One year later: The Data Protection DOs and DON’Ts – COVID 19 Crisis

One year later: It has been more than a year since COVID-19 crisis, hundreds of thousands of people are still forced to working from home across the globe. This on-going period of COVID-19 (coronavirus) crisis still remains the worst time of year 2021 for both employees and employers. Since a large number of employees are still working from home sine last year therefore there are possibilities of data breaches on a large scale.

Below are a few useful tips on what to do – and more importantly, what not to do – to ensure data protection.

Tips for Data Protection for Organizations / Employers

DOs

• Organizations must have a legal way for processing employees’ personal data.
• Any data processing for the purposes of preventing the spread of COVID-19 must be carried out in a secure manner to avoid data breach.
• Organizations must provide individuals with information about the processing of their personal data.
• Organizations should document any decision-making process regarding measures implemented to manage COVID-19 that involve the processing of employees’ personal data.
• Recording of any health information must be justified and limited to what is necessary for an employer to implement health and safety measures. Therefore, only the minimum necessary amount of personal data should be processed to achieve the purpose of implementing measures to prevent or contain the spread of COVID-19.
• Employers are required by law to protect the health of their employees as well as to provide a safe place of work. During the COVID-19 situation, it would be considered acceptable for employers to ask employees and visitors to inform them if they have visited an affected area and/or are experiencing any COVID-19 symptoms.
• Public health authorities may require the disclosure of personal data in the public interest to protect against serious public health threats. Employers should follow the advice and directions of their public health authorities.

DON’Ts

• The identity of affected individuals must not be disclosed to their colleagues or any third parties without a clear justification.
• Employers may inform personnel that there has been a case, or suspected case, of COVID-19 in the organization, but they must not disclose the employee’s identity. However, public health authorities may require disclosure of this information in order to carry out their functions with regard to providing medical treatment and contact tracing.

Tips for Data Protection for Individuals / Employees

Enable multi-factor authentication wherever possible, adding another layer of security to any apps you use. Moreover, use a password manager to avoid risky behavior such as saving or sharing credentials.

Use a VPN and go private. Having a VPN solution, which sits on the PC, laptop, or mobile device and creates an encrypted network connection, should be encouraged. A VPN makes it safer for the workers to access IT resources within the organization and elsewhere on the internet.

Tighten up network access because without the right security, personal devices used to access work networks can leave businesses vulnerable to hackers. If information is leaked or breached through a personal device, the company will be deemed liable.

Communicate with colleagues using an encrypted messaging & calling service like Signal. Signal is a cross-platform encrypted messaging service developed by the Signal Foundation and Signal Messenger LLC. It uses the Internet to send one-to-one and group messages, which can include files, voice notes, images and videos. The app also supports group messaging.

Signal uses standard cellular telephone numbers as identifiers and uses end-to-end encryption to secure all communications to other Signal users. The apps include mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel.

Signal messages are encrypted with the Signal Protocol (formerly known as the TextSecure Protocol). It supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise double ratchet and multicast encryption.

In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.

Secure your communications with Signal. Download Signal Private Messenger now!

Stay Home, Stay Safe with Signal

#StaySafe #StaySecure #SignalMakesSafetyEasy