As the world rapidly becomes a more digital version of itself with each passing moment, the discussion of protecting the things we put online—as private citizens and as businesses or corporations—becomes more impactful than ever.
The past few years have provided us with an interesting twist on this conversation—what happens to our data privacy—and the policies we put in place—when something unexpected and world-altering occurs?
We’re talking, of course, about the COVID-19 pandemic and its impact on the conversation of data privacy.
This blog will dive into important information about data privacy, weave in the must-know updates to data privacy policies, elaborate on the COVID-19 data connection, and of course, help readers like you glean the importance of Data Privacy Day, hopefully making you more aware than ever of the benefits and challenges that a modern, data-driven world presents.
What is Data Privacy Day?
Data Privacy Day—sometimes referred to as Data Protection Day depending on where you are in the world—is an international event that falls on January 28th every year to create awareness about the importance of respective privacy and safeguarding digital data in an increasingly online world.
First celebrated in 2007, this day is part of a week-long campaign to empower individuals and businesses to take a good, hard look at data privacy and ask, “am I respecting privacy and safeguarding my data correctly?”
From a business perspective, Data Privacy Day acts as a yearly reminder that data privacy is an ever-changing, consistent effort that becomes more important with each passing year.
In effect, it should teach businesses that as the world around them changes, data privacy (and the tools that help protect your data) is always evolving and it’s crucial to implement better data privacy practices as threats to you and your business’ privacy evolve, too.
At Collibra, you can imagine data privacy is top of mind, on more than just one day a year.
Because this sort of privacy is so near and dear to us—and so important for everyone to understand and be aware of—we want to do our best to open the door to understanding data privacy, using this day as an access point to start the conversation.
This, we think, is especially relevant when it comes to new challenges we face as a society that we might not have necessarily predicted or planned for.
One of those challenges?
The COVID-19 pandemic.
Modern-day data privacy: How COVID-19 has modified data privacy perspectives
You might not immediately connect the dots between the pandemic and the importance of data privacy—at least, not at first.
That is until you dive into the conversation about COVID-19 tests.
When the COVID-19 pandemic first began to spread, the effect and impact couldn’t have been predicted. Over the last few years, that impact hasn’t necessarily diminished, rather, modified and adapted to affect a different part of our lives—our data protection.
How does this all link together?
As the pandemic developed, one of the key conversations that lit the fire under rapid test kits was the idea that these tests would help the world “return to normal.”
This concept—and the fact that cases of COVID continued to rise in the United States—led the U.S. government toward investing in half a billion COVID-19 rapid test kits and disseminating them across the country.
These tests were designed to help prevent the spread of COVID-19, help those infected or not be more aware of their status, and hopefully, provide a quick and easy way to save lives and slow down the pandemic.
But that’s not all these tests did.
Obviously, as the spread of these tests increased and more and more people used them, the sheer amount of data being collected amassed substantially.
With this dramatic increase, the question needs to be asked—how can we make sure that this testing data (PII data) is being used ethically and compliantly?
An article that was published in 2020 postulates a unique question about COVID-19 and our data privacy—one that, over the last few years, has seemingly proved to be valid.
What happens when technology is deployed in an effort to save lives and slow the spread, all while complicating individual and business anonymity, pulling their information into databases, and bringing them to public attention.
In other words, are privacy infringements—on a macro scale—playing out as a result of an attempt to track, slow, and stop a pandemic? Further, is the lifecycle of the data being provided muddled and unclear?
Around the world, data is being used in an effort to fight this spreading pandemic, but the importance of protecting data privacy—in the forms of mobile apps with facial recognition, rapid testing kits, fingerprint scanning requirements, drug delivery services, cell phone tracking tools, and beyond—can sometimes feel like it’s slipping away from the bigger conversation.
Regulating patient’s protection in a pandemic era
With all of this knowledge about the possibility of data misuse, it’s fair to wonder about what’s actually in place to protect this critical data you might have to provide for COVID-19 tests and other applications.
The answer is that it varies from country to country and, at this point, there are few COVID-19-specific policies in place.
Some data privacy laws—like the U.S. Health Insurance Portability and Accountability Act and the EU General Data Protection Regulation both outline sections that list exceptions to sharing personal data that could be applicable in the time of a pandemic..
However, at least according to the European Data Protection Board, that data must still be protected.
Currently, there’s no data protection law at the federal level in the United States, but the pandemic did prompt a group of Senate Republicans to introduce the COVID-19 Consumer Data Protection Act on May 7, 2020. The intention here is to protect “individual privacy, even during times of crisis.”
It’s fair to anticipate that regulations and policies are coming—especially as the need for rapid tests remains.
Discussing data privacy & what businesses need to know about changing data privacy regulations
Of course, with those changes comes compliance regulations that businesses need to not only be aware of but prepared for. This is a lesson learned several times over as technology drives our daily lives forward—with new intelligence comes new privacy rights requirements, and pandemic data is no different.
As such, you can expect new regulations that deal specifically with data privacy to surface in the coming months and years.
What can you do? Be prepared. Here are a few data privacy regulations—some already enacted, some on the horizon— we think your business should know more about.
California Privacy Rights Act (CPRA)
The CPRA is one of the upcoming privacy rights regulations that businesses will need to familiarize themselves with. It will be enacted on January 1, 2023, and will apply to personal information collected on or after January 1, 2022, effectively driving businesses to gain control of their data collection and processing.
Here are a few key facts about the CPRA:
- CPRA applies to businesses with over 100,000 consumers, with annual gross revenues of over $25 million, generating at least 50% of annual revenue from selling or sharing consumer personal information (PI)
- This act is also known as Proposition 24 and was approved on November 3, 2020
- The CPRA covers consumer privacy rights and related business obligations for the collection and sale of personal information
Data Privacy Day & you: The importance of setting up a data privacy framework for your business
We hope this blog—written in honor of Data Privacy Day—has shed a little light on why data protection and a focus on data privacy policies continue to be an important and evolving process. Further, we encourage you and your business to take a deeper look at your data privacy plans and policies to ensure that you’re focusing on protection and empowering your employees to do the same.
Data provides us with a beautiful picture that can enact meaningful change that transforms businesses and lives, but that data cannot function as a resounding positive force unless protective measures are taken to secure the privacy of individuals and businesses.
No matter how you choose to celebrate Data Privacy Day—an event at your company, a freewheeling conversation among employees, or a personal audit of how you plan to protect your data—we hope that you’re a bit more conscientious and a lot more informed than when you began reading this blog.