Article written by:
Doug Davidson, CISA
Director of Information Technology Services
If your organization is obligated to meet government information security and privacy obligations, such as HIPAA or CCPA, or contractual obligations, such as PCI, it is wise to stay aware of the regulating authority’s stance on COVID-19’s impact to compliance.
Payment Card Industry
Payment Card Industry Security Standards Council recognizes the impact of changed working conditions on scheduled assessments and training, as well as the changes necessary to support remote work.
HIPAA
The US Department of Health and Human Services Office for Civil Rights clarifies a number of issues relating to HIPAA and COVID-19, including Enforcement Discretion for Telehealth and Disclosures of PHI to Law Enforcement, Paramedics, Other First Responders and Public Health Authorities.
CCPA
The International Alliance of Privacy Professionals (IAPP) announced on March 24, 2020, that the California AG will NOT delay on CCPA enforcement amid COVID-19.
GDPR
The IAPP has also rounded up COVID-19 guidance published by the various Data Privacy Authorities to date.
This is a partial list to be used as a jump site to those authorities that impact your firm. If you have specific questions regarding compliance issues given the change in the way your firm operates, feel free to contact GBQ IT Services Director of Information Technology Services Doug Davidson.
