September 17, 2020
In the blink of an eye, the coronavirus forced many Virginia business owners to become e-commerce experts. From quickly developing a website and digitizing client data to holding company meetings online, some small businesses understandably failed to comply with mandatory state and federal data and health privacy laws. Commonwealth and federal authorities recognize that the immediate stay-at-home orders made it challenging to observe complex data security regulations. However, the potential for viral resurgence in Virginia and D.C. has led many small businesses to question whether they need to start investing in data protection software, develop computer use policies, or update their terms and conditions in light of COVID-19.
Legislators around the county recognize the need to modernize data privacy laws as businesses continue to move online. This process might include adopting more stringent consumer privacy protections or mandating increased data security measures. As the nation’s e-security policies rapidly evolve due to COVID-19, do not fall behind the regulatory curve. Schedule a business and data protection compliance consultation with the experienced Virginia and D.C. small business lawyers at McClanahan Powers, PLLC today. Call our Vienna office at 703-520-1326 or connect with our virtual team online.
Due to the coronavirus’ unprecedented spread, many businesses unwittingly disseminated their employee’s private health data in violation of specific federal and state provisions. While small business owners should expect courts to clarify and expound upon the emergency exceptions to these health information protections, the Health Insurance Portability and Accountability Act (HIPAA) contains stringent regulations protecting the private health data of persons diagnosed with or exposed to COVID-19. While not all businesses qualify as covered entities under HIPAA’s data privacy provisions, additional state and federal regulations generally protect the private health information of employees and consumers.
Employers should speak with an attorney about utilizing the national priority exceptions to HIPAA if necessary to protect the health and safety of employees or customers exposed to the coronavirus. Generally, this means only disclosing information essential to protect the well-being of workers or the public. Emails or other information revealing an employee’s diagnosis without permission may violate HIPAA and state data privacy regulations applicable to protected health information. Online questionnaires regarding customers’ exposure to the virus might also breach health data regulations if businesses improperly store or fail to protect this vital health data. A lawyer could help companies update their terms and conditions, employee handbooks, consents, and related employment contracts to address COVID-19 and related health privacy concerns.
If you’ve sent employees home with company computers, developed a digital ordering system, or filtered client data through unsecured email accounts, you may have violated numerous individual data privacy acts. Because opportunistic hackers and other online criminals foresaw unsecured at-home network connections and an inflow of electronic personal data due to the virus, states are quickly reviewing their data privacy policies. E-security legal professionals in Virginia anticipate business needing to update the following documents and policies in the wake of COVID-19:
An experienced Virginia and D.C. small business attorney might help employers develop or update the documentation necessary to comply with stringent national and international data protection and privacy laws. Dedicated data privacy lawyers also monitor the legal landscape for changing regulations and help their clients avoid unintentional e-security violations.
Some states require companies to secure the personal and biometric data of residents when an entity does business, even virtual business, in that state. Marketing products to California, for example, may trigger the state’s enhanced privacy laws. Expect states to begin rolling out data security regulations similar to those recently adopted by the European Union and California or updating these essential legislative schemes to address health privacy concerns and contact tracing scams.
Business owners must make diligent efforts to protect the personal and financial information of employees and clients from theft or misappropriation. These efforts generally include doing one or more of the following:
Companies must prepare for forthcoming legislative changes necessitated by the pandemic. A dedicated data security lawyer in Virginia may help small businesses update their e-security measures to comply with the nation’s most stringent data privacy regulations as they enter the e-commerce market or operate from a virtual office.
COVID–19 took the world by surprise, and the legal effects of the virus will impact the nation for years to come. Do not let forthcoming changes to data security laws take your business by surprise too. Schedule a data security compliance analysis with the dedicated Virginia and D.C. e-security lawyers at McClanahan Powers, PLLC. Call us at 703-520-1326 or connect with our virtual official online.