Coping with new data generation, sensitive health data and a workfrom-home culture.
When faced with a pandemic on the scale of Covid-19, there was no ‘off-theshelf’ solution available for how businesses could cope with the challenges they would face.
Many countries are operating under national emergency rules so governments can bypass normal legal protections for collecting personal data. That protection lasts only as long as the emergency and companies, if they fail to identify and destroy data at the right time, are in danger of being left with it in their systems after that protection is gone.
Data collected by businesses of all kinds to remain Covid-19 compliant, such as track and trace, health screenings, temperature testing and travel history – are subject to the same kind of regulation as any personal information.
The trend for more employees to work from home also creates new data protection risks and could see companies lose control over data privacy if not addressed quickly through training and planning. The global pandemic has increased the amount and type of personal information being collected by companies, leaving them open to breaches in the future.
THE NEW DATA OF PANDEMICS
For larger companies and corporations which already have robust information management systems, this is the data that is new and most liable to cause problems. For smaller business, the situation is even tougher. They may not have a privacy or retention policy in place for the kind of personal and health data suddenly arriving in the business.
Here are the types of personal data to be aware of:
Data Collected On Entry To Premises:
Businesses usually collect the name of visitors to the office, but now almost everyone is having to do the same. Visitors are also asked a wider range of questions. This is data that organisations have never collected before – and many companies don’t know how to handle it.
Data Collected From Employees:
It would not be unusual for employees to be asked Covid-19-related health questions. However, these questions result in highly sensitive data being recorded – and that’s risky. Storing it alongside routine data collected by HR and failing to treat it differently could lead to problems.
Track And Trace Information:
We don’t know how much information the authorities in different countries keep or where they store it. Companies need guidance because they don’t know how long to keep track and trace data or whether it is legal to ask for information that goes beyond a ‘yes or no’ tick list.
Physical Data:
Some businesses have opted to collect data on paper. It is easy for companies to forget that data protection regulations, such as GDPR, also apply to physical data on paper.
Cashless Payments:
Many businesses already have systems set up for cashless payments but for others they are offering cashless payments for the first time, creating sensitive financial data they haven’t had to handle before.
Online Communications Data:
With business moving online, companies are collecting an increased volume of communications data – for instance through chatbots or tools such as Zoom. This data should already be caught in the document management routine.
WFH Data:
The trend of working from home is here to stay, even post-Covid. This is a challenge as sensitive data can exist outside of the system, on personal computers, printouts or apps.
SOLUTIONS
Companies must start thinking now about the new data they have, if it was collected legally, who is responsible for it and how long to keep it. When the global emergency subsides, the issue of the safety and security of personal data will re-emerge.
Crown Records Management Vietnam helps to structure and manage your data, giving you a clearer picture of your world. We will lead you to develop excellent standards for data governance, mitigating risks and improving compliance. [C]
Email us at sales.vn@crownrms.com for more information.
