COVID-19: Five Considerations for Organizations to Manage Privacy, Security and IT Issues

As organizations continue to navigate the effects of the COVID-19 pandemic and adopt work-from-home measures to accommodate the changing business environment, there are a number of privacy and technology concerns to consider.

The following is a short list of key questions and topics relating to privacy, data and systems security, and IT contracts and projects which may be relevant to your business during this time. We will continue to update this document with blogs and resources to assist you with mitigating the impacts of COVID-19 on your organization’s privacy, security and IT.

1. Privacy

Is your organization collecting additional information about individuals’ health, exposure/interactions with other individuals, and/or travel history in the context of COVID-19? If so, have you taken steps to ensure that your collection, use, disclosure and/or storage of such information is in compliance with applicable privacy laws and the guidelines issued by Canadian privacy commissioners with respect to privacy and the COVID-19 outbreak? Have you considered whether your privacy compliance program is generally up-to-date to address the types of personal information your organization collects about employees and customers? We have the experience and sample policies to answer these and other privacy questions.

Related Insight: COVID-19: Privacy Considerations for Your Organization

2. Remote Access

To the extent that employees are now working from home, does your organization have a Remote Work Policy to address issues such as protecting confidential/sensitive information and ensuring secure access to organizational systems? We have sample remote access policies that can be adapted to meet your unique situation.

Related Insight: Securing Your Organization’s Information During Work-from-Home Arrangements

3. Cybersecurity

Have you updated your privacy and security safeguards to address cybersecurity incidents centered around COVID-19, such as email campaigns designed to look like communications from official sources like the World Health Organization or government agencies, or attacks looking to take advantage of remote work arrangements and exploit the corresponding changes to money transfer protocols? Does your organization have an incident response plan in place that takes into account the current circumstances? We have sample alerts and incident response plans to help manage your cybersecurity risk during these uncertain times.

Related Insight: How COVID-19 can Infect your Organization’s Network

Related Insight: Text Message Scams Targeting Canadians Amidst COVID-19 Outbreak

4. IT Contracts and Projects – Customers

Do you want to understand your ability to delay the project or service and delay payments for existing IT Contracts or projects? Do you understand what your IT Vendors’ obligations are to provide service and maintain your systems during the pandemic? What are their obligations regarding disaster recovery or business continuity? What happens if you suffer an interruption in the operation of your business systems (including remote access) during the pandemic? We can review and provide practical advice on how to deal with disputes or issues with IT vendors.

Related Insight: Considerations for Customers in Managing IT Projects and Contracts During COVID-19

5. IT Contracts and Projects – Suppliers

Do you have concerns that you may not be able to perform all of your obligations for existing IT Contracts or projects? What is your exposure in the event that you default in the performance of any of your obligations? We have experience assisting information technology companies deal with these types of issues.

Please contact any member of our innovation, data and technology team for assistance.