Recently I had the opportunity to conduct an online fireside chat with Federal Trade Commissioner Christine Wilson in conjunction with USTelecom President and CEO Jonathan Spalter on emerging digital privacy issues amidst the COVID-19 emergency. The basis of the conversation was a recent essay written by Commissioner Wilson about best practices regarding privacy as the country navigates new work, school and public health practices in response to the pandemic. In case you missed it, a recording of the discussion can be found here.
During the course of our conversation, Commissioner Wilson made a statement that we at Twilio wholeheartedly agree with: “The whole system depends on trust. If consumers don’t trust whether an app or a program is in their best interest, they’re not going to use it.”
Such a statement could not be more true, especially with regards to the various forms of communications being used by companies, organizations and government agencies to combat COVID-19. People need to trust the communications they’re getting, and privacy is the bedrock to that sense of trust.
Commissioner Wilson was right to point out that privacy does not need to be nor should it be at odds with the greater public good, especially in times of a pandemic.
If anything, COVID-19 shows that companies should follow the same basic principles and best practices to protect privacy whether a pandemic was happening or not.
Those best practices for companies as outlined by Commissioner Wilson include:
- Accountability for the collection, use and sharing of data for COVID-19 purposes, establishing clear metrics for when the collection of data will stop, and outlining a process for the destruction of that data
- Practice good data hygiene -- segregate data that is being used for COVID-19 purposes, and ensure that only employees with a justifiable reason have access to that data
- Make clear to consumers/users/customers that data is being collected, what data is being collected, and how it is being used
- Allow consumers to opt-in to data collection initiatives that are being used to combat COVID-19
- The use of artificial intelligence in a responsible way
Commissioner Wilson also pointed out how COVID-19 has underscored the need for a federal privacy law, which could have provided much-needed guidance to companies for handling person data, particularly with regards to:
- Data hygiene
- Data minimization
- Anonymization of data
- Deletion and de-identification of data
In the absence of a federal law, Commissioner Wilson pointed out in her essay that there are still numerous sources of information companies can tap for guidance on best practices for privacy, including:
- Resources on the FTC’s website, including Protecting Personal Information: A Guide for Business, Start with Security: A Guide for Business, and Stick with Security: A Business Blog Series
- The FTC’s blog on compliance with the Gramm-Leach-Bliley Act, which outlines data security best practices that can apply beyond just financial institutions
- The National Institute for Standards and Technology (NIST), which offers security and privacy resources, including a privacy framework to help organizations identify and manage privacy risks
- Private organizations such as the Center for Information Policy Leadership, the International Association of Privacy Professionals and the App Association
At the end of our conversation, Commissioner Wilson expressed her hope that COVID-19 will spur on Congressional efforts to pass a national privacy law. As a company, Twilio shares that hope. Now that we as a nation have come to understand that a pandemic is no longer a hypothetical scenario but a very real event that is impacting all of our lives every day, we must be prepared for it to happen again. Having a federal privacy law in place will enhance our efforts as a nation to prepare for and combat the next virus by providing companies, organizations and governments the head start they need to ensure privacy best practices and instill the most valuable commodity in times of a national crisis: Trust.
Karyn Smith is the general counsel and corporate secretary for Twilio. @karynsf