The COVID-19 pandemic has prompted data protection and enforcement to be re-examined by countries worldwide. Basically, in the light of regulatory constraints, since the times of Socrates and Plato, an ethical dilemma has been debated: at what stage are the rights of the citizen overridden by the needs of public protection and economic well-being? The answers to this question will differ widely based on country-specific regulations and cultural norms, as well as the state of infections with COVID-19 in each region, and will be a defining undercurrent as the “next normal” global economy re-emerges.
As several organizations and policymakers are working to develop track-and-trace applications to allow society to get back to normal, the implementation of these advanced screening capabilities should incorporate security concerns as well as data privacy regulations.
While it is tempting during a pandemic to prioritize health above all else, data privacy regulations do need to be enforced. In a time when personal safe health information (PHI) and special data categories are exchanged at an unprecedented pace, this can be difficult. Employers would need to follow a new set of policies globally that balance supporting the wellbeing of workers with allowing the organization to function at a sustainable pace. To fully understand how privacy laws relate to their activities has never been more critical for public and private organizations so that they can function safely in the next normal.
Data Privacy in the Next Normal
Organizations should create a comprehensive, ethical and sustainable approach to privacy and security for COVID-19 health considerations in creating a holistic approach to meeting privacy and security criteria around COVID-19 health considerations.
Key variables for enhancing productivity and effectiveness include:
- Cross-functional executive support: Privacy and protection is a cross-functional topic requiring strong executive support and engagement in areas such as business, IT, HR, and legal issues.
- Risk-based approach. Focusing on business risk and defining and prioritizing high-risk products (as opposed to simply compliance) will improve the value that privacy and security solutions can offer.
- Data lifecycle: One first needs to understand where the sensitive data is and how it is used, from compilation to destruction, before one can understand how to enforce fair controls.
As the COVID-19 pandemic threatens to roil economies and confine people to the isolation of their homes, much of the public discussion of the pandemic focuses on identifying the “new normal.”Some of the behavioral norms and social expectations we take with us will be innocent, unconscious footnotes to the compendium of our moment.Others would need deliberation and debate long overdue. None may be more critical than our changing conceptions of data privacy and cybersecurity.
Today, there is growing public concern over how consumer data is used to consolidate economic gain among the few while steering public perception among the many — particularly at a time when privacy seems to be the price for ending public health emergencies.
But the COVID-19 outbreak is also highlighting how user data can improve consumer well-being and public health. While strict adherence to traditional notions of privacy may be ineffectual in a time of exponential technological growth, the history of our relationship to privacy and technology suggests regulatory policies can strike a balance between otherwise competing interests.