SECONDO AGGIORNAMENTO: Guida al trattamento dei dati personali e alla sicurezza informatica nel contesto della pandemia COVID-19

 

Nello scenario in evoluzione della pandemia COVID-19, la continuità operativa dipende anche da un’adeguata protezione dei dati e dall’implementazione di pratiche di sicurezza informatica da parte delle organizzazioni. In questo contesto la mappatura delle linee guida sulla privacy e la protezione dei dati e delle best practice di sicurezza informatica ha assunto un ruolo ancora più importante. Proprio per questo motivo, senza presunzione di completezza, ICTLC continua a mappare le risorse ufficiali, dalle istituzioni alle autorità di protezione dei dati di tutto il mondo, che forniscono una guida sul corretto trattamento dei dati personali durante l’emergenza COVID-19 e delle informazioni relative alla sicurezza informatica sul lavoro a distanza nel contesto della pandemia.

Una versione aggiornata dell’elenco è disponibile sul blog personale di Paolo Balboni.

 

Cybersecurity: informazioni su come lavorare da remoto nel contesto della pandemia COVID-19 

(in lingua originale)

Australian Signals Directorate – Australian Cybersecurity Centre, Cyber security is essential when preparing for COVID-19

Cameron – Cameroon Ministry of Finance, COVID-19 Threats to Organization Information Systems

Danish Center for Cybersecurity – Use of communication and collaboration platformsAdvice for IT security officers concerning remote accessCybersecurity under COVID-19Cyber-safe return to the workplaceThe Center for Cyber ​​Security and the Social Critical Sector discusses cyber security under COVID-19Guidance For employees: Points you should pay attention to when returning to the workplace.

European Commission, ENISA, CERT-EU and Europol – COVID-19 Joint Statement

EU Agency for Cybersecurity (ENISA) – Tips for cybersecurity when working from homeTips for selecting and using online communication toolsInfographic on Cyber secure eCommerce

Europol –Safe Teleworking Tips and Advice; How criminals profit from the COVID-19 pandemic; Make your home a Cyber Safe StrongholdBeyond the Pandemic: What will the criminal landscape look like after COVID-19?

France – Cybermalveillance.gouv.fr platform, IT security recommendations for teleworking in crisis situationsCommission Nationale de l’Informatique et des Libertés Employees in telework: what are the best practices to follow?; and CNIL’s advice on setting up teleworkPublication of the human resources management standardCOVID-19: CNIL’s advice on using videoconferencing tools

Hong Kong – Hong Kong Computer Emergency Response Team Coordination Centre, HKCERT proposes 10 measures to secure Zoom MeetingsSix Security Tips for Home OfficeAssessing the Security of Remote Access Services Guideline

Irish Data Protection Commission – Protecting Personal Data When Working Remotely and Staying safe online during a pandemicData Protection Tips for Video-conferencing

Italy – Watch out for ransomware: the program that takes your device hostage

Netherlands – Dutch Data Protection Authority, Decision aid for privacy in video calling appsWorking from home safely during the corona crisis

Office of the Australian Information Commissioner – Coronavirus (COVID-19): Understanding your privacy obligations to your staff

Portugal – Guidelines on monitoring of remote work

Spain – Recommendations to protect personal data in teleworking situations

Sri Lanka – Sri Lanka Cybersecurity Emergency Response Team, Work From Home Security Considerations

Switzerland – Home Office: Securing Remote AccessMeasures for the safe use of audio and video conferencing systems 

UK Information Commissioner’s Office  – Data security – a guide to the basicsVideo conferencing: what to watch out forHow do I work from home securely?Stay one step ahead of the scammers- 31 March 2020

UK National Cyber Security Centre (NCSC) –NCSC issues guidance as home working increases in response to COVID-19Advisory: COVID-19 exploited by malicious cyber actorsCyber experts step in as criminals seek to exploit Coronavirus fears

United States Cybersecurity and Infrastructure Security Agency – Defending Against COVID-19 Cyber ScamsRisk Management for Novel Coronavirus (COVID-19)Enterprise VPN Security Alert

United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre (NCSC) – COVID-19 Exploited by Malicious Cyber Actors

