The Evolution of Data Privacy & Security Due to COVID-19: Complying with Businesses and Data Protection Laws

September 17, 2020


In the blink of an eye, the coronavirus forced many Virginia business owners to become e-commerce experts. From quickly developing a website and digitizing client data to holding company meetings online, some small businesses understandably failed to comply with mandatory state and federal data and health privacy laws. Commonwealth and federal authorities recognize that the immediate stay-at-home orders made it challenging to observe complex data security regulations. However, the potential for viral resurgence in Virginia and D.C. has led many small businesses to question whether they need to start investing in data protection software, develop computer use policies, or update their terms and conditions in light of COVID-19.

Legislators around the county recognize the need to modernize data privacy laws as businesses continue to move online. This process might include adopting more stringent consumer privacy protections or mandating increased data security measures. As the nation’s e-security policies rapidly evolve due to COVID-19, do not fall behind the regulatory curve. Schedule a business and data protection compliance consultation with the experienced Virginia and D.C. small business lawyers at McClanahan Powers, PLLC today. Call our Vienna office at 703-520-1326 or connect with our virtual team online.

HIPAA Regulations Applicable to Collecting and Sharing Employee Health Information

Due to the coronavirus’ unprecedented spread, many businesses unwittingly disseminated their employee’s private health data in violation of specific federal and state provisions. While small business owners should expect courts to clarify and expound upon the emergency exceptions to these health information protections, the Health Insurance Portability and Accountability Act (HIPAA) contains stringent regulations protecting the private health data of persons diagnosed with or exposed to COVID-19. While not all businesses qualify as covered entities under HIPAA’s data privacy provisions, additional state and federal regulations generally protect the private health information of employees and consumers.

Employers should speak with an attorney about utilizing the national priority exceptions to HIPAA if necessary to protect the health and safety of employees or customers exposed to the coronavirus. Generally, this means only disclosing information essential to protect the well-being of workers or the public. Emails or other information revealing an employee’s diagnosis without permission may violate HIPAA and state data privacy regulations applicable to protected health information. Online questionnaires regarding customers’ exposure to the virus might also breach health data regulations if businesses improperly store or fail to protect this vital health data. A lawyer could help companies update their terms and conditions, employee handbooks, consents, and related employment contracts to address COVID-19 and related health privacy concerns.

Updated Data Protection & Privacy Regulations Due to COVID-19

If you’ve sent employees home with company computers, developed a digital ordering system, or filtered client data through unsecured email accounts, you may have violated numerous individual data privacy acts. Because opportunistic hackers and other online criminals foresaw unsecured at-home network connections and an inflow of electronic personal data due to the virus, states are quickly reviewing their data privacy policies. E-security legal professionals in Virginia anticipate business needing to update the following documents and policies in the wake of COVID-19:

  • HIPAA – Companies not otherwise considered covered entities under HIPAA may find themselves required to abide by HIPAA privacy regulations regarding employee exposure to COVID-19 and dissemination of that information to public health authorities
  • Website Terms & Conditions – This legally binding contract between you and website users should contain private data and dissemination waivers related to the anticipated use of necessary personal information – including social security numbers, account numbers, and health verifications – designed to comply with the laws of the consumer’s state or country
  • Computer/Smartphone/Network Use Manuals – If employees utilize employer-supplied computers, you need a computer user manual to protect your business from liability. This policy should include instructions about securing network connections, running security software, locking computers in at-home offices, and instructions on saving and storing protected data
  • Employee Handbooks/Non-Disclosure Agreements – Similar to computer user manuals, small businesses transitioning to an at-home work environment should require employees to sign confidentiality agreements if meeting with clients online or accessing the consumer’s personal information

An experienced Virginia and D.C. small business attorney might help employers develop or update the documentation necessary to comply with stringent national and international data protection and privacy laws. Dedicated data privacy lawyers also monitor the legal landscape for changing regulations and help their clients avoid unintentional e-security violations.

Avoiding Liability for Data Security Breaches

Some states require companies to secure the personal and biometric data of residents when an entity does business, even virtual business, in that state. Marketing products to California, for example, may trigger the state’s enhanced privacy laws. Expect states to begin rolling out data security regulations similar to those recently adopted by the European Union and California or updating these essential legislative schemes to address health privacy concerns and contact tracing scams.

Business owners must make diligent efforts to protect the personal and financial information of employees and clients from theft or misappropriation. These efforts generally include doing one or more of the following:

  • Purchasing reliable encryption software
  • Ensuring appropriate data use waivers appear in the terms and conditions
  • Purchasing specialized data security software
  • Requiring user passwords, two-step verification, and protected network connections
  • Strategically avoiding collecting and storing data qualifying as personal identifying, health, or financial information

Companies must prepare for forthcoming legislative changes necessitated by the pandemic. A dedicated data security lawyer in Virginia may help small businesses update their e-security measures to comply with the nation’s most stringent data privacy regulations as they enter the e-commerce market or operate from a virtual office.

Planning for the Adoption of Enhanced Data Privacy & Security Laws Due to the Coronavirus

COVID–19 took the world by surprise, and the legal effects of the virus will impact the nation for years to come. Do not let forthcoming changes to data security laws take your business by surprise too. Schedule a data security compliance analysis with the dedicated Virginia and D.C. e-security lawyers at McClanahan Powers, PLLC. Call us at 703-520-1326 or connect with our virtual official online.