Shelter-in-place orders in response to the global COVID-19 outbreak have inspired businesses that rely on foot traffic and in-person meetings to find creative ways to offer their services virtually, in many cases for the first time. Educational programs were quick to move online, including early learning and children’s enrichment programs. Yoga studios and gyms are offering livestream classes and virtual personal training for home workouts. Brick-and-mortar retail businesses are making a quick transition to digital sales. Event space closures are inspiring livestream concerts and virtual fundraising events. Relaxed regulations have led to an increase in healthcare providers and counselors offering telehealth services.
Businesses that leverage technology to stay in operation are better able to remain connected with their customer base and maintain cash flow that would otherwise be lost during these challenging times. However, the same businesses will also face new concerns, including whether their new online operations pass muster in the face of quickly evolving privacy and data security legal requirements. A business pivoting toward digital operations will be better positioned for success by taking on certain key tasks:
- Revise customer agreements and service contracts to address the offering of goods or services online.
- Update the business website to include a current Privacy Notice and Terms of Use that address current privacy law requirements, protects the business’s online content, and informs customers of acceptable use guidelines for the website and virtual services.
- Check vendor agreements for compliance with applicable privacy laws and inclusion of appropriate data security requirements (e.g. HIPAA compliant vendors for healthcare providers).
- If your business offers goods, services or content of interest to children, ensure that online interactions with children comply with the federal Children’s Online Privacy Protection Act.
- Ensure that the business is processing payments in compliance with PCI DSS requirements.
- Work with a managed services provider or IT security consultant to ensure that current data security safeguards and information systems are sufficient for digital operations traffic.
- If your business employs or considers job applications from California residents, adopt an Employee Privacy Notice that complies with the California Consumer Privacy Act.
If your business is offering products or services online in response to COVID-19, consider getting a free Cyber Health Assessment to identify easy and budget-friendly ways to improve your privacy and data security readiness and mitigate risk associated with taking your business online.