandemic. Read More
Hungary halts some GDPR rights amid COVID-19
Euractiv reports the Hungarian government intends to suspend certain rights and protections provided by the EU General Data Protection Regulation until the COVID-19 outbreak subsides. Under the new measures, citizens will see a pause on their right to data access and erasure, while any legal actions pertaining to alleged GDPR violations will also be delayed. Opposition politician Bernadett Szél plans to challenge the suspension of rights in the Constitutional Court of Hungary, claiming that "res... Read More
Government Data Collection
Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing
The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More
Striking the right balance: Government contact tracing powers and the right to privacy
A first-of-its-kind judicial decision sets out the rules for lawful tracking in an epidemic outbreak situation. The Israeli Supreme Court strikes a balance between COVID-19-related contact tracing technology and the right to privacy in a landmark decision about the government’s limits of power and the rights to privacy and dignity. The Israeli government enforces the isolation of confirmed patients and people who came in close contact with them in an effort to contain the spread of the COVID-19... Read More
Sharing COVID-19 data with government authorities: Guidance from DPAs
There are several reasons public health authorities may seek to collect COVID-19 data from private companies, including hospitals and health care providers. One of the top reasons is to track the spread of the virus and monitor the emergence of new clusters of infections so resources can be directed to areas most in need. Another reason is to send information to people who may have come into contact with someone who was diagnosed with or is suspected to have COVID-19. Given this reality, let's ... Read More
A timely resource: Updated guide to US government data sharing
Now, perhaps more than ever before, it is critical to understand how governments around the world protect the personal information they exchange with each other. In their just-released third edition of "The Guide to U.S. Government Practice on Global Sharing of Personal Information," Onfido Director of Privacy Neal Cohen, CIPP/E, CIPP/US, and Northrop Grumman Corporation John Kropf, CIPP/E, CIPP/G, CIPP/US, help us do just that. Cohen and Kropf’s guide walks readers through existing accords tha... Read More
Fauci: US may consider COVID-19 immunity certificates
National Institute of Allergy and Infectious Diseases Director Anthony Fauci said the U.S. government may consider issuing certificates to those who are immune to COVID-19, Politico reports. Fauci added the proposal would depend on the deployment of antibody tests. “It’s one of those things that we talk about when we want to make sure that we know who the vulnerable people are and not,” Fauci said. “This is something that’s being discussed. I think it might actually have some merit, under certai... Read More
![]() |
How lessons around privacy and security following the Sept. 11 attacks may inform the response to COVID-19 (Lawfare, April 2020) |
![]() |
On balancing personal privacy with public interest (IAPP, March 2020) |
![]() |
The Privacy Advisor Podcast: Should we give up our data to help the herd? (IAPP, April 2020) |
Health Care
Secure health care messaging in the era of COVID-19
Business and health care data are the new “honeypot,” an attractive and lucrative source of revenue to the modern hacker. A report from IBM in July 2020 reported that the average cost of a health care breach was $7.13 million per breach, noting “compromised employee accounts were the most expensive root cause, and that 80% of these incidents resulted in the exposure of customers' personally identifiable information.” The COVID-19 pandemic has exposed how unprepared many health care providers w... Read More
Health policy professionals expect HIPAA changes post-COVID-19
The Wall Street Journal reports on potential efforts to amend or replace the Health Insurance Portability and Accountability Act in the wake of COVID-19-related health privacy dilemmas. Health policy professionals expect questions around HIPAA's scope and coverage to be more frequent, which will lead to a legislative remedy from U.S. Congress. HIPAA "worked fairly well" when it was written, said Gonzaga University Assistant Professor of Law Mason Marks. "But today, in the Information Age, we nee... Read More
FBI investigating breach of COVID-19 patients’ data
A data breach that may have compromised the identity of people diagnosed with COVID-19 in South Dakota is under investigation by the U.S. Federal Bureau of Investigation, the Star Tribune reports. In a letter to those who may have been affected, South Dakota Fusion Center Director Paul Niedringhaus said the center built an online portal using Netsential.com, which added labels to files that may have allowed a third party to identify patients. People’s names, addresses and virus status may have b... Read More
Linking COVID-19 vaccinations, biometric identifiers could lead to privacy issues
Bloomberg reports on the privacy implications of linking biometric information to a COVID-19 vaccination. In order to track who has received the vaccine, a program could be set up to link a biometric identifier to their health record, which can be used to prove they have been inoculated. European Digital Rights Policy and Campaigns Adviser Ella Jakubowska said if such initiatives were to be rushed out, privacy measures could be left by the wayside and the information could be used for mass surve... Read More
