As the world focuses its efforts on the right strategy to beat the coronavirus and make normal life safe again, businesses are devising and implementing a variety of measures to deal with the COVID-19 crisis which rely on the collection, use and dissemination of personal data.
To assist with this challenge and ensure that privacy and cybersecurity aspects are appropriately addressed, Hogan Lovells has released a detailed guide providing legal analysis and practical recommendations. The guide has been prepared by a team spanning its 45 offices around the world and led by the firm’s Global Regulatory practice.
It includes in-depth guidance and actionable tips for business in relation to measures such as COVID-19 testing, temperature screening, immunity certificates, and contact-tracing apps. Other critical areas such as customer communications, data processing during clinical trials, cyber risks and potential litigation risks, are also carefully considered.
Eduardo Ustaran, Co-Head of the global Privacy and Cybersecurity practice at Hogan Lovells, commented: “Public health and privacy are not in conflict. They are on the same side. A workable strategy to ease off the world’s lockdown and keep the coronavirus under control demands respect for people’s rights and their trust. So our objective is to help and show how privacy and cybersecurity can be part of the solution to this crisis, ensuring the measures taken by governments and businesses are truly effective.”
Each section includes a brief legal analysis and specific guidance on next steps, split into the following chapters:
• Why privacy and cybersecurity should be part of the strategy
• Regulatory guidance and a summary of approaches so far
• Legal bases for processing COVID-19 data
• Employers’ transparency requirements when collecting COVID-19 data
• Temperature screening privacy implications
• Using immunity certificates and data protection
• Making COVID-19 contact tracing apps privacy compliant
• Vendors and contractual implications of a COVID-19 exit strategy
• The role of Data Protection Officers (“DPOs”) and Data Protection Impact Assessments (“DPIAs”) in the context of COVID-19 measures
• Cybersecurity precautions for an agile workforce
• Getting cloud projects right in times of COVID-19
• Direct marketing communications in times of coronavirus
• Mitigating investigation and litigation risks
• Key privacy considerations for COVID-19 clinical trials
• Privacy lessons from Asia