No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Prioritizing Privacy During a Pandemic

How Organizations Can Maintain A Focus on Data Privacy – And to What Extent

by Avani Desai
January 4, 2021
in Data Privacy, Featured
COVID-19 tracking app showing location and infected people on blue background

Data privacy is as critical in a public health crisis as ever – if not more so. Schellman & Company President Avani Desai discusses what companies can do to ensure data privacy remains a focal point in the organization’s strategy.

It’s official: we’re living through the world’s latest pandemic. And while valuable guidelines and regulations are infiltrating our lives from governments and specialized agencies such as the World Health Organization in order to keep us healthy, organizations and individuals are faced with another unprecedented concern: What about data privacy?

According to directions by the Centers for Disease Control and Prevention (CDC) and as laid out by the 1944 Public Health Service Act, public health authorities are one court order away from obtaining almost any data they want about any of us.[1] During a pandemic like the current COVID-19 outbreak, the true scope of the CDC’s powers are brought to life and can be enforced; according to the CDC manual, should the need arise, public health officials can investigate or detain you, force you into quarantine and access, confiscate or destroy personal devices and data. [2] They’ve got “police powers.”

Of course, such authority stems from the government’s core duty to protect public health and safety, even if it means restricting individual freedoms. For example, when a person is diagnosed with COVID-19, public health experts must discover where the individual has been and track down everyone they’ve been in contact with in an effort to curb the spread of the virus. It’s well intentioned, and it can save lives.

Still, do we, and can we, draw a line somewhere regarding data privacy and security? How far does it go? Here are some ways organizations can keep prioritizing privacy as much as possible, whenever possible.

Develop (or Enforce) a Comprehensive Privacy Management Program

A successful privacy policy framework, according to Ionic, “requires understanding all aspects of what personal data is and how it is used across all facets of your organization.”[3] You’ve got to identify and classify data, communicate and implement an overarching and transparent policy (internal and external) and determine how you’ll control and safeguard data. If you haven’t already implemented a privacy policy, there’s never been a more pressing time. International regulators agree that such a program should consist of:

  1. Designating a Chief Privacy Officer (or respective task force) to coordinate the program.
  2. Enacting data security policies and procedures and educating staff regarding these.
  3. Inventorying data, conducting regular risk and privacy impact assessments and regularly testing implemented privacy controls/procedures for each business operation.
  4. Building privacy principles into product development and research.

Understand What Information to Provide

Privacy experts have warned that “there is a balance to be struck between protecting private health and ensuring privacy rights aren’t infringed as both the government and employers take efforts to tackle COVID-19.”[4] So far, guidance from the U.K.’s Information Commissioner’s Office (ICO) and Data Protection Commission (DPC) is that employers must continue to respect data protection principles (e.g., securing personal data by minimizing access, ensuring eventual erasure, adequately training staff, etc.) and keep personal data collections (e.g., health details, location or travel details, etc.) to the minimum amount that’s required.[5]

Employers must stay informed. Updates are emerging daily regarding different countries’ guidance on how the pandemic affects data protection laws and guidelines as governments seek to build upon their legal basis for processing data, additional data protection principles and employers’ questions regarding the processing of employee health data. The Belgian Data Protection Authority, for instance, stated that the processing of personal data collected through measures implemented to prevent the spread of the virus must comply with all the fundamental principles of data processing within Article 5 of the GDPR; in particular, companies and all employers shall inform employees and visitors about the purposes for which their data are processed and the period for which their personal data will be retained.[6]

Engage in Contractual Protection with Suppliers and Clients

A leading Hong Kong law firm cautions that companies may be vulnerable to confidentiality and data privacy risks from remote home arrangements, and improper safety measures could be “epidemic” for the organization. Their “cure” to mitigate such risks includes contractual protection — including with IT suppliers. This means the inclusion of representations and warranties from providers, and the inclusion of indemnification clauses to ensure risk allocation in case of default. In the case of clients, it means inclusion of liability exclusion or limitation (e.g., capping professional liability) and the inclusion of disclaimers in contracts and websites to disclaim the organization’s associated IT security risks.[7]

Seek Legal Advice

Data filtration and protection can get legally complex and contextual. As TheJournal.ie points out:

“different employers may need different standards when it comes to maintaining the confidentiality of any patients diagnosed with the coronavirus — there is a much greater need, for instance, to know the identity of an individual with the coronavirus if they work in a nursing home than if they work in a large office.”[8]

Our latest pandemic isn’t just spreading germs; it’s also igniting and transferring concerns and unprecedented challenges. Seek legal advice to properly set up an effective and efficient framework to tackle any potential confidentiality and data privacy risks your organization could confront.