The pandemic and the evolution of health care privacy
When I teach privacy law, I try to make the issues real for the students. It often isn’t that hard — privacy issues remain in the news almost every day. The evolution of the pandemic has made more of these issues real and is leading to a series of critical questions for the future of health care privacy. These issues are not new, but the focus of the attention on pandemic issues has made the need for discussion and resolution of these issues even more critical. We are seeing four distinct categ... Read More
HHS News & Guidance
HHS relaxes privacy requirements for COVID-19 community testing sites
The U.S. Department of Health and Human Services is relaxing the Health Insurance Portability and Accountability Act privacy and security requirements for COVID-19 community-based testing sites to make it easier to collect patient data, Nextgov reports. The HHS Office for Civil Rights said in a notice other health care providers still have to fully comply with HIPAA. Meanwhile, the Hamburg Commissioner for Data Protection and Freedom of Information published guidance on data processing during th... Read More
HHS Guidance: HIPAA, Civil Rights, and COVID-19
The U.S. Department of Health & Human Services Office for Civil Rights (OCR) published this guidance page providing announcements, guidance, notifications and bulletins on civil rights laws and the HIPAA Privacy Rule during the COVID-19 outbreak. Read More
HHS notice on telehealth penalties raises privacy concerns
The U.S. government just eased the path for doctors and nurses to do video chats with patients by lifting privacy and security compliance penalties and enforcement action against health care providers. The Office for Civil Rights at the U.S Department of Health and Human Services Tuesday said it will allow health care providers to use technology, such as Apple FaceTime, Facebook Messenger video chat or other video platforms, to communicate with patients. But, while federal response to the COVID... Read More
HHS announces HIPAA penalties waiver amidst COVID-19
The U.S. Department of Health and Human Services has issued a limited waiver protecting health care providers from Health Insurance Portability and Accountability Act penalties during the COVID-19 outbreak. The waiver absolves providers of certain HIPAA responsibilities, including being required to honor facility directory opt-outs and issue privacy notices. Patient rights to request confidential communications and privacy restrictions have also been temporarily revoked under the waiver.Full Sto... Read More
HHS: FAQs on Telehealth and HIPAA during the COVID-19 nationwide public health emergency
This guidance document, published by the U.S. Department of Health and Human Services, provides a list of frequently asked questions and answers regarding Telehealth, HIPAA and the COVID-19 pandemic. Click To View (PDF)... Read More
HHS: Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency
This notification, published by the U.S. Department of Health & Human Services, announces that the Office for Civil Rights (OCR) will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency, effective immediately. Read More
Cookie Guidance from Greece
On 25 February 2020, the Hellenic Data Protection Authority published guidance on the use of cookies (and similar technologies). The guidance reiterates the rules around consent and provides examples of cookies which fall into the consent exemptions. Read More
International
DPA guidance on COVID-19
The IAPP has rounded up all COVID-19 guidance published by DPAs to date. The guidance linked below provides information and frequently asked questions pertaining to data processing and COVID-19. Read More
COVID-19 app launches in England, Wales
The U.K. National Health Service COVID-19 smartphone application launched in England and Wales, allowing users to trace contacts, assess risk level and record visits to establishments, Reuters reports. The app launched four months after the government said it would arrive. Health Secretary Matt Hancock said the app involved extensive work with technology companies, privacy experts and others, noting it is “secure” and “simple to use.” Meanwhile, in the U.S., the Pennsylvania Department of Health... Read More
Observatory in Spain processing data to manage COVID-19
In the Spanish region of Catalonia, the government created a public-private health observatory where epidemiological, mobile and environmental data is processed to manage COVID-19, ZDNet reports. The data is anonymized and gathered from public databases and mobile operators. Those involved said the tools developed by the observatory can be used by epidemiologists in pandemic response. “We need models on how epidemics evolve, and data is crucial in adjusting these models,” Computer Science Profes... Read More
Dutch DPA calls for law to regulate use of COVID-19 app
The Dutch data protection authority, Autoriteit Persoonsgegevens, says COVID-19 app CoronaMelder insufficiently guarantees user privacy, and a law should be introduced to properly regulate its use. The AP, which raised concerns about the app's software following the Google Apple Exposure Notification framework, advised the government not to use the app until concerns are addressed. It says a law should authorize the Minister of Health, Welfare and Sport to process data and should also contain pr... Read More
