In the evolving COVID-19 scenario in which business continuity also depends on adequate data protection and cybersecurity practices on the part of organizations, knowledge mapping of privacy & data protection guidance and cybersecurity best practices has taken on an even more important role. It’s for that very reason that, without the presumption of completeness, I am continuing to map official resources, from institutions to data protection authorities across the world, which provide guidance on the correct processing of personal data in the context of COVID-19 and Cybersecurity-related information on working remotely in the context of the pandemic.
Cybersecurity: Cybercrime and Information on working remotely in the context of the COVID-19 pandemic
Australian Signals Directorate – Australian Cybersecurity Centre, Cyber security is essential when preparing for COVID-19
Danish Center for Cybersecurity – Use of communication and collaboration platforms; Advice for IT security officers concerning remote access; Cybersecurity under COVID-19
European Commission, ENISA, CERT-EU and Europol – COVID-19 Joint Statement
EU Agency for Cybersecurity (ENISA) – Tips for cybersecurity when working from home
Europol –Safe Teleworking Tips and Advice; How criminals profit from the COVID-19 pandemic; Make your home a Cyber Safe Stronghold
France – Cybermalveillance.gouv.fr platform, IT security recommendations for teleworking in crisis situations; Commission Nationale de l’Informatique et des Libertés Employees in telework: what are the best practices to follow?; and CNIL’s advice on setting up telework
Irish Data Protection Commission – Protecting Personal Data When Working Remotely and Staying safe online during a pandemic; Data Protection Tips for Video-conferencing
Netherlands – Dutch Data Protection Authority, Decision aid for privacy in video calling apps; Working from home safely during the corona crisis
Office of the Australian Information Commissioner – Coronavirus (COVID-19): Understanding your privacy obligations to your staff
Portugal – Guidelines on monitoring of remote work
Sri Lanka – Sri Lanka Cybersecurity Emergency Response Team, Work From Home Security Considerations
Switzerland – Home Office: Securing Remote Access
UK Information Commissioner’s Office – Data security – a guide to the basics; Video conferencing: what to watch out for
UK National Cyber Security Centre (NCSC) –NCSC issues guidance as home working increases in response to COVID-19; Advisory: COVID-19 exploited by malicious cyber actors; Cyber experts step in as criminals seek to exploit Coronavirus fears
United States Cybersecurity and Infrastructure Security Agency – Defending Against COVID-19 Cyber Scams; Risk Management for Novel Coronavirus (COVID-19); Enterprise VPN Security Alert
United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre (NCSC) – COVID-19 Exploited by Malicious Cyber Actors
United States Federal Trade Commission – Seven Coronavirus scams targeting your business
Privacy and Data Protection: Processing of personal data in the context of COVID-19
Statements from the European Commission, Council of Europe, EDPS, EDPB and UN
Council of Europe – Joint Statement on the right to data protection in the context of the COVID-19 pandemic
European Commission – Coronavirus: Commission adopts Recommendation to support exit strategies through mobile data and apps; Coronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures; Coronavirus: Commission adopts Recommendation to support exit strategies through mobile data and apps; Recommendation on apps for contact tracing
European Data Protection Board – Statement of the EDPB Chair on the processing of personal data in the context of the COVID-19 outbreak; Statement on the processing of personal data in the context of the COVID-19 outbreak Adopted on 19 March 2020; Twentieth plenary session of the European Data Protection Board – scope of upcoming guidance on data processing in the fight against COVID-19; EDPB Letter concerning the European Commission’s draft Guidance on apps supporting the fight against the COVID-19 pandemic; Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak; Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak
European Data Protection Supervisor – Monitoring the speed of COVID-19, EDPS Comments to DG CONNECT of the European Commission on monitoring of COVID-19 spread; EU Digital Solidarity: a call for a pan-European approach against pandemic’ – Wojciech Wiewiórowski
European Parliament – Resolution of 17 April 2020 on EU coordinated action to combat the COVID-19 pandemic and its consequences (2020/2616(RSP))
Europol – How criminals profit from the COVID-19 Pandemic
United Nations Special Rapporteurs – COVID-19: States should not abuse emergency measures to suppress human rights
National Statements and Guidance
Abu Dhabi Global Market – Coronavirus (COVID-19) – Implications for Data Protection Frequently Asked Questions; ADGM launches support measures for registered businesses to counter the impact of COVID-19
Andorra – Data Protection Authority of Andorra, Recomanacions sobre tractaments de dades personals en el context actual de pandèmia; Sobre Tractament de fades en la crisi del Covid-19
Argentina – Agencia de Acceso a la Información Pública Tratamiento de datos personales ante el Coronavirus; Argentina Ministry of Health information on reporting framework
