COVID-19 Resources
For easy access to COVID-19 ('the Coronavirus') material from across the OneTrust DataGuidance platform, use the tabs above. You will find links to reports, webinars, and articles which highlight the key points you need to know in order to negotiate the practical and legal challenges brought about by the Coronavirus. Regulatory guidance, requirements for employers, and the latest updates on the Coronavirus’ impact on privacy laws from around the world have been compiled here to keep you informed as your organization takes its next steps.
OneTrust: The OneTrust platform comes equipped with custom assessments and reports to automate some of the challenges you’ll need to navigate to get your business running in a way that is safe, healthy, and with privacy in mind.
Vendorpedia: OneTrust Vendorpedia can help you understand and evaluate the impact of Coronavirus on your vendors and any new policies or procedures they’ve implemented in their own response to COVID-19.
Coronavirus Guidance Rolling Report (last updated on 8 April 2021): This Report collates the guidance, statements, legislative amendments, and similar released by supervisory authorities from around the world. The Report includes a comparison chart of guidance on major topics as well as a region by region, jurisdictional breakdown of authoritative information on privacy and the Coronavirus.
Oswego County Opportunities, Inc. ('OCO') notified, on 20 May 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 7,766 individuals.
The Icelandic data protection authority ('Persónuvernd') issued, on 11 May 2022, its decision to refuse an application by Amgen AB, an international pharmaceutical company to target social media users who have looked up pages related to migraines or liked migraine-related pages in connection with its study on a supplement for migraine medicine.
Schneck Medical Center notified, on 13 May 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 92,311 individuals.
The Icelandic data protection authority ('Persónuvernd') published, on 10 May 2022, its decision in Case No. 2020051610, as issued on 3 May 2022, in which it imposed a fine of ISK 1.5 million (approx.
The Joint Research Centre ('JRC') announced, on 20 May 2022, that it has launched a new pseudonymisation system, which will first be applied for the European Platform on Rare Disease Registration.
The Data State Inspectorate ('DVI') published, on 20 May 2022, a guide on data processing for research purposes.
The Electronic Privacy Information Center ('EPIC') and a coalition of 12 organisations led by the National Consumer Law Center sent, on 18 May 2022, a letter to the Federal Communications Commission ('FCC') urging it to restrict how the U.S.
Behavioural Health Partners of MetroWest LLC notified, on 12 May 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 11,288 individuals.
The Spanish data protection authority ('AEPD') published, on 9 May 2022, its decision in proceeding No.
The Spanish data protection authority ('AEPD') published, on 22 April 2022, its decision in Proceeding No.
The Spanish data protection authority ('AEPD') published, on 3 May 2022, its decision in Proceeding No.
The Health Sector Coordinating Council ('HSCC') published, on 13 May 2022, the Medtech Vulnerability Communications Toolkit. In particular, the toolkit provides specific tools to medical device manufacturers and software developers for creating cybersecurity vulnerability communications related to their products or services.
The Health Sector Coordinating Council's ('HSCC') Cybersecurity Working Group ('CWG') published, on 29 April 2022, the Operational Continuity - Cyber Incident Checklist.
Frank Eye Center, P.A. notified, on 29 April 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 26,333 individuals.
Arkfeld, Parson, and Goldstein, P.C., doing business as Ilumin, notified, on 29 April 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 14,984 individuals.
On 8 April 2022, the Kentucky Governor signed into law House Bill ('HB') 502 for the Genetic Information Privacy Act ('the Act'). In particular, the Act grants consumers greater control over their genetic materials by regulating the collection, use, and disclosure of genetic data, among others. The Act will go into effect on 1 June 2022.
The Personal Health Information Act, SNL 2008, c P-7.01 ('PHIA') was enacted in 2008 and proclaimed in 2011 with the purpose of establishing rules for the collection, use, and disclosure of personal health information ('PHI'); of providing individuals with rights, such as the right to access and to require correction or amendment of their PHI; o
Many jurisdictions are increasingly enacting laws and regulations governing how and where data must be stored either within their respective borders or abroad. What has resulted is a constantly evolving network of rules and restrictions for the location of data.
On 12 December 2019, the Turkish Institute of Health Data Research and Artificial Intelligence Applications ('the Institute') was established under the Presidency of Turkish Health Institutes, one of the institutions of the Ministry of Health.
The health sector is one where privacy is a central focus, directly impacting certain practices and procedures. Siaska SSS Lorenzo, Managing Partner at Arias Law, discusses this topic and its nuances.
On 8 March 2022, the Wyoming State Governor signed House Bill ('HB') 0086, thereby enacting the Wyoming Genetic Data Privacy Act ('the Act'). The Act will go into effect on 1 July 2022 and applies to any business that collects genetic data from individuals in the state of Wyoming.
Many jurisdictions are increasingly enacting laws and regulations governing how and where data must be stored either within their respective borders or abroad. What has resulted is a constantly evolving network of rules and restrictions for the location of data.
The processing of personal data relating to criminal convictions under Article 10 of the General Data Protection Regulation (Regulation (EU) 2016/679 ('GDPR') outlines that the processing of such data is subject to additional restrictions.
On 10 February 2022, the Spanish data protection authority ('AEPD') approved the Code of Conduct on the Processing of Personal Data for the Purposes of Clinical Trials, other Clinical Investigations and Pharmacovigilance ('the Code'), making it the first sectoral code of conduct to be approved following the entry into force of the General Data P
No longer a by-product of business operations, personal information has become a resource to be mined, processed, analysed, shared, and sold. In 2018, the adoption of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') sparked a worldwide legislative flurry.
Odia Kagan, Partner and Chair of GDPR Compliance & International Privacy at Fox Rothschild LLP, takes a look at the biggest developments in the USA during 2021, and looks ahead at what 2022 might bring.
Following the approval of the German Federal Parliament ('Bundestag') and the Federal Council ('Bundesrat'), the Infection Protection Act of 20 July 20001 ('IfSG') was amended, with the new rules coming into effect on 24 November 2021, and some additional regulations on 1 January 2022.
COVID-19 - Return to Work
Key Takeaways: COVID-19 - Return to Work
HIPAA compliance and cybersecurity challenge
Key Takeaways: HIPAA compliance and cybersecurity challenges
COVID-19 privacy and supply chain issues
Key Takeaways: COVID-19 privacy and supply chain issues
Handling data subject rights under the GDPR
Key Takeaways: Handling data subject rights under the GDPR
COVID-19 European and U.S. cybersecurity issues
Key Takeaways: COVID-19 European and U.S. cybersecurity issues
COVID-19 privacy and employment issues