The societal changes brought on by COVID-19, including upheavals in how business is conducted, have transformed the challenges surrounding privacy and cybersecurity. For businesses with employees working remotely, there are multiple information security compliance implications of increasing employees’ access to sensitive information and risk management issues associated with remote access capabilities for management and staff in multiple states. In addition, companies may have to comply with government requests to collect and share information about employees traveling from areas affected by the coronavirus. The use of thermal scanners at facility entrances poses privacy and data security risk management concerns.
Crowell & Moring’s Privacy and Cybersecurity Group has been advising companies on a wide range of these novel issues since the beginning of the COVID-19 crisis. Our experience cuts across multiple industries and global data protection regimes. We provide practical advice that enables our clients to address privacy and cybersecurity issues in a manner tailored to their business needs and to the risks they face. We also regularly help clients respond to and manage cyber and data incidents, including ransomware attacks, and defend them in any resulting lawsuits.
Current Privacy and Cybersecurity COVID-19 Representative Matters Include:
- Advising an engineering services firm regarding the information security implications of increased employees’ remote access to sensitive information.
- Advising a developer of advanced cybersecurity solutions on how to best revise the terms of a pending onsite DoD cybersecurity assessment, including concerns over sharing its sensitive information security materials off-site.
- Advising a large national nonprofit organization regarding privacy and data security risk management issues associated with increased employee telework and remote access to sensitive data.
- Counseling a global air carrier on its obligations to comply with government requests to collect and share information about passengers traveling from areas affected by the coronavirus.
- Advising an global engineering company assessing the privacy and data security risks of domestic and foreign responses to the coronavirus, including the use of thermal scanners at facility entrances.
- Advising an HR-services vendor on the use of software-generated data for purposes of COVID-19 tracking and tracing tools for its customers.
- Advising a data aggregator on the use of aggregated location data for purposes of COVID-19-related restriction measure compliance monitoring.
- Advising a mobile app developer on compliance issues related to developing a COVID-19 tracking and tracing app and an associated data platform.
- Advising an industrial conglomerate on privacy and labor and employment issues relating to deploying a COVID-19 tracking and tracing app, related vendor agreements.
- Advising a hospital system on COVID-19 contact tracking and tracing application development.
- Advising an online health information vendor on COVID-19-related product privacy issues.
- Advising a provider-focused health information platform on COVID-19-related aggregate diagnostics data.