I was lucky enough to participate in an excellent panel of healthcare professionals discussing how COVID-19 has impacted medical technology, methods of treatment and research, and patient privacy rights.

If you are concerned with contract tracing applications, or what governments, employers, or private companies may be doing with data from contact tracing applications, we also had a terrific discussion on those topics.

Sign up at this link and you will receive a link to the webinar once it is edited and produced.

About the Event:

Data privacy is a popular topic among companies and organizations as more technology is implemented into their processes, products and services. Through an engaging virtual presentation, a panel of healthcare experts will discuss their experiences with how they are working to protect our data. This virtual panel presentation is sponsored by the M. Louise Fitzpatrick College of Nursing, Villanova School of Business Center for Business Analytics and the Office of Alumni Relations.

The virtual presentation will be pre-recorded and a link will be sent to all registrants in late May. During the registration process, we encourage you to submit questions by Wednesday, May 13 for the panelists to address in the virtual presentation.

Villanova University M. Louise Fitzpatrick College of Nursing is accredited as a provider of continuing nursing education by the American Nurses Credentialing Center Commission on Accreditation. Nursing participants who attend this entire program will be awarded 1.0 contact hours. Fee: $10. The registration deadline for continuing education credits is Friday, May 22.

Moderator:

  • Susan VonNessen-Scanlin ’87 FCN, CEO Rutgers Community Health Center, Rutgers University

Panel:

  • Dan Kelley ’01 MS, CTO, Keriton
  • Doug Langa P ’21, ’23, President, Novo Nordisk, Inc.
  • Mark McCreary ’95 CLAS, Partner, Fox & Rothschild
  • Scott Megill ’07 EMBA, President and CEO, Coriell Life Sciences
  • Marguerite Swietlik ’86 FCN, VP Nursing Informatics, Inova Health System
Map of Australia. illustration with lock and binary code background. internet blocking,virus attack, privacy protect

New legislation imposes stronger privacy protections on Australia’s planned contact-tracing app.

“The Australian government’s coronavirus tracing app will have stronger privacy protections under legislation which has passed Parliament,” reports The New Daily.

“People found accessing the data without authorization will face up to five years’ jail and fines of $63,000.

Businesses refusing to serve people because they haven’t downloaded the app will face the same penalties, along with anybody who tries to force someone to sign up.

The new privacy protections also make it a crime to store data outside Australia or communicate the information to someone overseas.”

Details from New Daily.

shutterstock_1048545287

The IAPP — International Association of Privacy Professionals — offers its take on the top 10 impactful provisions of the California Privacy Rights Act ballot initiative.

  • Sensitive information obligations
  • New enforcement authority
  • Expanded data breach definition
  • Audits and risk assessment for high risk processing
  • Restrictions on automated processing and profiling
  • Right to rectification
  • Opt-in and heightened penalties regarding children’s information
  • Data retention limitation
  • Extended employee right moratorium
  • Service provider/third party extended obligations

Details from the IAPP.

 

U.S. Capitol Building, Washington, D.C.

Following Democratic and Republican federal Coronavirus data privacy bills, Sen. Elizabeth Warren, along with U.S. Rep. Andy Levin, and U.S. Sens. Jeff Merkley and Tina Smith, introduced a bill for the Coronavirus Containment Corps Act. The bill aims to enhance contact tracing in the U.S. to prevent COVID-19

Under the legislation, the Centers for Disease Control and Prevention (CDC) shall  provide to the appropriate Congressional committees a strategy to expand COVID–19 contact tracing.

The strategy will include:
  • Plans to use mobile or app-based contact tracing technology, including:
    • Plans to prevent the misuse of data and to ensure the automatic deletion of data after the conclusion of the COVID–19 public health emergency; and
    • Plans to prohibit data sharing with and within the federal government, with the exceptions of the CDC and the Indian Health Service;
  • Strategies to record and publicly report de-identified data, while protecting the privacy of individuals and information regarding their personal health.

Details from The Hill.

Covid19

A United Nations representative warned of the privacy risks associated with contact tracing in the fight against COVID-19 in a recent interview.

“The danger is that measures brought in to protect citizens in exceptional circumstances, when most people accept they are needed, could outlast the current crisis, said Joe Cannataci, the U.N. special rapporteur on the right to privacy.”

“Dictatorships and authoritarian societies often start in the face of a threat,” he told the Thomson Reuters Foundation.

“That is why it is important to be vigilant today and not give away all our freedoms.”

“Surveillance and monitoring measures should be written in law and clearly limited in time” Cannataci said

“Governments should also favor voluntary tools such as phone-tracking apps requiring users’ consent over broader surveillance powers,” he said, calling on countries to set up independent bodies to oversee such measures.

“Any form of data can be misapplied in incredibly bad ways,” he said. “If you have a leader who wants to abuse the system, the system is there.”

Details from Reuters.

U.S. Capitol Building, Washington, D.C.

Democratic Senators introduced a second COVID-19 privacy bill.

It addresses the collection and processing of data in connection with fighting the COVID-19 pandemic. This Democratic Senate bill shares a number of key points with the recently filed Republican Senate bill, among them:

  • consent required for collection and revocable
  • disclosure at collection
  • information security
  • data minimization (collect only what you need)
  • retention limitation (delete after revocation and after the pandemic).

The bill would be enforceable by the Federal Trade Commission and State Attorneys General, but this bill also adds a private right of action with statutory damages.

Read a detailed analysis in my client alert.

Dan Or-Hof and Rotem Perelman-Farhi analyzed the Israeli Supreme Court decision on COVID-19 related phone tracing by the Israeli Secret Service in an article for the International Association of Privacy Professionals.

“The violation of the right to privacy is severe because the [Israeli secret service] tracks the location and other personal information related to law-abiding citizens and residents by using a covert, coercive and non-transparent technology.”

“… the measures taken by the Israeli government to confront the COVID-19 virus are extreme and unusual and warned from a slippery slope effect, which may lead to the use of the [Israeli secret service’s] capabilities without proper justification for additional purposes. The court encouraged the government to find and deploy effective alternatives to the [Israeli secret service’s] means.”

Details via the International Association of Privacy Professionals.

Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter, Data Protection Commissioner of the Council of Europe, issued a Joint Statement on Digital Contact Tracing.

Key principles for digital tracing:
  • transparency
  • data minimization
  • impact assessment
  • de-identification
  • safeguards from automated decision making

More details in my client alert.