General Privacy & Data Security News & Developments

On May 7, 2020, the New York Attorney General announced she will not sue Zoom after it agreed to adopt enhanced data security and privacy measures to protect the data of its 300 million plus users. As COVID-19 social distancing policies radically change the way individuals and industries communicate, Zoom saw a reported 3,000 percent

“Even faced with a major global health threat, most people in America would oppose intrusive technological measures such as tracking apps to contain the spread of the virus,”  shows a new survey.

“At the same time, Americans are worried that such measures would lead to greater government surveillance in the long term, even after the

British Columbia, Canada has updated its privacy law in response to COVID-19.

  • British Columbia has temporarily modified its access to information and privacy act in response to COVID-19, lifting a requirement that personal data must be stored in Canada.
  • The province says the pandemic requires those who work for public bodies, such as health-care workers

The Newfoundland and Labrador Province of Canada has issued guidance on communicating in a health emergency.

  • Emergencies do not supplant the need for privacy but they do impact it.
  • While privacy should still be protected where possible, the need for complete and accurate information flow in a crisis is critical.

What to Collect

In general,

Technology companies are rushing to aid in the fight against the global COVID-19 pandemic by developing applications that can aid in contact tracing and assist public health authorities in containing the spread of the virus. These efforts, while promising, often involve processing massive amounts of personal location and health data, which carries significant privacy risks.

Citing a “significant increase in cybercrime” during the COVID-19 pandemic, the New York Department of Financial Services (DFS) issued guidance to all New York State regulated entities identifying areas of heightened cybersecurity risks. DFS advised regulated entities they should assess and address these areas as per cybersecurity regulation 23 NYCRR Part 500.

Heightened Risk #1:

The European Data Protection Board weighs in on contact-tracing apps:

Use of the apps should be voluntary.

  • The source code should be made public.
  • Location of individual users should not be required.
  • A strict necessity test should be used to assess what constitutes a “shared event.”
  • Local data storage within individuals’ devices is more in

The UK Information Commissioners’ Office says government can use personal data from mobile phones to track/fight COVID-19.

“The UK’s privacy watchdog has said the government can legally use personal data from people’s mobile phones to track and monitor behavior if it helps fight the spread of coronavirus.”

“It emerged that the government was in talks