Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Reexamining data privacy and protection amid COVID-19

As proposed legislation unfolds, security and privacy professionals should prepare to face the implications of greater responsibility and risk when it comes to data privacy.

By Ed Holmes
data privacy
September 23, 2020

The COVID-19 pandemic has forced companies to restructure many areas of operation, including their approach to cybersecurity and data privacy. The spotlight has been placed on healthcare data and how it can and should be used to combat the spread of the virus. As security and privacy professionals, our attention is honed in on the debate surrounding contact tracing and the collection of COVID-19 health data because it will set a precedent for data collection and impact future privacy laws.

In response to the global pandemic, a group of senators introduced the COVID-19 Consumer Data Protection Act, which would regulate the collection and use of personal data amid the current coronavirus crisis. Now, months after it was introduced, the COVID-19 Consumer Data Protection Act doesn’t stand alone as a piece of privacy legislation—it was followed by the Public Health Emergency Privacy Act and the Exposure Notification Privacy Act. Although each aims to tackle the issue of data privacy in a slightly different way, all three mark an important shift in perspectives and have the potential to reshape the United States’ standard for how to handle and share data during a national health crisis. 

Below are four aspects that security and privacy professionals need to consider to ensure the balance of privacy and safety in data regulations.

 

  1. Recognize the Implications of Newly Introduced Privacy Legislation

The COVID-19 Consumer Data Protection Act kicked off a nationwide discussion around the significant privacy risks and repercussions of COVID-19 response technology (e.g. contact tracing apps). The proposed bill, along with other proposed privacy legislation, indicates the need for an in-depth awareness of how data is shared and protected. With that knowledge as a foundation, a standard model of data security can be established – one that holds organizations accountable for the highest level of data protection.

Currently, many organizations follow the National Institute of Standards and Technology (NIST) Privacy Framework, which helps organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. The Framework was modeled after the NIST Cybersecurity Framework to provide guidance on managing privacy risk among different roles, establishing and improving privacy programs, and strengthening organizational accountability. Whether the Framework is used in all or some of those ways, it is ultimately designed to be flexible and to complement existing business operations. It provides a clear example of best practices and guidelines when it comes to data privacy and should be referenced when building future privacy legislation.

 

  1. Understand Data Sharing Limits

The United States faces a significant challenge when it comes to protecting the data collected through contact tracing, one that the COVID-19 Consumer Data Protection Act aims to address. Gathering and sharing virus information – on age, comorbidity, location – is essential to effectively combat the virus. Without this information, tracking the spread of the virus and its effects is impossible. However, there are limits to what data needs to be shared and who should have access to it, especially when it comes to Personal Identifiable Information (PII).

Both manual or app-based contact tracing methods have their challenges. For manual contact tracing, it’s an issue of manpower. One report by John Hopkins states that an additional 100,000 employees would be needed to make manual contact tracing efforts effective across the United States. In short, it’s not the most practical solution.

When discussing app-based contact tracing, one must consider the individual’s agency over their own data. As outlined by the COVID-19 Data Protection Act, contact tracing technology requires voluntary participation. The effectiveness of contact tracing technology rests on this main point – if a critical mass of individuals don’t opt into these apps, they lose effectiveness. The key will be to find a balance between protecting a patient's health and maintaining their privacy—while also protecting the health of the larger population.

It’s important to note that when it comes to contact tracing technology, there is still a lot to be done in terms of putting security measures in place to prevent information from being mapped back to an individual. These include: anonymizing data upon collection, protecting individuals’ phones from access through contact tracing apps, and preventing the data (once collected) from being shared and used outside of its intended purpose.

 

  1. Invest in Adaptable Security Solutions

With today’s environment rapidly evolving, the privacy and security industry has the responsibility to adapt to meet the demands of data sharing in a timely, effective and secure manner.  A challenging aspect of privacy legislation is ensuring that the policies enacted during this pandemic don’t outlast their necessity or work against existing privacy laws. For example, the COVID-19 Consumer Data Protection Act restricts data usage to within the declared COVID-19 public health emergency time period.

Although proposed legislation has time frame limits, it’s crucial that the security solutions implemented now are set up to combat security risks past the pandemic. As previously discussed, future legislation needs to work hand-in-hand with guidelines like the NIST framework in order for organizations to successfully and completely protect individuals’ privacy.

 

  1. Prepare for Change

It’s easy to identify the benefits of healthcare data sharing for the purposes of handling a pandemic. The issue lies in balancing the benefits with potential detriments. The industry should prepare for the new challenges that contact tracing technology and its successors will present. If legislation like the COVID-19 Consumer Data Protection Act comes into effect, privacy and security professionals will need to educate themselves on the vulnerabilities of technologies introduced during the pandemic, as well as their responsibility to their customers in handling their data in the new environment.

The current circumstances of the pandemic demand a reaffirmation of the importance of data privacy, but also a rethinking of the ways we share data. Companies should evaluate their data storage methods and identify the ways their current structure may be affected by increased data sharing. By reassessing how, where, and what data is collected, companies can prepare for an uncertain future. Security and privacy professionals can also position their companies strategically by investing in security programs that address security needs as they evolve.

When it comes to proposed privacy legislation the stakes are high but the need is great and pressing. As a nation, we need to think carefully, and collectively arrive at a solution that strikes the important balance of protecting civil liberties and containing the spread of the virus.

KEYWORDS: cyber security data security privacy concerns privacy regulations

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ed holmes headshot crop

Ed Holmes, CEO of FairWarning, is a seasoned technology leader and has directed many companies in a variety of growth stages. The integral focus of his career has been on delivering value to customers and he is delighted to lead an executive team that shares that dedication. He is committed to building on FairWarning’s reputation as a privacy company delivering robust and innovative data protection and security solutions and expert services. Ed was previously the CEO of Peoplenet, a leading provider of cloud software for the staffing industry, until its acquisition by Bullhorn in 2017, at which time he became the SVP of Workforce & Revenue Cloud at Bullhorn. Ed has spent his career in software and technology applications that serve Fortune 500 companies, including roles as both CIO and CEO.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • coronavirus

    Senators to Introduce COVID-19 Consumer Data Protection Act

    See More
  • coronavirus

    Most Americans willing to forego personal data privacy to combat spread of COVID-19 and return to work faster

    See More
  • cyber_lock

    Companies need to enhance cybersecurity amid the continuation of COVID-19 in 2021

    See More

Related Products

See More Products
  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • Physical-Security-and-Envir.gif

    Physical Security and Environmental Protection

  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing