Navigating Human Privacy During the Pandemic: Key Discussions to Follow

As the world navigates a time of human tragedy, institutions are under pressure to confront tough practical and philosophical questions regarding user privacy. Questions pertain to business risk, revenue optimization, hiring, pivots, and expansion efforts. The burden of responsibility falls on compliance officers, general counsels, and chief HR officers within businesses. 

On the one hand, measures such as digital contact tracing have slowed down the spread of COVID-19 in East Asia. In addition, tech giants such as Apple and Google have stepped up to help solve the epidemiological problem. As of May 20, the companies have granted 22 countries — and several states in the U.S. — access to its contact tracing API.

These measures come at a time when privacy laws around the world are in their nascent stages, as the development of technology moves faster than legislative bodies can keep up. As a result, everyday people are placing power in the hands of businesses, trusting that they will make the right decisions in absence of clear government regulations. 

“In the current pandemic environment, human rights law recognizes, and most of us would readily concede, that temporary limitations on privacy and the freedom of movement may be necessary to protect the health and safety of hundreds of millions,” write Wafa Ben-Hassine, human rights lawyer, and Philip Dawson, public policy lead, for the World Economic Forum. 

Early Signals to Monitor

Early signals point to technology companies making judgment calls to prioritize privacy, especially with regards to collecting PII to keep employees safe during COVID-19. For instance, Apple and Google have placed data-use limits on the information that public health authorities collect. Microsoft has been following the GDPR with regards to contract tracing solutions. The company will get “meaningful consent” for data collection and “be transparent about its purpose for doing so,” while using de-identificaton and encryption methods,  according to its recently released privacy principles. 

Sponsorships Available

Sponsorships Available

Sponsorships Available

These steps represent a first start — not a catch-all solution. As the COVID-19 pandemic progresses, compliance, regulatory, and privacy experts will face more questions, as areas of ambiguity continue to emerge. How can the private sector make their best decisions during these uncertain times?

The answer to that question is critical to your organization’s long-term health and strategy. Stakeholders — employees and customers — are paying attention, according to the 2020 Edelman Trust Barometer. A key finding of this report is that people are putting pressure on companies to do the right thing.

• 33% of respondents said that they have convinced others to stop using a brand that they felt was not acting appropriately in response to the pandemic
• 71% say that brands that they see placing profits above people during this crisis will lose their trust forever
• 65% say that a brand’s response to the crisis will have a huge impact on their likelihood to purchase from that brand in the future

Doing the right thing means asking questions and staying on top of privacy oriented discussions.

• What does a good decision look like?
• What is the appropriate level of response?
• How will decisions impact brand perception?
• How long should programs remain in place?
• What is the best way to communicate decisions to employees?
• How do you balance what’s right with what’s necessary?

The following conversations and discussion points can help you navigate your best judgment calls.

Privacy Conversations

Implementing an Ethical Data Privacy Framework That Goes Above and Beyond Regulatory Compliance 

Source: CPO

With this resource, you’ll gain a deeper understanding of how to handle personal medical data (e.g. data indicating COVID-19 infection status) in an ethical manner that protects the privacy of data subjects.

Even when regulations are vague or nonspecific, organizations must assess the necessity of sharing sensitive information, and they must respect the preferences of their data subjects. 

Even as the COVID-19 pandemic progresses, regulations surrounding data privacy are likely to expand in geographic coverage. For this reason, over the next several years, the ability to adapt will be crucial for organizations in the United States to compete on a global stage. Companies such as Microsoft are taking steps ahead, to ensure that a culture of respect exists for both the end-consumer and for the eyes of the law. There are numerous benefits to ethical data privacy, writes this article’s author, Pam Hrubey who is a managing director at Crowe LLP.

“Companies not yet exposed to stringent regulatory requirements might resist implementation based on cost,” she writes. “However, the reputational benefits garnered by responsibly caring for data can be used to boost market confidence.”

General Data Protection Regulation (GDPR) Hub

Source: Eversheds Sutherlands

This resource will help you translate abstract legal discussions into practical best practices.

The GDPR leads the world in defining a clear privacy framework that respects user data. It’s this reason, in part, why tech giants such as Microsoft, Apple, and Google are citing EU law as the defacto standard for implementing contact tracing solutions during the pandemic. Eversheds Sutherlands is a UK based law firm with 100+ cybersecurity and privacy lawyers in 30+ countries. The company maintains an extensive educational resource for how companies can take constructive steps forward in protecting consumer privacy.

A resource of particular value is this data mapping tracker that offers clear and prescriptive steps to plan for privacy and integrate the principle of data minimization into an organization’s business processes.

Pandemic Incites Concerns About Data-Sharing Overreach

Source: IAPP

This resource sheds insight into how to find a balanced, middle ground for data collection that does not infringe on privacy rights of individuals. 

