Minimizing Data Risk During COVID-19
During our recent Virtual Summit on the Future of Compliance, we asked our attendees: What was their main compliance challenge?
50% of the responses covered two areas: Business Continuity after COVID-19 and disruption caused by COVID-19 and maintaining compliance. Both areas are affected by the tools that organizations use to manage and control day-to-day activities.
Maintaining compliance with data privacy regulations during this time is an ever-changing challenge. Consider the contact tracing requirements that have been deployed in the hospitality sector. On a recent personal trip to visit relatives, I was asked for my personal details and contact details in every restaurant and bar we visited.
I completely understand that this is being gathered to ensure public health. But the methods for gathering this data were prone to risk and difficult to manage, ranging from filling in a form on a website to writing on a sheet of paper. How is my data being held and used? Who has visibility into it? For how long will it be held, and how and when will it be deleted?
The COVID-era risks of electronic data management
Traditional business processes have been significantly affected and altered by the pandemic, leading to some rapid requirements to move to new methods of working and new processes to handle information. The move to electronic processing can help mitigate the disruption caused by COVID-19 but can cause issues for maintaining compliance. Where traditional procedures had clear controls on how data is handled and keeping documents in a physical format made it easier to restrict access, electronic handling increases the risk of data being mishandled or the possibility of a data privacy breach, particularly if data is now being passed through a process by email or is being held on remote workers’ home computers.
Automating processes using a workflow solution that has full capabilities for audit, notifications, and access controls means you have control over how data is being distributed as well as being able to enforce structure to the process. When you also consider the benefits of reducing email traffic and being able to better spread the workload across a team or department, the efficiencies become even more obvious.
Minimizing data handling risks during disruption
As offices begin to re-open, a new set of challenges arise and further consideration needs to be given to the data privacy of employees while ensuring that the workplace is kept safe. The ICO has released guidelines to organizations on how to minimize the security risk of systems being used remotely. Having clear policies and procedures in place allows remote staff to understand how systems should be accessed and how data should be controlled.
But it is not just client data privacy that needs to be considered. The ICO also gave advice on how to manage employee data on COVID-19 systems and testing. The key points are to apply the same tests as for other data privacy requirements:
- Do we need all the data we are collecting?
- How can we minimize the data being collected?
- Can we apply a retention policy to this information?
It is necessary to consider how this data will be gathered and how information for your employees will be managed and assessed. By ensuring you have a secure method for gathering the information and a defined policy for how it will be used and how it will be held, your employees can be sure their data is safe and those gathering and reviewing the data understand exactly how it should be handled.
Recent announcements say the pandemic may be prevalent for the next two years or so. Therefore, making sure day-to-day business processes are automated in the right way and ensuring data for both clients and employees is gathered and managed securely and safely is critical in the “new normal” we are facing.