COVID-19: Privacy and security in the next normal


COVID-19: Privacy and security in the next normal

COVID-19 introduces new security and privacy challenges

Managing the delicate balance between public health and personal privacy in the next normal.

The COVID-19 pandemic has caused countries worldwide to re-examine data privacy and compliance. Fundamentally, in light of regulatory pressures, it comes down to an ethical question that has been debated since the times of Socrates and Plato: at what point are the rights of the individual overridden by the needs of public safety and economic wellbeing? The answers to this question will vary widely based on country-specific regulations and cultural norms, as well as the state of COVID-19 infections in each region, and will be a defining undercurrent as the global economy re-emerges into a “next normal.”

As many organisations and governments work to develop track-and-trace apps to enable society to get back to normal, security considerations as well as data privacy regulations should be integrated across the development of these innovative screening capabilities.

While it is tempting to prioritise health above all else during a pandemic, data privacy laws still need to be followed. This can be challenging in a time when personal protected health information (PHI) and special categories of data are being shared at an unprecedented level. Globally, employers will need to adopt a new set of practices that balances promoting employee health and enabling the business to operate at a reasonable level. It has never been more important for public and private organisations to fully understand how privacy laws apply to their operations, so they can safely operate in the next normal.

COVID-19: Privacy and security in the next normal

Data Privacy in the Next Normal

In building a holistic approach to meeting privacy and security requirements around COVID-19 health considerations, organisations should build a holistic, ethical and sustainable approach to privacy and security for COVID-19 health considerations. Key factors to enhance efficiency and effectiveness include:

  • Cross-functional executive support. Privacy and security is a cross-functional issue that requires strong executive support and involvement across areas such as business, IT, HR, and legal.
  • Risk-based approach. Focusing on business risk (as opposed to merely compliance) and identifying and prioritising high-risk items can increase the value the privacy and security solutions can deliver.
  • Data lifecycle. Before you can understand how to implement reasonable controls, you first need to understand where the sensitive data is and how it is used, from collection through destruction.

“We’re all in this together” may already be a “pandemic cliché,” but it is particularly fitting for this situation – governments, private sector organisations, and the general public all need to work as a united front and build an international mechanism to protection people not merely from the last threat, but from the coming ones. This article provides the thoughtful considerations around data privacy in the COVID-era for organisations to leverage as they recover and thrive in the next normal.

Published: June 2020

  • Contact us
  • Submit RFP
  • Our solutions

    Progress your business growth and development

    Take a look at the products and services we offer.

    Cyber Risk Services

    With human insight, technological innovation, and comprehensive solutions, Deloitte is helping clients build smarter, faster, more connected futures.

    Cyber Strategy

    Deloitte's cyber strategy services support the transition to an executive-led cyber risk program that balances requirements to be secure, vigilant, and resilient in line with the strategic objectives and risk appetite of the organisation.

    Risk Advisory

    Deloitte can help you increase your ability to foresee and act on emerging risks with an intelligent risk strategy encompassing operational, regulatory, cyber financial and reputational risk. 

  • Our latest reports and thought leadership
Did you find this useful?