Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week, we explore the data privacy challenges and concerns that have arisen during the COVID-19 pandemic. 

Illustration: Dorathe Victor

In the wake of COVID-19, the world has witnessed the power of technology. Almost all governments have leveraged personal data collected from mobile phones and other digital devices—call data records, social media reports, etc.—for contact tracing, epidemic modeling, and more to curb the spread of the virus. Desperate times called for desperate measures, and many governments are doing everything they can to win this battle. But at what cost?

The personal data of individuals collected for surveillance is shared among researchers and third parties, anonymously or otherwise, in the name of the pandemic. The choice between public health and individuals’ privacy is obvious here, but the privacy rights of citizens should still be considered. Citizens need to know the life cycle of their personal data in order to trust their governments with handling it.

The pandemic has not stopped privacy regulations, like Canada’s PIPEDA for example, although some like Brazil’s LGPD have been delayed. Security and risk management (SRM) leaders need to consider data privacy an important component. Gartner says that COVID-19 is drastically changing operations across industries, starting with remote work and accelerated digitalization, yet privacy essentials remain crucial to long-term success.

With that said, here are five interesting reads that discuss the privacy concerns and challenges that have arisen during pandemic management.

1. Public health vs. personal privacy: Choose only one?

Different countries are processing the personal data of individuals in different ways to combat against the virus. Once the situation settles down and normalcy returns, it’s only right to go back to respecting privacy and avoiding any kind of monitoring that infringes upon privacy rights.

2. Online Privacy During a Pandemic: New Challenges in a New World

At this point, personal data has become a weapon in the combat against the virus. With new privacy regulations like the California Consumer Privacy Act (CCPA), the enforcement of which starts in July, businesses and organizations have to be extremely cautious about data handling to comply with privacy regulations.

3. On the responsible use of digital data to tackle the COVID-19 pandemic

The personal data of individuals must be handled with care, and there has to be transparent communication to the public about data processing. Establishing best practices for data handling and processing is essential against the public’s concerns about data privacy.

4. Employee privacy during the COVID-19 pandemic

Organizations face pressure to process additional, sensitive employee data to manage a slow, steady resumption of business activities. Regulators from member states under the European Union issued a variety of guidance notes for employers to follow to protect the privacy rights of employees.

5. Privacy in a Pandemic: What You Can (and Can’t) Ask Employees

With health data being highly sensitive, the question of what to ask employees without violating any privacy laws prevails in the minds of many employers. This article explains the do’s and don’ts of such health related questions.

SRM leaders must perform periodic data protection impact assessments (DPIAs) and privacy impact assessments (PIAs) while ensuring business continuity during both remote work and re-engineered business processes post-pandemic. These are indeed tough times, but it’s important to continue to use data responsibly by complying with data protection regulations with due respect for privacy and confidentiality.