After weeks of shelter-in-place orders around the world, some governments and public health authorities are working on exit strategies. Digital technologies and data are deemed to play an important role in that respect, with many European and other countries adopting or planning to adopt mobile contact tracing applications.

In the recent past, the sense of

As the Covid-19 virus continues to wreak havoc, governments around the world are urging companies to organise remote working for their staff – wherever possible.

While this is a positive development for public health and economic considerations, companies should be aware that migrating all employees to home working could create additional challenges in software license compliance. As it turns out, remote access is the easiest way to quickly become non-compliant with many software vendors.

Continue Reading New Focus on Software Audits as a Result of Covid-19

There is a lot of uncertainty as to when the Brazilian Data Protection Law (No. 13,709 – “LGPD”) will come into force. Such uncertainly has been significantly increased due to the current scenario of Covid-19. However, data protection compliance projects should not be postponed or implemented superficially, especially considering (i) their direct impact in a

The fight against the COVID-19 pandemic lead to the deployment of unprecedented responses by states and organizations; from “data against corona” initiatives (i.e., use of “anonymized” and “aggregated” mobile data as part of monitoring the success of in-shelter rules) to employers around the globe eager to protect their workforces and launching corona-investigations (inquiring about personal travels, imposing self-quarantine measures, etc.).

Even more in stretched times, attention shall be paid to the balancing of those initiatives against the fundamental right to privacy of individuals. In this context, many national data protection authorities in the European Union and the United Kingdom issued guidelines on the processing of personal data as part of the COVID-19 crisis in an effort to define what is possible and what is not.

We summarize below the approach taken in relation to three aspects of employee-privacy, namely: the opportunity for employers to request employees to disclose symptoms, the conduct of examination of employees and, finally, the disclosure of affected employees’ identity to peers.

A snapshot is provided for Belgium, France, Germany and the United Kingdom. For a broader review of cybersecurity and data privacy aspects in relation to COVID-19, please read our Legal Update on the subject.

Enjoy the reading.

Diletta De Cicco and Charles Helleputte

Continue Reading COVID-19 and Employees’ Privacy: Capita Selecta

The novel COVID-19 virus has exposed businesses to dynamic cyber threats and data privacy challenges—and accompanying legal risks.

The rapid expansion of remote work and associated strains on employees have created new opportunities for cyber criminals. Further raising risk, critical company systems and data may be exposed by increased remote access, and it may be harder for companies to respond effectively to cyber incidents. As a result, cyber criminals are seeking to exploit COVID-19 through phishing scams, ransomware, business email compromises, and other attacks. For example, one Russian criminal group has been associated with malware that uses a legitimate COVID-19-related map produced by Johns Hopkins University while seeking to steal user passwords.[1] The U.S. Department of Health and Human Services reportedly recently suffered a distributed denial of service attack.[2] And Brno University Hospital, one of the largest COVID-19 testing centers in the Czech Republic, reportedly suffered a cyberattack that shut down its computers, and led to cancelled operations and patient relocations.[3] (Please see our prior alert on phishing campaigns in Hong Kong.)

Continue Reading Managing Cybersecurity and Privacy Risks Through COVID-19