Somebody’s Watching Me…COVID-19 Raises Privacy Concerns

I always feel like somebody’s watchin’ me
And I have no privacy
I always feel like somebody’s watchin’ me
Is it just a dream?

(“Somebody’s Watching Me” song, Rockwell, 1984)

The lyrics from this infamous 1984 hit song created a paranoia at the time, that 35+ years later remains more relevant today than ever. In a prior Leech Tishman Client Alert, Big Brother Is Always Watching . . . And Listening? But, Did You Consent To That?  we discussed technological advances related to electronic monitoring (i.e., security cameras), which you may find useful. 

Privacy has played no greater role than now with a large portion of the workforce being required to work remotely. Serious considerations must be given to the software platforms a company uses to share sensitive information and conduct remote video meetings. Some platforms have come under serious scrutiny for improperly using and/or sharing private information unbeknownst to its users and offering scant controls to prohibit unauthorized access (i.e., unwelcome interruptions on popular video-conferencing platforms). These issues not only pose risks of business protection and interruption, but also potentially expose the company to data breach situations.

Naturally, a company’s data privacy and security program is only as strong as its weakest exposure point. Unfortunately, it is likely that in certain teleworking situations,  client and customer information is being shared across potentially unsecure mediums. Businesses should carefully consider their options when both choosing and then configuring their remote access solutions – particularly when personally identifiable and/or sensitive information is being shared and/or discussed.

Additionally, remote employees and contractors should be cognizant of how they process, manipulate, store and transmit sensitive client information from their home network. It is tempting to use home computers and networks to perform one’s job functions. However, the importance of using work assets such as a virtual private network (VPN) can’t be emphasized enough. Home computers and home networks likely do not share the same and stringent (and essential) security policies as your work computers and networks, and using home assets without those protocol protections and policies in place can contribute to increased data privacy and security risks for the employer. Employee and contractor training in these areas is critical to keep your business in compliance with data privacy laws and help prevent costly data breach events.

In today’s drastic shift to teleworking, virtual communications and exponential e-commerce transactions in the face of the COVID-19 pandemic, businesses that have experienced an uptick in activity in all of these areas  should review how data privacy laws such as the California Consumer Privacy Act (CCPA) and General Data Protection Regulation in the EU (GDPR) apply to them.  Take a look at a prior Leech Tishman Client Alert discussing the CCPA. Data privacy laws kick in after certain factors are met and shifts the burden to businesses altering their business practices to comply.

As businesses readjust to our new COVID-19 “normal,” organizations should take a close look at the  current protections they have in place, including, but not limited to, employer-employee policies, general insurance and cyberinsurance coverage, and corporate. This analysis will allow business owners to understand their current condition, identify any problems, and enable management to take appropriate actions to address potential issues with the goal to avoid and prevent future problems before they get worse. Take a look at a prior Leech Tishman Client Alert concerning the importance of corporate transparency

In this uncertain time, coupled with the ever-changing shelter at home order and re-openings, it remains critical to understand the impact privacy laws will have on all businesses. It is strongly recommended that all businesses, regardless of size, consult with knowledgeable counsel on these issues.  Leech Tishman attorneys are available to work with clients on analyzing and implementing a focused privacy plan to address potential issues.  

If you have any questions about this alert or conducting a legal audit, please contact James K. Paulick.

James K. Paulick is Counsel with Leech Tishman and Co-Chair of the Data Privacy & Cybersecurity Group. He is also a member of the Litigation Practice Group and the White Collar Criminal Defense & Government Investigations Group. Jim is based in the Pittsburgh office and can be reached at 412.261.1600 or jpaulick@leechtishman.com.

Leech Tishman’s Facebook Page: https://www.facebook.com/leechtishman 

Leech Tishman’s Twitter: https://twitter.com/leechtishman

Leech Tishman’s Company Page on LinkedIn: https://www.linkedin.com/company/leech-tishman

Leech Tishman Fuscaldo & Lampl is a full-service law firm dedicated to assisting individuals, businesses, and institutions. Leech Tishman offers legal services in alternative dispute resolution, aviation & aerospace, bankruptcy & creditors’ rights, construction, corporate, employee benefits, employment, energy, environmental, estates & trusts, family law, government relations, immigration, insurance coverage & corporate risk mitigation, intellectual property, international legal matters, litigation, real estate, and taxation. Headquartered in Pittsburgh, PA, Leech Tishman also has offices in Chicago, Los Angeles, New York, Sarasota and Wilmington, DE.