Technology & Privacy

As is the case with most new technologies or significant industry innovations, companies embracing and driving the disruptions often move very fast in a legal and political landscape that is always playing catch-up. This is very true for the fast-growing telemedicine and digital health industries. However, likely motivated by COVID-19, state governments are moving faster than they traditionally do to pass new regulations and to extend certain regulatory waivers.

COVID-19 required a shift in the delivery of medical care with the state and local lockdowns. During the pandemic, the United States Department of Health and Human Services (HHS) has issued guidance on various compliance waivers and enhanced flexibility. Governors across the country issued executive orders to help address the requirements of providing ongoing medical care while maintaining proper social distancing (e.g., New Mexico, Texas, etc.). The result was more people receiving medical care remotely. Similar to the realization by many that working from home was not only feasible but in some cases preferable, many also came to the conclusion that a trip to the doctors’ office was not necessary for the treatment of certain conditions.

Formally wading into the cybersecurity discussion for the first time, on April 14, 2021, the U.S. Department of Labor (DOL) posted on its website a suite of new guidance, including Tips for Hiring a Service Provider with Strong Cybersecurity Practices, Cybersecurity Program Best Practices, and Online Security Tips for Participants and Beneficiaries.

Although vaccine rollout began slowly in the United States, millions of people are now being vaccinated against COVID-19 per day. As individuals receive the vaccine, states have been collecting personal health data in individual immunization registries. Experts say this data collection is essential to effectively monitor vaccination progress, report adverse reactions, compare vaccine efficacy in cross sections of the population, and keep track of who needs second doses and when.

COVID-19, the California Consumer Privacy Act (CCPA) coming into force, and the invalidation of the EU-US Privacy Shield already made 2020 an especially active year for privacy and data security risks and obligations. Rounding out the year, December then brought discovery of the unprecedented Solarwinds cyberattack affecting government agencies, critical infrastructure entities and others.

Thus, looking ahead,

On January 21, 2021, President Biden designated Federal Trade Commission (the “FTC”) Commissioner Rebecca Kelly Slaughter as acting chair of the FTC. Soon thereafter in one of her first speeches in her new role, Chairwoman Slaughter announced two substantive areas of priority for the FTC – the COVID-19 pandemic and racial equity.

Ransomware is a Serious and Growing Problem

In recent years, Ransomware has evolved from merely encrypting files/disabling networks in solicitation of ransom, to sophisticated attacks that often involve actual data access, theft and sometimes, the threat of publication. These sophisticated malware attacks frequently destroy backups and provide criminals even more leverage over their victims, coercing them to pay ransoms.  Ransomware does not just target businesses – it is often used to attack hospitals, research institutions, and other public services that are especially critical during this global pandemic.

Before the onset of the COVID-19 pandemic, companies were already exploring the promise of blockchain to modernize certain aspects of their supply chains.  Traditional supply chains can be inefficient, data intensive and costly, often characterized by burdensome paperwork, conflicting records and delays resulting from manual reconciliation processes involving a series of transactions and document exchanges among multiple parties.  Blockchain offers potentially substantial benefits in this context, including the secure and auditable validation of transactions, automated documentation to support legal and customs compliance, improved quality control, enhanced end-to-end transparency (e.g., for verifying sustainability or ethical sourcing standards), and overall improvements in efficiency and cost-control. Indeed, ever since news reports in 2018-19 that Walmart had successfully tested a blockchain platform for food traceability and accountability to track mangoes and other products through the supply chain, entities have been looking in earnest at, and investing in, blockchain solutions targeting the supply chain. Indeed, Walmart has continued to invest and conduct trials of blockchain solutions, having recently announced in August the promising results of Walmart Canada’s use of blockchain technology to reduce inefficiencies and invoice disputes for freight and trucking payments.

Blockchain applications in the supply chain to date have largely been in the testing or pilot phase, however, due to the complex array of necessary considerations. As a preliminary step, companies seeking to leverage blockchain solutions need to assess blockchain’s potential applications and advantages, the practical aspects of transitioning away from legacy systems, and the legal and operational issues associated with the use of blockchains. Before going live, participants in a private blockchain must first understand and be satisfied with how the blockchain will be implemented and administered, including, for example, which parties will be responsible for maintaining the blockchain, which data will be stored “on-chain” or “off-chain” to achieve the desired functionality without compromising the confidentiality of certain proprietary data, and how cybersecurity and data origin integrity issues will be handled. In many situations, an overarching written legal agreement among the various participants is necessary to ensure clear and robust governance and to address key legal issues. Also, testing a blockchain solution in the supply chain context is necessarily a collaborative affair (e.g., it may involve assembling a consortium) because a working platform that delivers business value in a supply chain will require participation by the various players in the ecosystem. This can raise antitrust compliance considerations, requiring careful structuring.  Thus, while there was optimism in using blockchain to bring the supply chain into a new digital age before the pandemic, many organizations felt that implementation could wait.  However, the COVID-19 outbreak has spurred changes in that mindset.

State-by-State Real Time Updates on Employment and Privacy-Related Rules, Regulations, Orders and Guidance
As jurisdictions continue to respond to COVID-19 with new rules, regulations, orders and guidance, employers must ensure that they adhere to these requirements as they manage business operations.

To assist multi-state employers as they navigate these developments, we have created ProTrack COVID-19,

With more people working remotely than ever before in light of COVID-19, firms in the private equity and hedge fund space should review their Regulation S-P privacy and information-safeguarding policies to ensure they are compliant and ready for a prolonged period of remote work. In particular, in view of SEC guidance, firms should focus on several key areas including personal devices and personally identifiable information.