In recent weeks, we’ve seen multiple apps and other technologies quickly developed or deployed to address the COVID-19 pandemic. The following is a concise privacy checklist that COVID-19 tech developers can run through:
1. Create a transparent privacy notice that explains the types of data collected and used, including the reasons for such collection and use.
2. Develop your COVID-19 tool in a way that ensures its use is voluntary.
3. Limit your data uses to those disclosed in your privacy notice. Provide supplemental notices, as needed.
4. Minimize your COVID-19 tool’s collection and use of data to what is necessary to meet the disclosed reasons.
5. Confirm that your tool works and achieves the disclosed reasons.
6. Securely delete data that is not needed to achieve the disclosed reasons.
7. Engineer a safe and secure COVID-19 tool, incorporating Privacy by Design principles and state of of the art security controls.
8. Consult a privacy officer to assess your COVID-19 tool’s privacy.
9. Honor individual privacy rights inquiries and requests, as required by different jurisdictions.
10. Document your privacy efforts on your COVID-19 tool. Consider creating a privacy data sheet for your COVID-19 tool to proactively anticipate and answer privacy questions.