COVID-19, Privacy and Data Protection in Nigeria: Matters Arising
This article, published by the African Academic Network on Internet Policy, provides an overview of the impact COVID-19 has had on the state of privacy and data protection in Nigeria. Read More
Legal requirements
COVID-19 response and data protection law in the EU and US
Managing the COVID-19 outbreak and stopping its spread is now a global challenge. In addition to the significant health and medical responses underway around the world, governments and public health officials are focused on how to monitor, understand and prevent the spread of the virus. Data protection and privacy laws, including the EU General Data Protection Regulation and various U.S. laws, are informing these responses. One major response to limiting the spread of infection is contact traci... Read More
Keeping Your Privacy Compliant Efforts Moving Forward in the Face of COVID-19
This article from Sheppard Mullin gives companies advice on how to navigate privacy compliance obligations during COVID-19. Read More
Fulfilling CCPA Training Obligations in the Face of COVID-19
This article from Sheppard Mullin gives advice to organizations on how to fulfill their California Consumer Privacy Act training obligations while moving away from in-person sessions to virtual training amid COVID-19 precautions. Read More
Legislation
US lawmakers propose bipartisan contact tracing bill
U.S. Senate lawmakers proposed a bipartisan bill to regulate contact tracing apps, The Washington Post reports. The Exposure Notification Privacy Act would ensure those who do not want to use the apps are not tracked and prohibit any data that is collected by the apps to be used for commercial purposes. “The important thing we wanted to get done, as people started to look at this, is make sure the privacy protections are in place,” said Sen. Maria Cantwell, D-Wash.Full Story... Read More
Deja vu? The politics of privacy legislation during COVID-19
While the COVID-19 outbreak has brought about numerous changes to our daily lives, it has not brought U.S. Congress any closer to bridging the partisan divide over the shape and scope of federal privacy legislation. Although both Democrats and Republicans in Congress have introduced privacy legislation related to the ongoing COVID-19 pandemic in recent weeks, lawmakers from either side of the aisle remain at odds over at least two key provisions: a private right of action and preemption of state... Read More
Public Health Emergency Privacy Act
After Senate Republicans proposed the COVID-19 Consumer Data Protection Act April 30, Democrats from the Senate and House of Representatives offered their response Thursday, May 14, with the introduction of the Public Health Emergency Privacy Act. The Democrats' bill aims to provide safeguards for health data during the pandemic and regulate the use of that data with contact tracing technologies. Read More
COVID-19 Consumer Data Protection Act
The “COVID-19 Consumer Data Protection Act,” which contains protections for personal information, was announced April 30, and will be introduced by Sen. Roger Wicker, R-Miss. Read More
Location Tracking
Trackers detected on European Parliament's COVID-19 test webpage
Euractiv reports the European Parliament found its COVID-19 test management website, EcoCare, is cluttered with user-tracking requests, including some coming from U.S.-based organizations. Google and financial services platform Stripe are among the third-party companies requesting transfers of Parliament staff members' information uploaded to the site. Member of Parliament Alexandra Geese has filed a complaint to the European Data Protection Supervisor over the matter.Full Story... Read More
Manual contact tracers and privacy: Building trust is a local effort
As states ramp up manual COVID-19 contact tracing across the United States, a rapidly growing corps of citizen data collectors are discovering why data privacy rules matter. More than 100,000 contact tracers could be needed in the U.S. alone, according to guidance from the Centers for Disease Control and Prevention and a national contact-tracing plan developed by John Hopkins University and the Association of State and Territorial Health Officials. These tens of thousands of new data collectors ... Read More
Scotland launches contact-tracing app
Scotland launched a nationwide COVID-19 contact-tracing application called Protect Scotland, ZDNet reports. The app, which runs in a phone’s background, uses Bluetooth signals to identify smartphone users who were in close contact with someone who tested positive for the virus and may be at risk of contracting it. Officials said the app cannot be used to track a user’s location or reveal identities of close contacts of those who test positive.Full Story... Read More
Illusions of consent and COVID-19-tracking apps
COVID-19-tracking apps help identify parties with whom a COVID-19-infected person had contact. The apps do so by drawing on information about the location of a person’s mobile phone and its proximity to other devices. Experts, including the Bloomberg School of Public Health at John Hopkins University, view this technology as a necessary boost to manual contact tracing by public health officials. Countries are currently split into those where the government requires the use of these apps and tho... Read More
