COVID-19 Resources
For easy access to COVID-19 ('the Coronavirus') material from across the OneTrust DataGuidance platform, use the tabs above. You will find links to reports, webinars, and articles which highlight the key points you need to know in order to negotiate the practical and legal challenges brought about by the Coronavirus. Regulatory guidance, requirements for employers, and the latest updates on the Coronavirus’ impact on privacy laws from around the world have been compiled here to keep you informed as your organization takes its next steps.
OneTrust: The OneTrust platform comes equipped with custom assessments and reports to automate some of the challenges you’ll need to navigate to get your business running in a way that is safe, healthy, and with privacy in mind.
Vendorpedia: OneTrust Vendorpedia can help you understand and evaluate the impact of Coronavirus on your vendors and any new policies or procedures they’ve implemented in their own response to COVID-19.
Coronavirus Guidance Rolling Report (last updated on 3 August 2020): This Report collates the guidance, statements, legislative amendments, and similar released by supervisory authorities from around the world. The Report includes a comparison chart of guidance on major topics as well as a region by region, jurisdictional breakdown of authoritative information on privacy and the Coronavirus.
The Office of the Information and Privacy Commissioner of British Columbia ('OIPC') issued, on 31 July 2020, guidance ('the Guidance') on the collection of personal information at restaurants, bars, gatherings, and events, following the Public Health Officer's ('PHO') two orders on the same for food service establishments, liquor services, and e
The Office of the Privacy Commissioner of Canada ('OPC') issued, on 31 July 2020, a statement along with the Office of the Information and Privacy Commissioner of Ontario ('IPC') following their review of the COVID Alert exposure notification application ('the App'), and issued a review and recommendations on the same.
The Spanish data protection authority ('AEPD') issued, on 31 July 2020, a statement ('the Statement') addressing the collection of personal data by entertainment venues in the context of the COVID-19 ('Coronavirus') pandemic.
The Australian Cyber Security Centre ('ACSC') released, on 2 August 2020, guidance ('the Guidance') on mitigating ransomware threats for aged care and healthcare sectors following recent ransomware campaigns.
The Information Commissioner ('the Commissioner') issued, on 30 July 2020, a statement reiterating the inadequate legal basis for the operation of the mobile application ('the App') for informing people about contact wi
The Office of the Australian Information Commissioner ('OAIC') released, on 31 July 2020, its Notifiable Data Breaches Report for 1 January 2020 to 30 June 2020 ('the Report').
The Financial Crimes Enforcement Network ('FinCEN') issued, on 30 July 2020, an advisory ('the Advisory') to alert financial institutions of cybercrime and cyber-enabled crime connected to the COVID-19 ('Coronavirus') pandemic.
The Malaysian Communications and Multimedia Commission ('MCMC') announced, on 30 July 2020, the termination of Malaysia's contact tracing app, Gerak Malaysia ('the App'), launched in order to help to track COVID-19 ('Coronavirus') cases.
The Centre for Data Ethics and Innovation ('CDEI') published, on 29 July 2020, its June repository ('the Repository') on novel use-cases of artificial intelligence ('AI') and data to counter and mitigate the effects of the COVID-19 ('Coronavirus') pandemic.
The European Federation of Pharmaceutical Industries and Associations ('EFPIA') issued, on 29 July 2020, a statement on the Court Justice of the European Union ('CJEU') ruling of 16 July 2020 in
The Office of the Privacy Commissioner of New Zealand ('OPCNZ') released, on 30 July 2020, a statement welcoming the findings of an investigation into the COVID-19 ('Coronavirus') patient
The Secretary General of Council of Europe ('CoE') published, on 9 July 2020, its annual report ('the Annual Report') and toolkit ('the Toolkit') aiming to give guidance with respect to human rights particularly during the COVID-19 ('Coronavirus') pandemic.
The Securities and Exchange Commission ('SEC') announced, on 25 June 2020, that Novartis AG, had agreed to pay over $112 million to resolve charges that it violated the books and records and internal accounting controls of the Foreign Corrupt Practice Act ('FCPA').
The Securities and Exchange Commission ('SEC') announced, on 2 July 2020, that Alexion Pharmaceuticals Inc. had agreed to pay over $21 million to resolve charges that it had violated the books and records and internal accounting controls of the Foreign Corrupt Practices Act 1977 ('FCPA').
Senate Bill ('SB') 8450C for An Act to Amend the Public Health Law in relation to the Confidentiality of Contact Tracing Information ('the Bill') passed, on 23 July 2020, the New York State Senate and Assembly and will be delivered to the New York State Governor for signature. In particular, the Bill would, among other things, ensure that inform
The French data protection authority ('CNIL') adopted, on 28 July 2020, three referentials for the health sector ('the Standards').
The Supreme Court of Canada ('the Supreme Court') issued, on 13 July 2020, its decision in Reference re Genetic Non‑Discrimination Act, 2020 SCC 171 ruling by 5-4 votes that the Genetic Non-Discrimination Act (S.C. 2017, c. 3) ('the Act') falls within the federal jurisdiction and is constitutional.
The use of video surveillance in the workplace has been a controversial subject in labour law. With the increase in technological possibilities, employee monitoring via video surveillance is becoming ever more important for the employer and appears to be a more practical tool.
With a view towards ensuring the safety of their employees and the protection of their health, employers confronted by the COVID-19 ('Coronavirus') crisis have reached out to technologies which may raise certain privacy concerns.
In light of the global COVID-19 ('Coronavirus') pandemic, the majority of the world and its businesses have instantaneously inherited the need to become more digital.
With the COVID-19 ('Coronavirus') pandemic dominating the news in 2020, there are likely few people who have not heard the term 'contact tracing.' Case investigation coupled with contact tracing has been used as a 'core disease control measure'1 to prevent the spread of infectious diseases by state and local health departments for dec
Where should measures taken to tackle a public emergency end and the right to the privacy begin? This is a thorny issue which has been thrust into the spotlight as COVID-19 ('Coronavirus') continues to bear heavily upon how we lead our day-to-day lives.
Long before COVID-19 ('Coronavirus'), legal and policy analysts considered the potential impact of widespread deployment of drones.
The situation with the COVID-19 ('Coronavirus') pandemic has raised several red flags regarding data privacy around the world, especially within the EU and its rigorous General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').
The European Data Protection Board ('EDPB') adopted, on 16 June 2020, a Statement on the Data Protection Impact of the Interoperability of Contact Tracing Apps1 ('the Statement') during the COVID-19 ('Coronavirus').
New technologies often raise privacy concerns in their implementation and, in this respect, commercial drones or unmanned aircraft systems ('UAS') are no exception.
In response to the COVID-19 ('Coronavirus') pandemic, the Malaysian Government ('the Government') put in place a movement control order ('MCO') which came into force on 18 March 2020.
Ensuring that privacy laws continue to function in light of measures taken to halt the spread of COVID-19 ('Coronavirus') may prove challenging, particularly for countries without a general data protection law in place.
COVID-19 - Return to Work
Key Takeaways: COVID-19 - Return to Work
HIPAA compliance and cybersecurity challenge
Key Takeaways: HIPAA compliance and cybersecurity challenges
COVID-19 privacy and supply chain issues
Key Takeaways: COVID-19 privacy and supply chain issues
Handling data subject rights under the GDPR
Key Takeaways: Handling data subject rights under the GDPR
COVID-19 European and U.S. cybersecurity issues
Key Takeaways: COVID-19 European and U.S. cybersecurity issues
COVID-19 privacy and employment issues