Australia – Office of the Australian Information Commissioner (OAIC), Coronavirus (COVID-19): Understanding your privacy obligations to your staff – Agencies; Coronavirus (COVID-19): Understanding your privacy obligations to your staff; Australian Cybersecurity Centre, Cyber security is essential when preparing for COVID-19; Western Australia Emergency Management Amendment (COVID-19 Response) Bill 2020
Austria – Austrian Data Protection Authority, Information on Coronavirus (Covid-19); Coronavirus FAQ; Data security and home office
Belgium – Data Protection Authority of Belgium, COVID-19 and processing of personal data at work
Bosnia and Herzegovina – Data Protection Authority of Bosnia and Herzegovina, Press release regarding the processing of personal data in the context of activities triggered by the Coronavirus pandemic
Bulgaria – Commission for Personal Data Protection, CPDP introduces anti-epidemic measures against the spread of COVID-19
Burkina Faso – National Commission for Informatics and Liberties, Message on Coronavirus Pandemic (COVID-19)
Canada – Office of the Privacy Commissioner of Canada, Announcement: Commissioner issues guidance on privacy and the COVID-19 outbreak; Guidance: Privacy and the COVID-19 outbreak, Office of the Information and Privacy Commissioner of Alberta Privacy in a Pandemic. Province of British Columbia, Ministerial Order No. M085 of the Minister of Citizens Services. Information and Privacy Commissioner of Saskatchewan, Statement from the Office of the Information and Privacy Commissioner of Saskatchewan on COVID-19. Information and Privacy Commissioner of Ontario, Impact of COVID-19. Commission d’accès à l’information du Québec, COVID-19: Protection of personal information and information security. Yukon Information and Privacy Commissioner, Actions being taken by Yukon Ombudsman, Information and Privacy Commissioner and Public Interest Disclosure Commissioner in response to COVID-19. Office of the Information and Privacy Commissioner of the Northwest Territories, Privacy in a Pandemic. Office of the Information and Privacy Commissioner of Newfoundland and Labrador, Don’t Blame Privacy – What To Do and How To Communicate in an Emergency. Manatoba Ombudsman Advisory for trustees about responding to individuals’ access requests under PHIA during the COVID-19 pandemic
Colombia – Superintendency of Industry and Commerce on the prohibition to collect biometric information (sensitive data) with a view to preventing the spread of COVID-19 through indirect contact; Personal Data and Coronavirus COVID 19: Collection and use of data in cases of medical or health emergency
Czech Republic – For the processing of personal data in the framework of measures against the spread of coronavirus; Office for Personal Data Protection comment on the extraordinary measure of the Ministry of Health in connection with the smart quarantine project
Denmark – Datatilsynet, How about GDPR and coronavirus? and
Corona virus and digital infection detection
Finland – Office of the Data Protection Ombudsman, Data protection and limiting the spread of coronavirus
France – Commission Nationale de l’Informatique et des Libertés, Coronavirus (Covid-19): les rappels de la CNIL sur la collecte de données personnelles; Recherches sur le COVID-19 : la CNIL se mobilise; Crise sanitaire: audition de Marie-Laure DENIS, Présidente de la CNIL, devant la commission des lois; Les relations avec la CNIL pendant l’état d’urgence sanitaire
Gibraltar – Gibraltar Regulatory Authority Data protection and Coronavirus: What you need to know
Georgia – Statement Of The State Inspector’s Service, Covid-19
Germany – Office of the Federal Commissioner for Data Protection and Freedom of Information, DSK provides information on data protection and Coronavirus and German Data Protection Supervisory Authorities joint information paper on data protection and the Coronavirus pandemic; Hamburg DPA Datenschutz in Zeiten von Covid-19
Hong Kong – Privacy Commissioner for Personal Data, The Use of Information on Social Media for Tracking Potential Carriers of COVID-19 and Privacy Commissioner Responds to Privacy Issues Arising from Mandatory Quarantine Measures and Provides Updates on Doxxing; Fight COVID-19 Pandemic Guidelines for Employers and Employees; PCPD Provides Guidelines on Children’s Privacy during the Pandemic
Iceland –Data Protection Authority, COVID-19 and privacy
Ireland – Irish Data Protection Commission, Data Protection and COVID-19; Covid 19 and Subject Access Requests
Indonesia – Indonesian Ministry of Communication and Information Technology, COVID-19 Tracing through app
Israel – Privacy Protection Authority, Privacy protection following the spread of the Corona virus: questions and answers for conduct; Q&A in the Corona Period
Italy – Garante per la protezione dei dati personali, Coronavirus: No do-it-yourself (DIY) data collection, says the Italian DPA, Italian state – Urgent provisions for the strengthening of the National Health Service in relation to the COVID-19 emergency and Italian state – March 14 Shared protocol for the regulation of measures for counteracting and containing the spread of the Covid-19 virus in workplaces; Informal hearing by videoconference of the Italian DPA on the use of new technologies and internet to combat the Coronavirus epidemiological emergency
