The State of Third-Party Insurance Verification – Research Report
September 15, 2020
While it’s important to prove to your employees that your company is protecting their privacy rights — especially if you’re collecting their personal health data to protect the entire company from exposure to COVID-19 — it’s equally as important to demonstrate compliance with data protection laws to state and federal regulators.
“Employers want to maintain their businesses [during the pandemic], but they can’t do that without their employees,” Jodi Daniels, a privacy law expert and practitioner, explained in a recent Q&A. “They need to think about their people first. Employees want to earn a paycheck, but they also want to make sure their data isn’t being misused.”
One way that companies can create a safe workplace and prove they’re protecting employees’ personal data is to conduct a privacy impact assessment (PIA) for any vendors they’ve contracted to assist with COVID-19 recovery efforts. This can include everything from contact tracing apps to daily health monitoring technologies to any other solution provider.
Privacy impact assessments analyze how an organization collects, uses, shares, and maintains individuals’ personally identifiable information (PII). The organization will use PIAs to review their own processes or processes of the vendors they work with. Then they will determine how these processes affect or compromise the privacy of individuals whose data it holds, collects, or processes.
Benefits of conducting a PIA, according to the International Association of Privacy Professionals, include that it:
In a recent report, PwC outlined some inherent privacy risks associated with common techniques to maintain a healthy, safe workplace environment. These include:
PwC also offered the following guidance for businesses to help mitigate the privacy impact of health passports, temperature checks, and contact tracing:
Many companies are not able to manage health monitoring and contact tracing initiatives themselves and are either evaluating or actively onboarding new technology solutions that can offer support in these areas.
Privacy experts believe in the importance of conducting PIAs before engaging any new vendors to ensure they live up to the companies’ privacy standards and won’t put the company at risk of a data breach or privacy violation. This is especially true for COVID-19 technology solutions that may have legitimate abilities to sidestep privacy regulations in the current environment.
As companies start implementing new technologies to help them quickly stabilize during the COVID-19 crisis, it’s easy for them to justify shrugging off the due diligence necessary to fully vet a solution for privacy bugs, but shortcuts are not recommended.
Conducting a PIA before hiring a technology solutions provider to support your return to work strategy is recommended and can be done both efficiently and cost-effectively. The primary reason to do this during a pandemic is that it can help companies avoid working with vendors that have only just begun working in this space, don’t practice good security hygiene, and/or are not adequately protecting personal health data.
While the urge to prioritize speed in the current environment is tempting, it’s more important to consider your companies’ future and evaluate vendors based on whether their data protection practices would result in breaches and privacy violations which can have long-lasting effects beyond the pandemic, leading to long-term financial strife and distrust among employees and customers.
For example, Evident’s software is a leader in incorporating privacy-by-design principles, such as minimum disclosure and consent, into its solutions. A good PIA methodology can help confirm a strong privacy and security posture as well as identify opportunities for further improvement.
Join us for a free webinar on Thursday, September 17, and learn more from co-presenters David Thomas, Evident Founder and CEO, and Hilary Wandall, TrustArc SVP of Privacy and General Counsel, about the current privacy regulation landscape, privacy best practices, and why protecting employees’ personal data is of utmost concern during a pandemic.