Mondaq posted an article on October 2, 2020, exploring whether personal privacy will become a COVID casualty. Below are some key highlights:
- In July, Guernsey Partner Richard Field and Cayman Islands Counsel Peter Colegate examined the unprecedented challenges facing businesses in respect of data protection and cyber security in the grip of the global pandemic.
- Privacy rights, once relinquished, are rarely regained. Principles of transparency and proportionality are critical during these times and should apply to any organisation using individual personal data to address COVID-related problems.
- Where personal data holdings are shared between parties, contractual or other provisions should be put in place between the data controller and the third party processor to ensure that any personal data is processed only for authorised purposes, that all data is stored and transmitted securely and that incident response plans are in place in the event of a data breach.
- The news that an online beauty product fulfilment business had been tracking its workers’ hours, keystrokes, mouse movements and viewing screenshots to see what was being done has been met with a significant backlash, for example. Personal information should only be shared with those who actually need to access it.
- Principles of transparency and proportionality are critical during these times and should apply to any organisation using individual personal data to address COVID-related problems.
- Organisations must be proactive by designing privacy into any technology solutions, with particular care to implement strong privacy protections that safeguard the vulnerable.
- For most European-style data protection regimes, personal data must be processed fairly and lawfully and used for a legitimate purpose that has been notified to the individual.
- Organisations will need to take a similar approach with any new technologies they deploy and underpin those deployments with privacy impact assessments to help demonstrate compliance.