COVID-19 Resources
For easy access to COVID-19 ('the Coronavirus') material from across the OneTrust DataGuidance platform, use the tabs above. You will find links to reports, webinars, and articles which highlight the key points you need to know in order to negotiate the practical and legal challenges brought about by the Coronavirus. Regulatory guidance, requirements for employers, and the latest updates on the Coronavirus’ impact on privacy laws from around the world have been compiled here to keep you informed as your organization takes its next steps.
OneTrust: The OneTrust platform comes equipped with custom assessments and reports to automate some of the challenges you’ll need to navigate to get your business running in a way that is safe, healthy, and with privacy in mind.
Vendorpedia: OneTrust Vendorpedia can help you understand and evaluate the impact of Coronavirus on your vendors and any new policies or procedures they’ve implemented in their own response to COVID-19.
Coronavirus Guidance Rolling Report (last updated on 12 October 2020): This Report collates the guidance, statements, legislative amendments, and similar released by supervisory authorities from around the world. The Report includes a comparison chart of guidance on major topics as well as a region by region, jurisdictional breakdown of authoritative information on privacy and the Coronavirus.
The Global Privacy Assembly ('GPA') published, on 16 October 2020, its adopted resolutions following its annual GPA meeting.
The European Commission announced, on 19 October 2020, that its testing interoperability gateway service linking national apps across the EU is now operational, after a successful pilot phase.
The National Data Guardian published, on 15 October 2020, the results of polling to gauge public opinion on the use of data during the COVID-19 ('Coronavirus') pandemic.
The Office of the Australian Information Commissioner ('OAIC') released, on 15 October 2020, its annual report for 2019-2020.
The Conseil d'Etat announced, on 14 October 2020, that it has issued a summary judgment, on 13 October 2020, on the topic of whether the Health Data Hub should be suspended following the issuance of a decree that has prevented the He
The French data protection authority ('CNIL') issued, on 14 October 2020, guidance to aid sports clubs and associations on the topic of collecting health data during the Coronavirus pandemic.
The Information Commissioner's Office ('ICO') published, on 13 October 2020, a blogpost outlining the protection of privacy during Coronavirus, authored by the Information Commissioner, Elizabeth Denham.
The Italian data protection authority ('Garante') published, on 12 October 2020, frequently asked questions on medical online reports.
The French data protection authority ('CNIL') launched, on 12 October 2020, a public consultation on the non-binding draft standard on the processing of personal data in the context of the reception, accommodation, and socio-medico support of the elderly, disabled or in need.
The Spanish data protection authority ('AEPD') issued, on 9 October 2020, a decision in proceeding PS/00206/2020 fining Centro de Investigación y Estudio para la Obesidad, SL €50,000 for transfering the personal data of the claimant to Evo Finance EFC, SA, in the context of the processing of a medical insurance claim where the medical treatment
Decree of 9 October 2020 amending the Decree of 10 July 2020 Prescribing the General Measures Necessary to Deal With the COVID-19 Epidemic in Territories where the State of Health Emergency has been Lifted and in those where it has been Extended was published, on 10 October 2020, in the Official Journal of the Republic of France.
The Council of Europe ('CoE') announced, on 12 October 2020, that it had published its report on digital solutions to fight COVID-19.
The Connecticut Attorney General ('AG'), William Tong, announced, on 8 October 2020, along with 27 AGs, a $5 million settlement with Tennessee based Community Health Systems, Inc. ('CHS'), resolving an investigation following a data breach which affected approximately 6.1 million patients.
The Office of the Privacy Commissioner of Canada ('OPC') announced, on 8 October 2020, the release of the 2019-2020 Annual Report.
The U.S. Department of Health and Human Services' Office for Civil Rights ('OCR') announced, on 7 October 2020, that it had settled its eighth enforcement action in its Right of Access Initiative under the Health Insurance Portability and Accountability Act of 1996 ('HIPAA').
The Conseil d'Etat issued a summary decision, on 13 October 2020, on the topic of whether the Health Data Hub should be suspended following the issuance of a decree that has prevented the Health Data Hub to transfer personal data to third countries.
While recent years have seen a proliferation of data protection laws across many jurisdictions, the majority of these are applicable only to data relating to an identifiable person.
The Center for Democracy & Technology ('CDT') released, on 26 August 2020, following a collaboration with the eHealth Initiative ('eHI'), a draft Proposed Consumer Privacy Framework for Health Data.1
Data has become even more relevant in the era of COVID-19 ('Coronavirus').
The World Health Organisation declared, on 11 March 2020, Coronavirus as a pandemic.
In California, among other recently passed bills that would amend the California Consumer Privacy Act of 2018 ('CCPA'), one bill stands out; Assembly Bill ('AB') 713 which would bring state requirements for de-identified health information in line with federal ones and create new obligations regarding contractual safeguards.
In this two-part Insight series, James Snell, Marina Gatto, Zachary Watterson, Nathan Duletzke and Kayla Lindgren, of Perkins Cole LLP, provide an overview of the evolution of consumer privacy legislation in 2020, including a recap of the bills that failed, and an overview of the privacy-related bills that remain pending.
In this two-part Insight series, James Snell, Marina Gatto, Zachary Watterson, Nathan Duletzke and Kayla Lindgren, of Perkins Coie LLP, provide an overview of the evolution of consumer privacy legislation in in the US in 2020, including a recap of the bills that failed, and an overview of the privacy-related bills that remain pending.
The California State Legislature ('the Legislature') passed, on 31 August 2020 and 1 September 2020, a series of bills that would amend the California Consumer Privacy Act of 2018 ('CCPA') and also create provisions on the use of genetic privacy information.
In response to the COVID-19 ('Coronavirus') pandemic, Argentina has issued a range of legal measures for the sharing of data in order to better tackle its spread, while the Argentinian data protection authority ('AAIP') has released guidance on how such activities must be carried out in accordance with national data protection legislation. Gusta
The Prime Minister of India, Narendra Modi, announced, on 15 August 2020, the launch of the National Digital Health Mission ('NDHM'), with the aim of leveraging the power of technology to create a healthier India.
Although the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') does provide for a degree of Member State discretion, a harmonised approach across the EU requires consistency in some aspects, which will be backed up by the doctrine of the primacy of EU law. Isabel Bairrão, Principal associate at J&A Garrigues, S.L.P., dis
COVID-19 - Return to Work
Key Takeaways: COVID-19 - Return to Work
HIPAA compliance and cybersecurity challenge
Key Takeaways: HIPAA compliance and cybersecurity challenges
COVID-19 privacy and supply chain issues
Key Takeaways: COVID-19 privacy and supply chain issues
Handling data subject rights under the GDPR
Key Takeaways: Handling data subject rights under the GDPR
COVID-19 European and U.S. cybersecurity issues
Key Takeaways: COVID-19 European and U.S. cybersecurity issues
COVID-19 privacy and employment issues