Enhance IT Security and Stay Connected

Privacy isn’t a concern that rises only from the government’s need to track the outbreak. Increased risks also emerge from new work environments — something that’s becoming more obvious as more and more people are encouraged or mandated to work remotely. This comes with its own share of privacy challenges, including unsecured Wi-Fi networks or personal devices, inept firewalls and antivirus software and/or the lack of updates, backups and encrypted communications.

There are many ways organizations can impose safety measures to mitigate security breaches and data loss. Employers must assess any and all probable and potential security risks posed by remote work arrangements, pre-vet and authorize specific employee devices, install properly configured security measures (firewalls, antivirus software, etc.) and enforce safety protocols (such as multifactor authentication, additional credentialing, VPNs, etc.).

Employers should also proactively remain connected to their employees and keep everyone aligned despite social (physical) distancing. Forbes contributor and executive coach Alisa Cohn encourages leaders to carve out daily meetings in a “virtual situation room” with a specialized leadership team, convene with a mandatory call to keep everyone connected and updated and share situational updates with the rest of the company.[9] Everyone must be encouraged to stay alert and inform leadership in the case of a possible security breach, risk of data loss or privacy concern.

In the event of a public health emergency such as the current pandemic, privacy legislation can’t and shouldn’t impede the work of public health officials. The downside is that public health authorities perhaps aren’t as well versed in safeguarding the additional amounts of data they’re investigating or handling. Panic-evoking outbreaks such as a pandemic also tend to blur the lines of what’s “necessary” or “reasonable.” To an extent, the Constitution in the United States sets our framework: The government’s exercise of public health police powers must be necessary, reasonable, proportional and avoid harm. At any rate, organizations must remain vigilant, updated and keep their people’s health top of mind.


[1] In a Pandemic, Data Privacy Goes Out the Window

[2] The CDC Field Epidemiology Manual: Legal Considerations

[3] Best Practices for Data Privacy Programs

[4] Covid-19: Spread of coronavirus raises difficult questions over data privacy

[5] Data protection no barrier to managing coronavirus

[6] Belgian Supervisory Authority Issues Guidance on Data Protection and Coronavirus

[7] Amidst the Wuhan Coronavirus Pandemic: Confidentiality and Data Privacy Issues Arising from Work-from-home Arrangements in Hong Kong

[8] Ibid

[9] How to Keep Your Company Aligned During the COVID-19 Pandemic While Your Whole Team is Working Remotely


Tags: COVID-19
Previous Post

Protiviti & ISACA: IT Audit Perspectives 2021

Next Post

SEC Modernizes Reporting Requirements for Public Companies

Avani Desai

Avani Desai

January 4 - Avani Desai headshot Avani Desai is a Partner and President at Schellman & Company, LLC, the largest niche CPA firm in the world that focuses on technology and security assessments. She is also CEO and co-founder of MyCryptoAlert, a push notification and portfolio app for cryptocurrency. Avani started her career working at a Big 4 accounting firm (KPMG) for over 10 years, where she led a team and oversaw IT risk management and privacy across national service lines. In addition, Avani managed the development of internal and external privacy programs and related practices, leveraging her deep knowledge with health care and emerging technologies, such as blockchain, cloud computing, artificial intelligence, internet of things and virtualization. Now at Schellman & Company, Avani has been focusing on growth strategies, strategic client and market development, industry analysis and new services for the last seven years.  

Related Posts

new yorkers in covid masks on street

Covid Fraud Enforcement (Yes, This Is Still a Thing)

by Denise M. Barnes and Brian Irving
February 7, 2025

With $2B recovered and $36B in estimated fraud, DOJ signals years of continued pandemic relief investigations ahead

theater marquee showing covid shutdown

Was Covid Pandemic an Act of God? Depends on the Contract.

by Gretchen L. Jankowski and Jacqueline M. Weyand
September 4, 2023

Force majeure provisions in contracts haven’t garnered much attention over the years. But the Covid-19 pandemic appears to have changed...

covid business closure

Who’s on the Hook for Pandemic-Related Business Disruptions? Courts Agree, It’s Not Property Insurers.

by Crowell & Moring
February 8, 2023

We’re nearing the three-year anniversary of widespread business shutdowns in the early days of the Covid-19 pandemic. In that short...

uvalde crosses

Will 2023 Bring More ‘Permacrisis’ Culture?

by Lisa Schor Babin
January 4, 2023

While 2022 had no shortage of chaotic events, ethics columnist Lisa Schor Babin shares her hopes for 2023 — and...

Next Post
SEC emblem on building exterior

SEC Modernizes Reporting Requirements for Public Companies

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights