Protecting employee COVID-19 health data: What CISOs need to know

Most companies are tracking coronavirus-related health data of their employees, and this presents unique risks and security challenges for CISOs.

Businesses re-opening in the wake of COVID are faced with keeping track of who in the company is healthy, who is sick, and who needs to isolate. A new International Association of Privacy Professionals (IAPP) study shows that 60% of employers are keeping records of employees diagnosed with COVID-19.  

These new sensitive datasets come at a time when many established security controls are in a state of flux due to large-scale remote working. CISOs need to know the risks associated with these datasets and help decide what data to collect and how.

The CISO’s role in COVID data collection

Reporting efforts and the types of data collected vary from self-reported health questionnaires and contact tracing through mobile apps and wearables to infrared thermometers and thermal video mapping. This information might exist in isolation or might be collated and aggregated to provide a more complete picture of employee health.

Forrester Senior Analyst Enza Iannopollo recommends that businesses think carefully about how they leverage COVID-related data collection efforts. “If those efforts are just happening in isolation and there are no policies aligned [to] help organizations maintain a safe environment, it will be just a cost to the organization in terms of liability and detriment to trust of employees as they will feel surveilled.”

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.