United States Federal Trade Commission – Seven Coronavirus scams targeting your businessVideo conferencing: 10 privacy tips for your business

Uzbekistan Cybersecurity Center – Infosec Recommendations for Remote Working in the Context of COVID-19

Zurich Data Protection Authority –  Rules for data protection in the home office

 

Privacy e protezione dei dati: trattamento dei dati personali nel contesto della pandemia COVID-19

 

Dichiarazioni della Commissione europea, del Consiglio d’Europa, dell’EDPS, dell’EDPB, dell’OECD e delle Nazioni Unite (in lingua originale)

Council of Europe – Joint Statement on the right to data protection in the context of the COVID-19 pandemicCOVID-19 tracing apps: side effects on personal data protection should be avoidedJoint Statement on Digital Contact Tracing by Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter, Data Protection Commissioner of the Council of Europe

European Commission – Coronavirus: Commission adopts Recommendation to support exit strategies through mobile data and appsCoronavirus: An EU approach for efficient contact tracing apps to support gradual lifting of confinement measures;  Coronavirus: Commission adopts Recommendation to support exit strategies through mobile data and appsRecommendation on apps for contact tracing 

European Data Protection Board – Statement of the EDPB Chair on the processing of personal data in the context of the COVID-19 outbreakStatement on the processing of personal data in the context of the COVID-19 outbreak Adopted on 19 March 2020Twentieth plenary session of the European Data Protection Board – scope of upcoming guidance on data processing in the fight against COVID-19EDPB Letter concerning the European Commission’s draft Guidance on apps supporting the fight against the COVID-19 pandemicGuidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak;  Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreakTwenty-fourth Plenary session: EDPB doubles down on COVID-19 guidance in newly adopted lettersEDPB response to Mrs Ďuriš Nicholsonová and Mr Jurzyca’s letter on common guidance in the fight against the COVID-19 pandemics – 24/04/2020EDPB response to the US Mission to the EU – 24/04/2020EDPB Response to the MEP Sophie in’t Veld’s letter on the use of apps in fight against coronavirus – 24/04/2020

European Data Protection Supervisor – Monitoring the speed of COVID-19, EDPS Comments to DG CONNECT of the European Commission on monitoring of COVID-19 spreadEU Digital Solidarity: a call for a pan-European approach against pandemic’ – Wojciech WiewiórowskiIntroductory remarks before the committee for European Affairs of the senate of the Republic of France – Wojciech WiewiórowskiCarrying the torch in times of darkness – Wojciech WiewiórowskiTechDispatch #1/2020: Contact Tracing with Mobile Applications

European Parliament – Resolution of 17 April 2020 on EU coordinated action to combat the COVID-19 pandemic and its consequences (2020/2616(RSP))

Europol – How criminals profit from the COVID-19 Pandemic

OECD – Tracking and tracing COVID: Protecting privacy and data while using apps and biometrics

United Nations Special Rapporteurs – COVID-19: States should not abuse emergency measures to suppress human rights

 

Dichiarazioni e linee guida nazionali (in lingua originale)

Abu Dhabi Global Market – Coronavirus (COVID-19) – Implications for Data Protection Frequently Asked QuestionsADGM launches support measures for registered businesses to counter the impact of COVID-19

Albania – IDP Guidelines on the protection of personal data in the context of the measures taken against COVID-19Guidelines for the Processing of Personal Data in Specific Sectors Within the Measures Against COVID-19

Andorra – Data Protection Authority of Andorra, Recomanacions sobre tractaments de dades personals en el context actual de pandèmiaSobre Tractament de fades en la crisi del Covid-19

Argentina – Agencia de Acceso a la Información Pública  Tratamiento de datos personales ante el CoronavirusArgentina Ministry of Health information on reporting framework 

Australia – Office of the Australian Information Commissioner (OAIC), Coronavirus (COVID-19): Understanding your privacy obligations to your staff – AgenciesCoronavirus (COVID-19): Understanding your privacy obligations to your staffAustralian Cybersecurity Centre, Cyber security is essential when preparing for COVID-19Western Australia Emergency Management Amendment (COVID-19 Response) Bill 2020

Austria – Austrian Data Protection Authority, Information on Coronavirus (Covid-19)Coronavirus FAQData security and home office 