Data protection involves balance with other fundamental rights. It’s easy to lose perspective into the necessary protections to defend data protection rights — especially when navigating the challenges of a pandemic. Tech companies will benefit from monitoring regulatory best practices all over the world.

“The concern is that companies start collecting this data for legitimate purposes and then try to use it for their business models,” writes journalist Jennifer Banker. “This is particularly worrying when those big companies,  like Facebook and Google, team up with national authorities in a time of crisis.”

Monitoring Employees Productivity While Respecting Privacy

Source: HBR

Long before the COVID-19 pandemic, employers have been thinking about the best way to monitor employee productivity. The goal of these initiatives is not micromanagement or surveillance but rather a way to ensure that the organization remains optimally productive. 

Since COVID-19 has suddenly made it necessary for the vast majority of employees to work from home, employers are left wondering how much work is actually going on. 

The fear of productivity losses, combined with the prospect of declining revenues,  has encouraged many leaders to ramp up their employee monitoring efforts.

This resource will help you balance the risks and benefits of employee monitoring — providing you with a list of six recommendations for how to navigate this tightrope walk. As this article points out; however, surveillance has the potential to erode trust, encourage dishonesty, and expose organizations to liability.

“At the end of the day, your employees are your most valuable assets,” writes the article’s author, Reid Blackman, PhD, who is the founder of an ethical risk consultancy. 

“They possess institutional knowledge and skills others do not. You’ve invested time and money in them and they are very expensive to replace. Treating them with respect is not only something they deserve — it’s crucial for a company’s retention efforts.”

Understanding Proximity Tracking Technology

Source: Electronic Frontier Foundation

This resource will help you explore best practices for collecting, processing, and managing the data — if your organization is involved in deploying proximity tracking systems and apps. 

With companies and governments deploying a range of new systems and apps to tackle the pandemic, many groups have decided to use Bluetooth-assisted proximity tracking for the purpose of exposure notification. 

The EFF proposes a potential categorization system “based on how much trust each proposal places in a central authority.” 

With centralized models, a single entity receives privileged access that regular users do not. WIth a decentralized system, no central authority retains specialized access. A decentralized app shares data with a server, and everyone has access to this information. This article explains the tradeoffs between the two models, in practice, taking the side that governments shouldn’t use “centralized” proximity tracking. 

Final Thoughts

As companies adapt to a new reality of business, c-suites need to take more time to think before they act. What consequences will decisions have in 5, 10, or 20 years? With regards to consumer privacy, a thoughtful approach will minimize the potential for a boomerang effect of a backlash. The steps that your company takes now will be measurable in the long-run. Early data reveals that the upfront work is worth it.

About Authors

This piece was developed collaboratively by Ritika Puri and Jingcong Zhao.

Ritika Puri is a storyteller, researcher, and analyst who helps businesses navigate tough judgment calls in a fast-moving world. She advises teams across business functions, for entities around the world. She is currently building education to help organizations align profit motives with human outcome goals, by empowering leaders to become better thinkers. She co-founded Storyhackers in pursuit of this passion and vision.

Jingcong Zhao is the Director of Content Marketing at Hyperproof. Jingcong is most passionate about helping businesses develop authentic, trusted relationships with their customers through stories. Prior to Hyperproof, she served in editor-in-chief roles at Socedo and PayScale.

Hyperproof’s Continuous Compliance Software Is Available at No Cost During the COVID-19 Crisis

To help organizations stay compliant with disparate data privacy regulations during this challenging time, Hyperproof is offering our continuous compliance software subscription at no cost.

This offer includes Hyperproof’s core platform and two compliance templates focused on privacy mandates passed in the United States and European Union: The California Consumer Privacy Act (CCPA) and The General Data Protection Regulation (GDPR). Hyperproof is making these programs available due to the increasing amount of personally identifiable information that needs to be exchanged at record speeds in order to protect our communities.

Contact us to receive a no-cost subscription: https://hyperproof.io/compliant-together/

Banner photo by Markus Winkler on Unsplash

The post Navigating Human Privacy During the Pandemic: Key Discussions to Follow appeared first on Hyperproof.

Recent Articles By Author

• AI Driven by Human Expertise: Hyperproof’s Bold Hybrid Approach to AI in GRC
• Sisense Data Breach Notice for Hyperproof Customers
• Compliance Programs 101: Creating a Quality and Consistent Program

More from Hyperproof Team

*** This is a Security Bloggers Network syndicated blog from Hyperproof authored by Hyperproof Team. Read the original post at: https://hyperproof.io/resource/human-privacy-during-covid-19/?utm_source=rss&utm_medium=rss&utm_campaign=human-privacy-during-covid-19