Protecting privacy on COVID-19 surveillance apps
Right now, there are signs that the curve of new COVID-19 cases in the United States is reaching a plateau, if not yet declining. We also have at least rough agreement among public health experts about the nation’s necessary next steps. The need is for a dramatic expansion of testing, a ramping up of the ranks of public health workers to trace contacts, and interoperable digital platforms that permit real-time analysis of COVID-19 outbreaks. As part of this effort, there is a frequently envisio... Read More
Personal Data Protection
White Paper — 'Privacy Risks to Individuals in the Wake of COVID-19'
Privacy risks to individuals tend to be neglected due to the emphasis placed on privacy risks to organizations. Considering privacy risks to individuals, however, is critical to effective privacy risk management. Read More
Privacy concerns raised over police access to COVID-19 database
The Windsor Police Service’s access to the provincial COVID-19 database is raising privacy concerns, CBC News reports. Police searched the database 1,841 times from April 17 to July 20 to communicate COVID-19 status information to first responders. The Canadian Civil Liberties Association released a list of Ontario agencies that used the database, which includes names, addresses and birthdates of those who tested positive for the virus, calling it “alarming.” Windsor Police ranked 10th on that l... Read More
2020 and data protection: Not only COVID-19
It is only May, but 2020 is already shaping up to be a crucial year for data protection. At least in Europe where the data protection authorities’ enforcement engine is starting to warm up. In Italy, for example, the Italian DPA, the Garante, started the year by handing down some very important fines. Beginning with provisions no. 231 and no. 232 issued Dec. 11, 2019, and published Jan. 17, 2020, against one of the global leading oil companies and with provision no. 7 issued Jan. 15, 2020, again... Read More
How function creep may cripple app-based contact tracing
The U.S. is in the throes of a pandemic caused by the SARS-CoV-2 virus, COVID-19. Realizing that long-term lockdowns are not sustainable, governments are seeking alternative methods of controlling the pandemic. “Testing and tracing” has been touted as a way to reopen economies with the pandemic still raging. While testing has its own set of privacy challenges, the methods discussed to accomplish contact tracing are rife with problems. In simple terms, contact tracing involves determining who ha... Read More
FBI warns of COVID-19 testing scams
The U.S. Federal Bureau of Investigation is urging awareness around scams offering fake COVID-19 antibody tests, which they say could be used to steal personal information, CNN reports. Scammers are attempting to offer fake or unproven antibody tests to obtain Social Security numbers or health insurance information, the FBI warns. Meanwhile, the amount of time data accumulated from the U.K.’s Test and Trace program will be retained has been reduced from 20 years to eight years.Full Story... Read More
![]() |
Data Use In The Fight Against COVID-19 Should Treat People Equitably (Center for Democracy & Technology, April 2020) |
![]() |
COVID-19 and Data Privacy: Health vs. Privacy (Business Law Today, March 2020) |
![]() |
The Privacy Advisor Podcast: Should we give up our data to help the herd? (IAPP, April 2020) |
![]() |
Google’s COVID-19 site raises privacy concerns (IAPP, March 2020) |
![]() |
Commissioner: Proper handling of personal data ‘crucial’ in COVID-19 response (IAPP, March 2020) |
Privacy Programs
Checklist: Expedited Vendor Privacy and Security Assessment
As companies, educational institutions, governments and other organizations shift to remote work environments during the COVID-19 pandemic, the need for technologies to facilitate engagement has exploded. In this checklist are key questions for privacy professionals to consider as they navigate this process. Read More
ICO publishes data protection steps for businesses as COVID-19 measures ease
The U.K. Information Commissioner's Office has published six data protection steps businesses can follow as lockdown measures begin to ease during the COVID-19 pandemic. The ICO recommends businesses only collect information as needed, to be transparent about what data they gather from staff and to keep all data secure. The agency also answers questions on its pandemic regulatory approach and COVID-19 testing.Full Story... Read More
How to employ privacy by design in the fight against COVID-19
As COVID-19 is rapidly spreading around the world, public health authorities are eagerly searching for effective measures to flatten the curve and decrease the rate of contamination. Among others, many governments are using or considering using surveillance technology to track the movements of people infected by COVID-19 and notify those who may have been exposed to the virus. Naturally, the use of such measures on a wide scale raises serious privacy concerns. In Israel, for example, there is a ... Read More
COVID-19: What the CIO and CISO can do to help
This resource, published by KPMG, provides guidance for Chief Information Officers and Chief Information Security Officers in their privacy security operations management duties during the COVID-19 outbreak. Read More
Canada: Managing Privacy And Cyber Risks During A Pandemic