Belgium – Data Protection Authority of Belgium, COVID-19 and processing of personal data at workCOVID-19 and the use of health appsBelgian Data Protection Authority, Opinion 34-2020 on a Preliminary Draft Royal Decree to Take Measures to Control the Spread of COVID-19 Using Digital Contact Screening ApplicationsCOVID-19 and processing of personal data in the workplace

Belarus – Operational and Analytical Center Under the President of the Republic of Belarus, Guidelines for Safe Remote Work

Bonaire, Sint Eustatius and Saba – Coronavirus COVID-19

Bosnia and Herzegovina – Data Protection Authority of Bosnia and Herzegovina, Press release regarding the processing of personal data in the context of activities triggered by the Coronavirus pandemic

Brazil – Brazilian Public Ministry of the Federal District and Territories, Follow Up Combating Actions and Prevention of COVID-19Federal Public Ministry of Brazil,  Joint Technical Note on Postponing LGPD Entry into Force Deadline due to the COVID-19 EpidemicPresident of Brazil, Provisional Measure No. 959 of 29 April 2020 postponing Law No. 13.709, of 14 August 2018, which establishes the General Law on Personal Data Protection – LGPD

Bulgaria – Commission for Personal Data Protection, CPDP introduces anti-epidemic measures against the spread of COVID-19

Burkina Faso – National Commission for Informatics and Liberties, Message on Coronavirus Pandemic (COVID-19)

Canada – Office of the Privacy Commissioner of Canada, Announcement: Commissioner issues guidance on privacy and the COVID-19 outbreakGuidance: Privacy and the COVID-19 outbreakOffice of the Information and Privacy Commissioner of Alberta Privacy in a PandemicProvince of British Columbia, Ministerial Order No. M085 of the Minister of Citizens ServicesInformation and Privacy Commissioner of Saskatchewan, Statement from the Office of the Information and Privacy Commissioner of Saskatchewan on COVID-19Information and Privacy Commissioner of Ontario, Impact of COVID-19Commission d’accès à l’information du Québec, COVID-19: Protection of personal information and information securityYukon Information and Privacy Commissioner, Actions being taken by Yukon Ombudsman, Information and Privacy Commissioner and Public Interest Disclosure Commissioner in response to COVID-19Office of the Information and Privacy Commissioner of the Northwest Territories, Privacy in a PandemicOffice of the Information and Privacy Commissioner of Newfoundland and Labrador, Don’t Blame Privacy – What To Do and How To Communicate in an EmergencyManatoba Ombudsman Advisory for trustees about responding to individuals’ access requests under PHIA during the COVID-19 pandemicOffice of the Privacy Commissioner of Canada, A Framework for the Government of Canada to Assess Privacy-Impactful Initiatives in Response to COVID-19Saskatchewan Office of the Information and Privacy Commissioner guidance for public bodies when transporting personal information and personal health information outside of the office

Cayman Islands – Cayman Islands Ombudsman, Ombudsman urges public to keep COVID-19 patient details private

China – Cyberspace Administration of China, Notice on protecting personal information and using big data to support joint prevention and control

Colombia – Superintendency of Industry and Commerce on the prohibition to collect biometric information (sensitive data) with a view to preventing the spread of COVID-19 through indirect contactPersonal Data and Coronavirus COVID 19: Collection and use of data in cases of medical or health emergency

Chile – Chilean Transparency Council, ¿Se puede revelar el nombre de una persona contagiada o de un eventual contagio?

Croatia – Croatian Data Protection Authority, Processing of personal health information in the context of a COVID-19 virus emergency

Cyprus – Data Protection Authority of Cyprus, Announcement of the Commissioner for the Protection of Personal Data regarding the measures taken for the management of the pandemic

Czech Republic – For the processing of personal data in the framework of measures against the spread of coronavirusOffice for Personal Data Protection comment on the extraordinary measure of the Ministry of Health in connection with the smart quarantine projectMeasurement of temperature at the workplace during a coronavirus pandemic

Denmark – Datatilsynet, How about GDPR and coronavirus? and
Corona virus and digital infection detection

Estonia – Data Protection Authority of Estonia, Can an employee be required to talk about everything about his or her health?

