The world has changed. Yet, while the COVID-19 outbreak has resulted in a Great Pause for onsite operations, it has not suspended the need for data privacy and security. In fact, it has heightened the necessity of basic and reasonable cybersecurity safeguards both because of the necessary transition to a remote work environment and because of the anticipated collection and tracking of sensitive COVID-19-related data once employees and consumers return onsite. These changes implicate a variety of laws, including employment and consumer laws.

Data privacy and security requirements also remain. For example, many organizations have contractual data security requirements with clients and business partners, some accompanied by substantial indemnity liabilities. As of March 21, the New York SHIELD ACT requires all organizations handling private information of New York residents to have a written and comprehensive data security program. As efforts to delay the legislation have been rejected, enforcement of the California Consumer Privacy Act (CCPA) begins in little over a month.