This article, published by Borden Ladner Gervais, provides guidance to Canadian organizations on managing privacy and cyber risks while operating during a pandemic. Read More
![]() |
How is COVID-19 affecting privacy programs? A call for research action (IAPP, April 2020) |
![]() |
COVID-19 Meets Privacy: An article on Accountability (Centre for Information Policy Leadership, March 2020) |
![]() |
COVID-19: European Business Continuity While Mitigating Data Protection and Security Challenges From a Distance (K&L Gates, March 2020) |
![]() |
Pandemic incites concerns about data-sharing overreach (IAPP, March 2020) |
![]() |
How to Build a Privacy Program (IAPP, Topic Page) |
Workplace Privacy & Remote Workforce
Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing
The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More
CNIL publishes guidance on collecting employee data during COVID-19
France's data protection authority, the Commission nationale de l'informatique et des libertés, published guidance on the principles employers should follow when potentially collecting employee data to monitor COVID-19 symptoms or for contact-tracing purposes. The CNIL recapped the processing of health data under the EU General Data Protection Regulation and offered updates on certain practices, such as monitoring employees' temperatures as they enter the building and carrying out surveys to gau... Read More
Web Conference: The New Normal: Navigating Work-from-Home Privacy and Cybersecurity Risks
Original broadcast date: May 8, 2020 Join us to gain insight into how some large multinational organizations are handling this challenging new employer/employee environment. Real-world situations will be discussed through hypothetical scenarios, challenges and priorities drawn out by experienced privacy leaders from organizations operating globally, and practical takeaways will be shared. Read More
Frequently Asked Questions on Workplace Privacy and COVID-19
This guidance, published by Littler, lists frequently asked questions and answers related to workplace privacy and COVID-19. Read More
Employee Temperature and Health Screenings — Statewide Orders
This updating tool, published by Littler, provides state-by-state information on law orders issued that require employers to conduct forms of employee health screening. Read More
General Resources
GPA COVID-19 Task Force creating ‘a ready toolbox’ for privacy community
Privacy has never faced a challenge of such a global nature as COVID-19, said Philippines National Privacy Commissioner and Chairman Raymund Liboro, who is leading the Global Privacy Assembly’s COVID-19 Response Task Force. With data at the forefront of pandemic response, the work of data protection and privacy authorities is needed more than ever. Liboro tells IAPP Staff Writer Jennifer Bryant about the task force’s efforts to create “a ready toolbox” those professionals can turn to.Full Story ... Read More
GPA COVID-19 Response Task Force aims to protect data subjects 'now more than ever'
While the COVID-19 pandemic has necessitated using data to analyze and map its origins and spread, Philippines National Privacy Commissioner and Chairman Raymund Liboro said “our data subjects need us now more than ever.” During the pandemic, data privacy professionals play an important role in protecting data, fostering privacy rights, and earning and maintaining the trust of those they serve, Liboro recently told fellow privacy commissioners, privacy officers in the corporate sector and membe... Read More
Google, Apple outline privacy considerations for Exposure Notification System
The COVID-19 pandemic has seared contact tracing into our collective consciousness, but it doesn't mean the concept is anywhere near new. Noted Deputy U.S. Chief Technology Officer Nicole Wong recently during an online event: Contact tracing was used to identify the original Typhoid Mary in 1907, as well as helping to quell outbreaks of smallpox, SARS and Ebola. As COVID-19 continues to spread, entities around the world hope to use technological advancements to take contact tracing to the next... Read More
With COVID-19, privacy is more central than ever before
Last year, with the shockwaves of the Cambridge Analytica scandal still echoing, the U.S. Federal Trade Commission fining Facebook $5 billion, and the U.K. Information Commissioner's Office announcing its intention to fine British Airways and Marriott hundreds of millions of pounds, we thought privacy had reached its zenith. California privacy advocates were stirring Washington, D.C., into legislative action, Brazil and India competing to put in place comprehensive privacy laws, 500,000 organiza... Read More
Defining a 'new normal' for data privacy in the wake of COVID-19
As the COVID-19 pandemic continues to roil economies and confine people to the solitude of their homes, much of the public discourse regarding the pandemic is focused on defining the “new normal.” Will wearing masks become an indefinite feature of public gathering? How long will the handshake remain social taboo? Some of the behavioral norms and social expectations we take with us will be innocent, unconscious footnotes to the compendium of our moment. Others will require long overdue deliberati... Read More
Resource Collections
Future of Privacy Forum: COVID-19 Privacy & Data Protection Resources
Global Privacy Assembly: COVID-19 Resources
ICO: Data protection and coronavirus information hub
Privacy International: Tracking the Global Response to COVID-19