Finland – Office of the Data Protection Ombudsman, Data protection and limiting the spread of coronavirusFrequently asked questions about the coronavirus and privacy

France – Commission Nationale de l’Informatique et des Libertés, Coronavirus (Covid-19): les rappels de la CNIL sur la collecte de données personnelles; Recherches sur le COVID-19 : la CNIL se mobiliseCrise sanitaire: audition de Marie-Laure DENIS, Présidente de la CNIL, devant la commission des loisLes relations avec la CNIL pendant l’état d’urgence sanitairePublication of the CNIL opinion on the “StopCovid” mobile application projectCOVID-19: data processing associated with mask distribution operationsOrganization and operation of the health system in the context of COVID-19: publication of the CNIL opinion on a decreeCNIL’s opinion on the draft decree framing the information systems implemented for monitoring patients with COVID-19Coronavirus (COVID-19): les rappels de la CNIL sur la collecte de données personnelles par les employeursFrench Ministry of Labor, National Protocol for Exiting Confinement in the Context of COVID-19

Gibraltar – Gibraltar Regulatory Authority Data protection and Coronavirus: What you need to knowCOVID-19 Temperature Checks

Georgia – Statement Of The State Inspector’s Service, Covid-19

Germany – Office of the Federal Commissioner for Data Protection and Freedom of Information, DSK provides information on data protection and Coronavirus and German Data Protection Supervisory Authorities joint information paper on data protection and the Coronavirus pandemicHamburg DPA Datenschutz in Zeiten von Covid-19German Conference of Independent DPAs of Federal and State Governments, Data protection principles in the management of the Corona pandemic

Greece – Hellenic Data Protection Authority, Guidelines for personal data processing in the management of COVID-19

Hong Kong – Privacy Commissioner for Personal Data, The Use of Information on Social Media for Tracking Potential Carriers of COVID-19  and Privacy Commissioner Responds to Privacy Issues Arising from Mandatory Quarantine Measures and Provides Updates on DoxxingFight COVID-19 Pandemic Guidelines for Employers and EmployeesPCPD Provides Guidelines on Children’s Privacy during the Pandemic

Hungary – Hungarian National Authority for Data Protection and Freedom of Information, Information on processing data related to the Coronavirus epidemic;  Decree 179/2020 – Derogations From Certain Data Protection Provisions During an Emergency

Iceland –Data Protection Authority, COVID-19 and privacyInstructions on distance education in schoolsUse of technical solutions and social media to communicate with nursing home relatives

Ireland – Irish Data Protection Commission, Data Protection and COVID-19;Covid 19 and Subject Access Requests

Indonesia – Indonesian Ministry of Communication and Information Technology, COVID-19 Tracing through app 

Israel – Privacy Protection Authority, Privacy protection following the spread of the Corona virus: questions and answers for conductQ&A in the Corona Period

Italy – Garante per la protezione dei dati personali, Coronavirus: No do-it-yourself (DIY) data collection, says the Italian DPA, Italian state – Urgent provisions for the strengthening of the National Health Service in relation to the COVID-19 emergency and Italian state – March 14 Shared protocol for the regulation of measures for counteracting and containing the spread of the Covid-19 virus in workplacesItalian DPA Measure of 26 March 2020 – “Distance learning: first indications”. Informal hearing by videoconference of the Italian DPA on the use of new technologies and internet to combat the Coronavirus epidemiological emergencyEU Commission on apps for tracking, Statement by Antonello Soro, President of the Italian DPA; Italian state – 24 April 2020, Update to the Shared protocol for the regulation of measures for counteracting and containing the spread of the Covid-19 virus in workplacesPrime Ministerial Decree of 26 April 2020 (regulating Phase 2)Parere sulla proposta normativa per la previsione di una applicazione volta al tracciamento dei contagi da COVID-19 – 29 aprile 2020FAQ – Data processing in the context of the health emergencyItalian DPA on Covid-19, on-the-job serological tests. Employers may not directly perform diagnostic tests on employeesRaccolta delle principali disposizioni adottate in relazione allo stato di emergenza epidemiologica da Covid-19 aventi implicazioni in materia di protezione dei dati personali

