Upgrade to a premium account to save this to your customizable Workspace
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
COVID-19 Resources
For easy access to COVID-19 ('the Coronavirus') material from across the OneTrust DataGuidance platform, use the tabs above. You will find links to reports, webinars, and articles which highlight the key points you need to know in order to negotiate the practical and legal challenges brought about by the Coronavirus. Regulatory guidance, requirements for employers, and the latest updates on the Coronavirus’ impact on privacy laws from around the world have been compiled here to keep you informed as your organization takes its next steps.
OneTrust: The OneTrust platform comes equipped with custom assessments and reports to automate some of the challenges you’ll need to navigate to get your business running in a way that is safe, healthy, and with privacy in mind.
Vendorpedia: OneTrust Vendorpedia can help you understand and evaluate the impact of Coronavirus on your vendors and any new policies or procedures they’ve implemented in their own response to COVID-19.
Coronavirus Guidance Rolling Report (last updated on 8 April 2021): This Report collates the guidance, statements, legislative amendments, and similar released by supervisory authorities from around the world. The Report includes a comparison chart of guidance on major topics as well as a region by region, jurisdictional breakdown of authoritative information on privacy and the Coronavirus.
The Office of the Privacy Commissioner of Canada ('OPC'), along with the Canada's other federal, provincial, and territorial information and privacy commissioners and ombudspersons announced, on 21 September 2022, a joint resolution on increasing effort across the healthcare sector to modernise and strengthen privacy protections for sharing pers
U.S. Senators Martin Heinrich and a group of U.S. Senators announced that, on 13 September 2022, they had sent a letter to the U.S. Department of Health and Human Services ('HHS') to take action to safeguard women's privacy and their ability to safely and confidentially get access to healthcare.
The European Data Protection Supervisor ('EDPS') announced, on 9 September 2022, that it had issued, on 7 September 2022, a favourable opinion on the European Commission's Proposal for a Regulation on standards of quality and safety for substances of human origin intended for human application and repealing Directives 2002/98/EC and 2004/23/EC.
Henderson & Walton Women's Center ('HWWC'), P.C. notified, on 23 August 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 34,306 individuals.
The Italian data protection authority ('Garante') announced, on 8 September 2022, that it had issued, on 22 August 2022, a negative opinion on the draft decree providing for the creation of the new database called Ecosistema Dati Sanitari ('EDS').
The Office of the Saskatchewan Information and Privacy Commissioner ('OIPC') published, on 7 September 2022, a blog post addressing the cross-border sharing of personal health information.
Michigan Governor Gretchen Whitmer sent, on 31 August 2022, a letter to the leaders of Apple Inc., Alphabet Inc., Amazon.com, Inc., Meta Platforms, Inc., and Microsoft Corporation asking them to bolster their efforts to protect personal data, in particular health data. In particular, the Governor highlighted that the letter asks those companies
Democratic leaders of the U.S. House Committee on Energy and Commerce wrote, on 31 August 2022, to Meta CEO Mark Zuckerberg seeking a statement on recent reports on Meta releasing users' sensitive data, including private communications related to abortion in state criminal proceedings.
The California Attorney General ('AG'), Rob Bonta, announced, on 31 August 2022, that they had sent letters to hospital CEOs across California requesting information about how healthcare facilities and other providers are identifying and addressing racial and ethnic disparities in commercial decision-making tools, which represent the first step
The United States Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') announced, on 23 August 2022, that it had reached a settlement, within the transaction number 01-21-425743, with New England Dermatology & Laser Center to pay the OCR $300,640 as well as undertake a Corrective Action Plan ('CAP') to settle a pot
The Belgian data protection authority ('Belgian DPA') issued, on 19 August 2022, Decision No.
The Hellenic Data Protection Authority ('HDPA') issued, on 3 August 2022, Decision No. 36/2022, in which it fined Private Polyclinic and Diagnostic Centre Pylis Axios I.A.E.
The Schleswig-Holstein data protection authority ('ULD') issued, on 23 August 2022, a press release concerning the e-prescription procedure for pharmacy-only medicines, introduced at federal level for all Germany.
The Hellenic Data Protection Authority ('HDPA') issued, on 8 August 2022, its Decision No. 41/2022, in which it fined IDIKA S.A.
Novant Health Inc. notified, on 14 August 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 1,362,296 individuals.
In 2013, after a period of nine years and 11 iterations of a data protection bill being mulled over by the government, South Africa's legislature passed the Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA').
The evolution of information technologies and the processing of large amounts of data, even more following the COVID-19 pandemic, has allowed the healthcare industry to develop multiple applications oriented to wellness and medicine on a global scale in the recent years.
On 29 May 2022, House Bill 866 for the Genetic Information Privacy Act was enacted without the Governor's signature. The Act applies to direct-to-consumer genetic testing companies that collect genetic information from residents of the State of Maryland and will go into effect on 1 October 2022.
The Mexican data and cybersecurity legal framework is composed of different codes, laws, regulations, decrees, national plans and strategies, programs, protocol recommendations, and protocols, which combined provide general guidelines and requirements with respect to data and cybersecurity in Mexico.
On 8 April 2022, the Kentucky Governor signed into law House Bill ('HB') 502 for the Genetic Information Privacy Act ('the Act'). In particular, the Act grants consumers greater control over their genetic materials by regulating the collection, use, and disclosure of genetic data, among others. The Act will go into effect on 1 June 2022.
The Personal Health Information Act, SNL 2008, c P-7.01 ('PHIA') was enacted in 2008 and proclaimed in 2011 with the purpose of establishing rules for the collection, use, and disclosure of personal health information ('PHI'); of providing individuals with rights, such as the right to access and to require correction or amendment of their PHI; o
Many jurisdictions are increasingly enacting laws and regulations governing how and where data must be stored either within their respective borders or abroad. What has resulted is a constantly evolving network of rules and restrictions for the location of data.
On 12 December 2019, the Turkish Institute of Health Data Research and Artificial Intelligence Applications ('the Institute') was established under the Presidency of Turkish Health Institutes, one of the institutions of the Ministry of Health.
The health sector is one where privacy is a central focus, directly impacting certain practices and procedures. Siaska SSS Lorenzo, Managing Partner at Arias Law, discusses this topic and its nuances.
On 8 March 2022, the Wyoming State Governor signed House Bill ('HB') 0086, thereby enacting the Wyoming Genetic Data Privacy Act ('the Act'). The Act will go into effect on 1 July 2022 and applies to any business that collects genetic data from individuals in the state of Wyoming.
Many jurisdictions are increasingly enacting laws and regulations governing how and where data must be stored either within their respective borders or abroad. What has resulted is a constantly evolving network of rules and restrictions for the location of data.
The processing of personal data relating to criminal convictions under Article 10 of the General Data Protection Regulation (Regulation (EU) 2016/679 ('GDPR') outlines that the processing of such data is subject to additional restrictions.
COVID-19 - Return to Work
Key Takeaways: COVID-19 - Return to Work
HIPAA compliance and cybersecurity challenge
Key Takeaways: HIPAA compliance and cybersecurity challenges
COVID-19 privacy and supply chain issues
Key Takeaways: COVID-19 privacy and supply chain issues
Handling data subject rights under the GDPR
Key Takeaways: Handling data subject rights under the GDPR
COVID-19 European and U.S. cybersecurity issues
Key Takeaways: COVID-19 European and U.S. cybersecurity issues
COVID-19 privacy and employment issues
