While we are all still dealing with the impact of the coronavirus, it’s important to look ahead at what comes next. As we return to the workplace, re-open businesses, and try to resume some sense of “normalcy,” our attorneys are working hard to provide important guidance for you and your business.
For commonly asked questions and responses, please see our FAQs section. For regular updates and analysis, visit our curated insights and events section. If you would like to discuss a specific issue with a member of our Coronavirus (COVID-19) Response Team, submit a contact form here.
As we move forward in this next phase, here are some things to consider:
It is important to establish best practices for employees to follow when using virtual meetings. A few examples include:
Consider at least three main laws when creating a back-to-work plan or policy: the new Families First Coronavirus Response Act (FFCRA), the Americans with Disabilities Act (ADA), and the Family Medical Leave Act (FMLA). See Bradley’s blog post “Getting Your Employees Back to Work After the Pandemic” for additional details about these laws.
The bad news is that there is no silver bullet. The good news, however, is that there are proactive steps that you can start taking right now to create thorough re-opening plans that also protect employee data and privacy.
On May 7, 2020, five United States senators introduced a bill aimed at protecting consumers whose data is used to track COVID-19. Sens. Wicker (R-Miss.), Thune (R-S.D.), Moran (R-Kan.), Blackburn (R-Tenn.), and Fischer (R-Neb.) introduced the COVID-19 Consumer Data Protection Act of 2020. The bill would impose data-privacy restrictions on companies using consumers’ data for tracking the spread of COVID-19, including for contact tracing.
Targeted at data being used to fight the pandemic, the bill covers geolocation, proximity, and health data being used for purposes related to COVID-19. Further, the bill is time limited: Its effect would end once Health and Human Services declares that the public health emergency has ended. You can read our full analysis of the bill here.
Additionally, two other United States senators have introduced a second bill aimed at protecting consumers whose data is used to track COVID-19. The bill to create the Public Health Emergency Privacy Act (PHEPA) will compete with the earlier bill mentioned above, which was introduced by Sen. Wicker (R-Miss.) and others.
This bill from Sens. Blumenthal (D-Conn.) and Warner (D-Va.) shares with the Wicker bill an emphasis on health, geolocation, and proximity data and requires affirmative express consent from consumers from whom such data is collected. But the Blumenthal bill expands the scope and enforcement of the protections. You can read our full analysis of this second bill here.
Some regulators have provided guidance, while others have not. For example, the Information Commissioner’s Office (ICO), the U.K.’s data protection authority (DPA), has stated that it will take into account “the compelling public interest in the current health emergency” and will take a “reasonable and pragmatic” approach to enforcing data protection obligations during the pandemic. Regulators such as the ICO recognize the unprecedented challenges faced by privacy professionals and data controllers during the pandemic and recognize the need to adapt to an uncertain environment.
Other regulators, such as the California attorney general, have remained largely silent on whether or not they will take into account the upheaval experienced by many businesses during the pandemic in considering compliance with or enforcement of the California Consumer Privacy Act (CCPA).
Yes. FERPA is a federal law that protects the privacy of student education records. The law applies to all educational agencies and institutions that receive funds under any program administered by the Secretary of Education. FERPA prohibits educational agencies (e.g., school districts) and institutions (i.e., schools) from disclosing personally identifiable information (PII) from students’ education record without the prior written consent of a parent or “eligible student,” unless an exception to FERPA’s general consent rule applies. For instance, pursuant to one such exception, the “health or safety emergency” exception, educational agencies and institutions may disclose to a public health agency PII from student education records without prior written consent in connection with an emergency if the public health agency’s knowledge of the information is necessary to protect the health or safety of students or other individuals.
The U.S. Department of Education published frequently asked questions addressing personal information disclosures during the COVID-19 pandemic. The department reiterates that parental consent for disclosure is still required in most cases but does address certain exceptions relating to health and safety emergencies, particularly where information is necessary to protect the health and safety of a student or other individuals. The guidance also includes a model consent form at the end of the document.