Isle of Man – Information Commissioner, Coronavirus, Data Protection, and Freedom of InformationComplying with Subject Access Requests & other rights in the context of COVID-19

Japan – Personal Information Protection Commission, Handling of personal data for preventing the spread of Novel-Coronavirus (COVID-19) disease

Jersey – Office of the Information Commissioner, Data Protection and Coronavirus

Latvia – Data Protection Authority of Latvia, The DSI draws attention to the rights and obligations of individuals in the field of data protection in the context of health information

Liechtenstein – Datenschutzstelle Furstentum Liechtenstein, Data protection during the Corona crisis

Lithuania – State Data Protection Inspectorate, Personal Data Protection and Coronavirus COVID-19

Luxembourg – National Commission for Data Protection, Coronavirus (COVID-19): recommendations by the CNPD on the processing of personal data in the context of a health crisis

Mali – Mali Personal Data Protection Authority, Covid-19: les mises en garde de l’APDP sur la collecte de données personnelles et la protection de la vie privée des personnes

Malta – Office of Information and Data Protection Commissioner, Processing of personal data in the context of COVID-19

Mauritius – Data Protection Office of Mauritius, Data Protection for Health Data and Artificial Intelligence Solutions in the context of the COVID-19 pandemic

Mexico – Government of Mexico, Guide for workplaces in light of COVID-29.  National Institute for Transparency, Access to Information and Personal Data Protection, Ante casos de COVID-19, INAI emite recomendaciones para tratamiento de datos personalesSuspende INAI eventos públicos, por recomendación de la SSA para evitar contagio de COVID-19, and Adoptará INAI como medida de prevención el trabajo a distancia ante COVID-19

Moldova – Moldova Data Protection Authority, Processing of personal data in the context of the coronavirus pandemic (COVID-19) in the Republic of Moldova

Morocco – Moroccan Data Protection Authority, Délibération n°D-97-2020 du 26/03/2020 relative à la prolongation d’un moratoire sur la reconnaissance facialeCNDP press release on COVID mobile applicationCNDP at the disposal of the government to reinforce, in terms of privacy, its proactive policies 

Netherlands – De Autoriteit Persoonsgegevens, AP gives organizations more time due to corona crisisAccess to medical files is only permitted with the patient’s consentUsing telecom data against corona is only possible with emergency lawAP: Corona apps only if privacy is guaranteedDutch Ministry of Health, Welfare and Sport, the National Attorney for Health, Welfare and Sport-Commissioned Summary privacy analysis contact research apps; Dutch Data Protection Authority, Corona in the workplaceQuestions from employers & employees about temperatures during corona

New Zealand – Office of the Privacy Commissioner, Covid-19 and privacy FAQs, Privacy and Covid-19: Hospitality establishment guest registersPrivacy Commissioner briefed on Police contact and trace system for returning travellersAccess in the time of Covid-19Amendment to Telecommunications Information Privacy Code 2003 – Amendment No 7

North Macedonia – Personal Data Protection Agency of the Republic of Northern Macedonia, Data Protection and Coronavirus

Norway – Datatilsynet,  Corona and privacy; New tracking app to prevent coronavirus infectionsNorwegian Institute of Public Health has launched the app to stop infectionState Inspector’s Service, Recommendations on personal data protection in the course of fight against Covid-19 (Coronavirus)

Peru – Autoridad Nacional de Protección de Datos Personales del Peru, Divulgar datos personales de pacientes con coronavirus puede ser multado hasta con 215 mil soles; Peruvian Ministry of Justice, Measures to Guarantee Confidentiality of the Health Data of COVID-19 Patients; Advisory Opinion No. 32-2020-JUS-DGTAIPD – Processing of Health Data During the Pandemic in the Field of Labor

Phillipines –National Privacy Commission, NPC PHE BULLETIN No. 3: Collect what is necessary. Disclose only to the proper authority

Poland  – Personal Data Protection Office of Poland, Statement by the President of the Personal Data Protection Office on coronavirusChecking the temperature to prevent the spread of COVID-19

Portugal – Use of technologies to support distance learningUse of video surveillance and alarm systems by private security entitiesGuidelines on disclosure of information relating to Covid-19 infectionsGuidelines on the collection of workers’ health dataGuidelines on Collecting Student Health Data

