It is important to remember that privacy and information security laws and regulations vary across different countries, and it is critical to keep in mind the original provisions and goals of those regulations even in such uncertain times as these. Some regulatory provisions that may address changed circumstances, such as COVID-19 pandemics and its impacts, are: adjusting requirements to meet the newly evolving situation and the novel needs, and making sure laws do not interfere or stand in the way of deliberations in the public interest.
Over the last few weeks, regulators across Europe have been issuing guidance on how to balance protecting privacy rights and protecting public health. Statement of the European Data Protection Board (EDPB) Chair on the processing of personal data in the context of the COVID-19 outbreak and Information Commissioner's Office (ICO) are some of those important guidelines.
However, some of the broad requirements, which still very much apply and need to be kept in mind, include the need for confidentiality, data minimization, purpose limitation and data security. In particular, collecting and processing special categories of data (including health information) is subject to specific conditions and regulations.
As Webster University continues to adjust to the pandemic situation it remains firmly committed to vigilant data privacy and cyber security practices. Cybercrime is infamous for exploiting various crisis situations and COVID-19 crisis is now one of the main targets of hackers. Increased threats levels, and thinly spread resources, competing priorities and shifted attention will present itself as a challenge to businesses across the globe. Furthermore, given the increased use of social media and concerns which may arise, employees are more than ever likely to be susceptible to phishing attempts and other security related incidents during the crises. Having all of the above in mind, and with Webster University´s modified operations provisioning a plan for home office employees, each and every one of us is asked to be even more mindful of the increased risks. Employees also need to be vigilant regarding responsible behavior by following best practices when saving and sharing personal information of others, using the University's dedicated systems, following University official policies, protocols and recommendations.
Webster University has developed a set of guidelines, policies and resources available to all of its constituents. Employees are asked to consult those resources and contact relevant department and/or individuals in case of doubt or the need for further information.
Office of Privacy and Information Security Team remains at your disposal. Due to the geographically spread configuration of our team and different time zones, we are able to offer around the clock support to Webster University constituents.