Isle of Man – Information Commissioner, Coronavirus, Data Protection, and Freedom of Information
Jersey – Office of the Information Commissioner, Data Protection and Coronavirus
Lithuania – State Data Protection Inspectorate, Personal Data Protection and Coronavirus COVID-19
Mexico – Government of Mexico, Guide for workplaces in light of COVID-29. National Institute for Transparency, Access to Information and Personal Data Protection, Ante casos de COVID-19, INAI emite recomendaciones para tratamiento de datos personales, Suspende INAI eventos públicos, por recomendación de la SSA para evitar contagio de COVID-19, and Adoptará INAI como medida de prevención el trabajo a distancia ante COVID-19
Morocco – Moroccan Data Protection Authority, Délibération n°D-97-2020 du 26/03/2020 relative à la prolongation d’un moratoire sur la reconnaissance faciale; CNDP press release on COVID mobile application; CNDP at the disposal of the government to reinforce, in terms of privacy, its proactive policies
Netherlands – De Autoriteit Persoonsgegevens, AP gives organizations more time due to corona crisis; Access to medical files is only permitted with the patient’s consent; Using telecom data against corona is only possible with emergency law; AP: Corona apps only if privacy is guaranteed; Dutch Ministry of Health, Welfare and Sport, the National Attorney for Health, Welfare and Sport-Commissioned Summary privacy analysis contact research apps; Dutch Data Protection Authority, Corona in the workplace
New Zealand – Office of the Privacy Commissioner, Covid-19 and privacy FAQs, Privacy and Covid-19: Hospitality establishment guest registers; Privacy Commissioner briefed on Police contact and trace system for returning travellers; Access in the time of Covid-19
North Macedonia – Personal Data Protection Agency of the Republic of Northern Macedonia, Data Protection and Coronavirus
Norway – Datatilsynet, Corona and privacy; New tracking app to prevent coronavirus infections; Norwegian Institute of Public Health has launched the app to stop infection
Phillipines –National Privacy Commission, NPC PHE BULLETIN No. 3: Collect what is necessary. Disclose only to the proper authority
Portugal – Use of technologies to support distance learning; Use of video surveillance and alarm systems by private security entities; Guidelines on disclosure of information relating to Covid-19 infections; Guidelines on the collection of workers’ health data
Romania – National Supervisory Authority for Personal Data Processing, Processing of health status data
San Marino – Autorità Garante per la protezione dei dati personali, Public announcement on COVID-19 emergency
Singapore – Personal Data Protection Commission, Advisory on Collection of Personal Data for COVID-19 Contact Tracing
Slovakia – Office for Personal Data Protection of the Slovak Republic, Statement of the EDPB Chair on the processing of personal data in the context of the COVID-19 outbreak and Coronavirus and processing of personal data
South Africa – Information Regulator, Guidance Note on the processing of personal information of data subjects in the management and containment of COVID 19; COVID 19: The importance of the right of access to information and the right to privacy in the management and containment of the virus
Spain – Agencia Española de Protección de Datos, Report from the State Legal Service Department on Processing Activities Relating to the Obligation for Controllers from Private Companies and Public Administrations to Report on Workers Suffering from Covid-19, Covid-19 FAQs, La AEPD publica un informe sobre los tratamientos de datos en relación con el COVID-19, Campañas de phishing sobre el COVID-19; Comunicado de la AEPD sobre apps y webs de autoevaluación del Coronavirus; Catalan DPA Nota en relació amb els tractaments de dades personals relacionats amb les mesures per fer front al COVID-19
Sweden – Datainspektionen, Corona virus and personal data
Switzerland – Federal Data Protection and Information Commissioner, Data protection legal framework for the containment of the coronavirus
Turkey – Turkish Data Protection Authority KVKK, Public Announcement on COVID-19; Turkish DPA announcement in connection with the COVID-19, reminding of the general principles of the Turkish Data Protection Law and related FAQ
Ukraine – Ministry for Digital Transformation, We launched a digital coronavirus tool
United Kingdom – Information Commissioner’s Office (ICO), Data protection and coronavirus: statement for health and care practitioners; COVID-19: general data protection advice for data controllers; The power of data in a pandemic; Blog: Combatting COVID-19 through data: some considerations for privacy; How we will regulate during coronavirus; The ICO’s regulatory approach during the coronavirus public health emergency
United States of America – Federal Communications Commission, Declaratory Ruling on COVID; Department of Health and Human Services, HIPAA Privacy and Novel Coronavirus; Department of Health and Human Services, COVID-19 and HIPAA: Disclosures to law enforcement, paramedics, other first responders and public health authorities; California AG, Attorney General Becerra Reminds Consumers of their Data Privacy Rights During the COVID-19 Public Health Emergency
CONNECT