Romania – National Supervisory Authority for Personal Data Processing, Processing of health status data

San Marino – Autorità Garante per la protezione dei dati personali, Public announcement on COVID-19 emergency

Senegal – COVID-19: CDP press release on digital tracing

Singapore – Personal Data Protection Commission, Advisory on Collection of Personal Data for COVID-19 Contact Tracing

Slovakia – Office for Personal Data Protection of the Slovak Republic, Statement of the EDPB Chair on the processing of personal data in the context of the COVID-19 outbreak and Coronavirus and processing of personal data

Slovenia – DPA of Slovenia, Tracking individuals who have COVID-19 via mobile phone applications

South Africa – Information Regulator, Guidance Note on the processing of personal information of data subjects in the management and containment of COVID 19COVID 19: The importance of the right of access to information and the right to privacy in the management and containment of the virus

Spain –  Agencia Española de Protección de Datos, Report from the State Legal Service Department on Processing Activities Relating to the Obligation for Controllers from Private Companies and Public Administrations to Report on Workers Suffering from Covid-19Covid-19 FAQs,  La AEPD publica un informe sobre los tratamientos de datos en relación con el COVID-19Campañas de phishing sobre el COVID-19;Comunicado de la AEPD sobre apps y webs de autoevaluación del CoronavirusCatalan DPA Nota en relació amb els tractaments de dades personals relacionats amb les mesures per fer front al COVID-19AEPD, The Use of Tehnologies in the fight against COVID-19: A Costs and Benefits AnalysisComunicado de la AEPD en relación con la toma de temperatura por parte de comercios, centros de trabajo y otros establecimientosAEPD, About the Coronavirus

Sweden – Datainspektionen, Corona virus and personal data

Switzerland – Federal Data Protection and Information Commissioner, Data protection legal framework for the containment of the coronavirus

Thailand – 18 April 2020 Emergency Decree on Electronic Media Conference B.E. 2563

Tunisia – Instance Nationale de Protection des Données Personnelles, Recommendations of the National Authority for the Protection of Personal Data Relating to the Protection of Personal Data in the Period of COVID-19

Turkey  – Turkish Data Protection Authority KVKK, Public Announcement on COVID-19Public announcement on What you should know about the processing of location data and tracking in the fight against COVID-19; Public Announcement on Distance Learning Platforms

Ukraine  Ministry for Digital Transformation, We launched a digital coronavirus toolUkraine Commissioner for Human Rights on messaging services and the diffusion of personal data of COVID-19 infected persons

United Kingdom –  Information Commissioner’s Office (ICO), Data protection and coronavirus: statement for health and care practitionersCOVID-19: general data protection advice for data controllersThe power of data in a pandemicBlog: Combatting COVID-19 through data: some considerations for privacyHow we will regulate during coronavirusThe ICO’s regulatory approach during the coronavirus public health emergencyWorkplace testing – guidance for employers

United States of America  – Federal Communications Commission, Declaratory Ruling on COVIDDepartment of Health and Human Services, HIPAA Privacy and Novel CoronavirusDepartment of Health and Human Services, COVID-19 and HIPAA: Disclosures to law enforcement, paramedics, other first responders and public health authoritiesCalifornia AG, Attorney General Becerra Reminds Consumers of their Data Privacy Rights During the COVID-19 Public Health EmergencyFinancial Crimes Enforcement Network, Further Information to Financial Institutions in Response to the Coronavirus Disease 2019 (COVID-19) PandemicWhat You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO LawsCMS Interoperability and Patient Access final rule; HHS Applicability of Administrative Procedure Act, Enforcement discretion; US Occupational Safety and Health Administration Enforcement Guidance for Recording Cases of Coronavirus Disease 2019 (COVID-19)Revised Enforcement Guidance for Recording Cases of Coronavirus Disease 2019 (COVID-19)Advisory on Medical Scams Related to the Coronavirus Disease 2019 (COVID-19)Interim U.S. Guidance for Risk Assessment and Work Restrictions for Healthcare Personnel with Potential Exposure to COVID-19

Uruguay  –  Recommendations for the processing of personal data in the event of a national health emergency